Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Troj/Ezio-I


  • This topic is locked This topic is locked
2 replies to this topic

#1 dohaver

dohaver

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 29 April 2009 - 02:21 PM

Hello, this is my first time posting, so I hope I've fullfilled all the required procedures. Please forgive me if I miss something. I got a virus prior to this one, which crashed my operating system, in safemode, I was unable to do anything, only task manager would run, however windows explorer of course was destroyed. I reformatted, reinstalled XP HOME over the existing petition, windows updates, sp2, etc. Installed Avast home, spybot s&d, spyware blaster, and ran ShieldsUp! via www.grc.com, to make sure my router was stealth and the pc came back stealth, no vulnerable ports. Today, when I got to my desktop, Avast popped up with a green alert stating check out information related to new virus infections to i-frame. I clicked on the link and IE froze, nvr opened. I could tell right away something was wrong. I ran hijack this, but couldn't find anything suspicious. Then ran sysinternals autoruns and came up a log scan with: c:\windows\system\ieudinit.exe. I used bleepingcomputer startup search, and results where a Troj/Ezio-I (Trojan). I'm sure there could be other issues, and instead of diving in here myself, I decided to request for help.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/26/2009 12:24:21 PM
System Uptime: 4/29/2009 1:22:00 PM (2 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6721
Processor: Intel® Pentium® 4 CPU 1.70GHz | Socket 478 | 1699/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 30.1 GiB free.
D: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_1039&DEV_6325&SUBSYS_72181462&REV_00\4&3525EC23&0&0008
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_1039&DEV_6325&SUBSYS_72181462&REV_00\4&3525EC23&0&0008
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_17FE&DEV_2120&SUBSYS_00201737&REV_00\3&61AAA01&0&30
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_17FE&DEV_2120&SUBSYS_00201737&REV_00\3&61AAA01&0&30
Service:

==== System Restore Points ===================

RP1: 4/26/2009 12:34:44 PM - System Checkpoint
RP2: 4/28/2009 1:39:04 PM - Software Distribution Service 3.0
RP3: 4/28/2009 1:39:10 PM - Installed Windows XP KB842773.
RP4: 4/28/2009 1:39:45 PM - Installed Windows Installer KB893803v2.
RP5: 4/28/2009 1:39:58 PM - Installed Windows XP KB892130.
RP6: 4/28/2009 1:40:04 PM - Installed Windows XP KB898461.
RP7: 4/28/2009 2:07:30 PM - Installed Windows XP Service Pack 2.
RP8: 4/28/2009 3:30:45 PM - Software Distribution Service 3.0
RP9: 4/28/2009 11:06:27 PM - Software Distribution Service 3.0
RP10: 4/28/2009 11:08:35 PM - Installed Windows XP KB915865.
RP11: 4/28/2009 11:09:08 PM - Installed Windows NLSDownlevelMapping.
RP12: 4/28/2009 11:09:38 PM - Installed Windows IDNMitigationAPIs.
RP13: 4/28/2009 11:11:14 PM - Installed Windows Internet Explorer 7.
RP14: 4/28/2009 11:12:23 PM - Software Distribution Service 3.0
RP15: 4/28/2009 11:22:15 PM - Installed Realtek AC'97 Audio
RP16: 4/29/2009 12:04:37 AM - Installed Java™ 6 Update 7
RP17: 4/29/2009 12:05:39 AM - Installed OpenOffice.org 3.0
RP18: 4/29/2009 12:16:15 AM - Installed Adobe Reader 9.1.
RP19: 4/29/2009 12:45:39 AM - Installed WinZip 12.0

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
AIM 6
avast! Antivirus
CCleaner (remove only)
DriverAgent by eSupport.com
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Java™ 6 Update 7
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
OpenOffice.org 3.0
Realtek AC'97 Audio
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
SiS VGA Utilities
Spybot - Search & Destroy
SpywareBlaster 4.1
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinZip 12.0

==== Event Viewer Messages From Past Week ========

4/28/2009 2:22:58 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0010DCD6272C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
4/28/2009 10:46:24 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
4/26/2009 12:54:39 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/26/2009 12:49:13 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/26/2009 12:23:11 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
4/26/2009 1:49:14 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 000000000000 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

My autoruns scan: HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
+ rdpclip RDP Clip Monitor Microsoft Corporation c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
+ C:\WINDOWS\system32\userinit.exe Userinit Logon Application Microsoft Corporation c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
+ Explorer.exe Windows Explorer Microsoft Corporation c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ Adobe Reader Speed Launcher Adobe Acrobat SpeedLauncher Adobe Systems Incorporated c:\program files\adobe\reader 9.0\reader\reader_sl.exe
+ avast! avast! service GUI component ALWIL Software c:\program files\alwil software\avast4\ashdisp.exe
+ Google Quick Search Box Quick Search Box Google Inc. c:\program files\google\quick search box\googlequicksearchbox.exe
+ SiSPower Dynamic link library for setting Power Scheme Silicon Integrated Systems Corporation c:\windows\system32\sispower.dll
+ SoundMan Realtek Sound Manager Realtek Semiconductor Corp. c:\windows\soundman.exe
+ SunJavaUpdateSched Java™ Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre1.6.0_07\bin\jusched.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ ctfmon.exe CTF Loader Microsoft Corporation c:\windows\system32\ctfmon.exe
+ swg GoogleToolbarNotifier Google Inc. c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
HKLM\SOFTWARE\Classes\Protocols\Filter
+ Class Install Handler OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ deflate OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ gzip OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ lzdhtml OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ text/webviewhtml Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ x-sdch Fast Search Google Inc. c:\program files\google\google toolbar\component\fastsearch_a8904fb862bd9564.dll
HKLM\SOFTWARE\Classes\Protocols\Handler
+ about Microsoft ® HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll
+ cdl OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ dvd ActiveX control for streaming video Microsoft Corporation c:\windows\system32\msvidctl.dll
+ file OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ ftp OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ gopher OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ http OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ https OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ its Microsoft® InfoTech Storage System Library Microsoft Corporation c:\windows\system32\itss.dll
+ javascript Microsoft ® HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll
+ local OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ mailto Microsoft ® HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll
+ mhtml Microsoft Internet Messaging API Microsoft Corporation c:\windows\system32\inetcomm.dll
+ mk OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ ms-its Microsoft® InfoTech Storage System Library Microsoft Corporation c:\windows\system32\itss.dll
+ res Microsoft ® HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll
+ sysimage Microsoft ® HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll
+ tv ActiveX control for streaming video Microsoft Corporation c:\windows\system32\msvidctl.dll
+ vbscript Microsoft ® HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll
+ wia WIA Scripting Layer Microsoft Corporation c:\windows\system32\wiascr.dll
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: About:Home
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ Address Book 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe
+ Browser Customizations IEAK branding Microsoft Corporation c:\windows\system32\iedkcs32.dll
+ Browser Customizations IEAK branding Microsoft Corporation c:\windows\system32\iedkcs32.dll
+ IE7 Uninstall Stub IE Per User Active Setup Uninstall Utility Microsoft Corporation c:\windows\system32\ieudinit.exe
+ Internet Explorer IE Per-User Initialization Utility Microsoft Corporation c:\windows\system32\ie4uinit.exe
+ Internet Explorer IE Per-User Initialization Utility Microsoft Corporation c:\windows\system32\ie4uinit.exe
+ Microsoft Outlook Express 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe
+ Microsoft Windows Media Player ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll
+ NetMeeting 3.01 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll
+ Outlook Express Windows NT User Data Migration Tool Microsoft Corporation c:\windows\system32\shmgrate.exe
+ Themes Setup Microsoft© Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe
+ Windows Desktop Update Microsoft© Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe
+ Windows Media Player Microsoft Windows Media Player Setup Utility Microsoft Corporation c:\windows\inf\unregmp2.exe
+ Windows Messenger 4.7 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
+ Browseui preloader Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Component Categories cache daemon Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
+ CDBurn Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ PostBootReminder Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ SysTray Systray shell service object Microsoft Corporation c:\windows\system32\stobject.dll
+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ URL Exec Hook Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ avast avast! Shell Extension ALWIL Software c:\program files\alwil software\avast4\ashshell.dll
+ Offline Files Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll
+ Open With Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ Open With EncryptionMenu Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ Start Menu Pin Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ WinZip WinZip Shell Extension DLL WinZip Computing, S.L. c:\program files\winzip\wzshlstb.dll
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
+ Send To Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
+ EncryptionMenu Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ Offline Files Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll
+ Sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll
+ WinZip WinZip Shell Extension DLL WinZip Computing, S.L. c:\program files\winzip\wzshlstb.dll
HKLM\Software\Classes\Directory\Shellex\DragDropHandlers
+ WinZip WinZip Shell Extension DLL WinZip Computing, S.L. c:\program files\winzip\wzshlstb.dll
HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers
+ DfsShell Class Distributed File System shell extension Microsoft Corporation c:\windows\system32\dfsshlex.dll
+ Folder Customization Tab Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ Previous Versions Property Page Previous Versions property page Microsoft Corporation c:\windows\system32\twext.dll
+ Security Shell Extension Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32.dll
+ Sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll
HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers
+ CDF Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ FileSystem Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ MyDocuments My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll
+ Sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ PDF Shell Extension PDF Shell Extension Adobe Systems, Inc. c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ {24F14F01-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ {24F14F02-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ {66742402-F9B9-11D1-A202-0000F81FEDEE} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} Sun Microsystems, Inc. c:\program files\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ avast avast! Shell Extension ALWIL Software c:\program files\alwil software\avast4\ashshell.dll
+ WinZip WinZip Shell Extension DLL WinZip Computing, S.L. c:\program files\winzip\wzshlstb.dll
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
+ New Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
+ Offline Files Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ %DESC_PublishDropTarget% Photo Printing Wizard Microsoft Corporation c:\windows\system32\photowiz.dll
+ &Address Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ &Links Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ .CAB file viewer Cabinet File Viewer Shell Extension Microsoft Corporation c:\windows\system32\cabview.dll
+ Accessible Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ ActiveX Cache Folder Object Control Viewer Microsoft Corporation c:\windows\system32\occache.dll
+ Address Bar Parser Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Address EditBox Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Administrative Tools Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Audio Media Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ Augmented Shell Folder Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Augmented Shell Folder 2 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Auto Update Property Sheet Extension Automatic Updates Control Panel Microsoft Corporation c:\windows\system32\wuaucpl.cpl
+ avast avast! Shell Extension ALWIL Software c:\program files\alwil software\avast4\ashshell.dll
+ Avi Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ BandProxy Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Briefcase Windows Briefcase Microsoft Corporation c:\windows\system32\syncui.dll
+ CDF Extension Copy Hook Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Code Download Agent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Compatibility Page Compatibility Tab Shell Extension DLL Microsoft Corporation c:\windows\system32\slayerxp.dll
+ Compressed (zipped) Folder Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll
+ Compressed (zipped) Folder Right Drag Handler Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll
+ Compressed (zipped) Folder SendTo Target Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll
+ ConnectionAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Crypto PKO Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll
+ Crypto Sign Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll
+ Custom MRU AutoCompleted List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Darwin App Publisher Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl
+ DfsShell Distributed File System shell extension Microsoft Corporation c:\windows\system32\dfsshlex.dll
+ Directory Context Menu Verbs Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiext.dll
+ Directory Object Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll
+ Directory Property UI Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiext.dll
+ Directory Query UI Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll
+ Directory Start/Search Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll
+ Disk Copy Extension Windows DiskCopy Microsoft Corporation c:\windows\system32\diskcopy.dll
+ Disk Quota UI Windows Shell Disk Quota UI DLL Microsoft Corporation c:\windows\system32\dskquoui.dll
+ Display Adapter CPL Extension Advanced display adapter properties Microsoft Corporation c:\windows\system32\deskadp.dll
+ Display Monitor CPL Extension Advanced display monitor properties Microsoft Corporation c:\windows\system32\deskmon.dll
+ Display Panning CPL Extension File not found: deskpan.dll
+ Display TroubleShoot CPL Extension Advanced display performance properties Microsoft Corporation c:\windows\system32\deskperf.dll
+ Download Status Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ DS Security Page Directory Service Security UI Microsoft Corporation c:\windows\system32\dssec.dll
+ E-mail Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Explorer Band Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Extensions Manager Folder Extensions Manager Microsoft Corporation c:\windows\system32\extmgr.dll
+ Favorites Band Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Fonts Windows Font Folder Microsoft Corporation c:\windows\system32\fontext.dll
+ Fonts Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ For &People... Find People Microsoft Corporation c:\program files\outlook express\wabfind.dll
+ FTP Folders Webview Microsoft Internet Explorer FTP Folder Shell Extension Microsoft Corporation c:\windows\system32\msieftp.dll
+ GDI+ file thumbnail extractor Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll
+ Get a Passport Wizard Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll
+ Global Folder Settings Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Help and Support Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Help and Support Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ History Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ HTML Thumbnail Extractor Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll
+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll
+ ICC Profile Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll
+ ICM Monitor Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll
+ ICM Printer Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll
+ ICM Scanner Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll
+ IE AutoComplete Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE BandProxy Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Custom MRU AutoCompleted List Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Fade Task Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE IShellFolderBand Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Menu Band Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Menu Desk Bar Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Menu Site Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Microsoft BrowserBand Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Microsoft History AutoComplete List Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Microsoft Multiple AutoComplete List Container Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Microsoft Shell Folder AutoComplete List Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE MRU AutoComplete List Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Navigation Bar Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Registry Tree Options Utility Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE RSS Feeder Folder Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Search Band Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Shell Band Site Menu Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Shell Rebar BandSite Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Tracking Shell Menu Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE User Assist Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE4 Suite Splash Screen Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ In-pane search Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Installed Apps Enumerator Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl
+ Internet Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Internet Name Space Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ InternetShortcut Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ ISFBand OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Microsoft Agent Character Property Sheet Handler Microsoft Agent Property Sheet Handler Microsoft Corporation c:\windows\msagent\agentpsh.dll
+ Microsoft AutoComplete Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Browser Architecture Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Microsoft Browser Architecture Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ Microsoft BrowserBand Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Data Link Microsoft Data Access - OLE DB Core Services Microsoft Corporation c:\program files\common files\system\ole db\oledb32.dll
+ Microsoft DocProp Inplace Calendar Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Droplist Combo Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace ML Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Time Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft DocProp Shell Ext Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft History AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Internet Toolbar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Multiple AutoComplete List Container Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Shell Folder AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Url History Service Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ Microsoft Url Search Hook Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ Midi Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ MMC Icon Handler MMC Shell Extension DLL Microsoft Corporation c:\windows\system32\mmcshext.dll
+ MRU AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Multimedia File Property Sheet Control Panel Drivers Applet Microsoft Corporation c:\windows\system32\mmsys.cpl
+ MyDocs Copy Hook My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll
+ MyDocs Drop Target My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll
+ MyDocs Properties My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll
+ Network Connections Network Connections Shell Microsoft Corporation c:\windows\system32\netshell.dll
+ Network Connections Network Connections Shell Microsoft Corporation c:\windows\system32\netshell.dll
+ NTFS Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32.dll
+ Offline Files Folder Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll
+ Offline Files Folder Options Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll
+ Offline Files Menu Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll
+ OLE Docfile Property Page OLE DocFile Property Page Microsoft Corporation c:\windows\system32\docprop.dll
+ OpenOffice.org Column Handler Sun Microsystems, Inc. c:\program files\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll
+ OpenOffice.org Infotip Handler Sun Microsystems, Inc. c:\program files\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll
+ OpenOffice.org Property Sheet Handler Sun Microsystems, Inc. c:\program files\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll
+ OpenOffice.org Thumbnail Viewer Sun Microsystems, Inc. c:\program files\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll
+ PlusPack CPL Extension Windows Theme API Microsoft Corporation c:\windows\system32\themeui.dll
+ PostAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Previous Versions Previous Versions property page Microsoft Corporation c:\windows\system32\twext.dll
+ Previous Versions Property Page Previous Versions property page Microsoft Corporation c:\windows\system32\twext.dll
+ Print Ordering via the Web Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll
+ Printers Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32.dll
+ Registry Tree Options Utility Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Remote Sessions CPL Extension Remote Sessions CPL Extension Microsoft Corporation c:\windows\system32\remotepg.dll
+ Run... Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll
+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll
+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll
+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll
+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll
+ Scheduled Tasks Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll
+ Search Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Search Assistant OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Sendmail service Send Mail Microsoft Corporation c:\windows\system32\sendmail.dll
+ Sendmail service Send Mail Microsoft Corporation c:\windows\system32\sendmail.dll
+ Set Program Access and Defaults Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Shell Application Manager Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl
+ Shell Automation Inproc Service Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Shell Band Site Menu Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Shell DeskBar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Shell DeskBarApp Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Shell DocObject Viewer Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ Shell extensions for Microsoft Windows Network objects Network object shell UI Microsoft Corporation c:\windows\system32\ntlanui2.dll
+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll
+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll
+ Shell extensions for Windows Script Host Microsoft ® Shell Extension for Windows Script Host Microsoft Corporation c:\windows\system32\wshext.dll
+ Shell Image Data Factory Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll
+ Shell Image Property Handler Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll
+ Shell Image Verbs Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll
+ Shell properties for a DS object Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll
+ Shell Publishing Wizard Object Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll
+ Shell Rebar BandSite Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Shell Scrap DataHandler Shell scrap object handler Microsoft Corporation c:\windows\system32\shscrap.dll
+ Shell Search Band Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Subscription Folder Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Subscription Mgr Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Summary Info Thumbnail handler (DOCFILES) Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll
+ Taskbar and Start Menu Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ Tasks Folder Icon Handler Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll
+ Tasks Folder Shell Extension Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll
+ Temporary Internet Files Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ Temporary Internet Files Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ The Internet Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ Track Popup Bar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ TrayAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ TridentImageExtractor Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ User Accounts Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll
+ User Assist Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Video Media Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ Video Thumbnail Extractor Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ Wav Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ Web Printer Shell Extension Print UI DLL Microsoft Corporation c:\windows\system32\printui.dll
+ Web Publishing Wizard Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll
+ Web Search Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ WebCheck SyncMgr Handler Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ WebCheckChannelAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ WebCheckWebCrawler Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll
+ Windows Media Player Burn Audio CD Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll
+ Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll
+ WinZip WinZip Shell Extension DLL WinZip Computing, S.L. c:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL WinZip Computing, S.L. c:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL WinZip Computing, S.L. c:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL WinZip Computing, S.L. c:\program files\winzip\wzshlstb.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Adobe PDF Link Helper Adobe PDF Helper for Internet Explorer Adobe Systems Incorporated c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
+ Google Dictionary Compression sdch Fast Search Google Inc. c:\program files\google\google toolbar\component\fastsearch_a8904fb862bd9564.dll
+ Google Toolbar Helper Google Toolbar Google Inc. c:\program files\google\google toolbar\googletoolbar.dll
+ Google Toolbar Notifier BHO GoogleToolbarNotifier Google Inc. c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
+ Spybot-S&D IE Protection SBSD IE Protection Safer Networking Limited c:\program files\spybot - search & destroy\sdhelper.dll
+ SSVHelper Class Java™ Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre1.6.0_07\bin\ssv.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
+ Microsoft Url Search Hook Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ Google Toolbar Google Toolbar Google Inc. c:\program files\google\google toolbar\googletoolbar.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ Diagnose Connection Problems... Network Diagnostic for Windows XP Microsoft Corporation c:\windows\network diagnostic\xpnetdiag.exe
+ Windows Messenger Windows Messenger Microsoft Corporation c:\program files\messenger\msmsgs.exe
HKLM\System\CurrentControlSet\Services
+ ALG Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall. Microsoft Corporation c:\windows\system32\alg.exe
+ AppMgmt Provides software installation services such as Assign, Publish, and Remove. File not found: C:\WINDOWS\System32\appmgmts.dll
+ aswUpdSv Provides automatic updating for the avast! antivirus. ALWIL Software c:\program files\alwil software\avast4\aswupdsv.exe
+ AudioSrv Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\audiosrv.dll
+ avast! Antivirus Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler. ALWIL Software c:\program files\alwil software\avast4\ashserv.exe
+ avast! Mail Scanner Implements mail scanning for avast! antivirus. ALWIL Software c:\program files\alwil software\avast4\ashmaisv.exe
+ avast! Web Scanner Implements web (HTTP) scanning for avast! antivirus. ALWIL Software c:\program files\alwil software\avast4\ashwebsv.exe
+ BITS Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. Microsoft Corporation c:\windows\system32\qmgr.dll
+ Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\browser.dll
+ CiSvc Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language. Microsoft Corporation c:\windows\system32\cisvc.exe
+ COMSysApp Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\dllhost.exe
+ CryptSvc Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\cryptsvc.dll
+ DcomLaunch Provides launch functionality for DCOM services. Microsoft Corporation c:\windows\system32\rpcss.dll
+ Dhcp Manages network configuration by registering and updating IP addresses and DNS names. Microsoft Corporation c:\windows\system32\dhcpcsvc.dll
+ dmadmin Configures hard disk drives and volumes. The service only runs for configuration processes and then stops. Microsoft Corp., Veritas Software c:\windows\system32\dmadmin.exe
+ dmserver Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corp. c:\windows\system32\dmserver.dll
+ Dnscache Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\dnsrslvr.dll
+ ERSvc Allows error reporting for services and applictions running in non-standard environments. Microsoft Corporation c:\windows\system32\ersvc.dll
+ Eventlog Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. Microsoft Corporation c:\windows\system32\services.exe
+ EventSystem Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\es.dll
+ FastUserSwitchingCompatibility Provides management for applications that require assistance in a multiple user environment. Microsoft Corporation c:\windows\system32\shsvcs.dll
+ gusvc Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. Google c:\program files\google\common\google updater\googleupdaterservice.exe
+ helpsvc Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\pchealth\helpctr\binaries\pchsvc.dll
+ HTTPFilter This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\w3ssl.dll
+ ImapiService Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\imapi.exe
+ lanmanserver Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\srvsvc.dll
+ lanmanworkstation Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\wkssvc.dll
+ LmHosts Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. Microsoft Corporation c:\windows\system32\lmhsvc.dll
+ mnmsrvc Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\mnmsrvc.exe
+ MSDTC Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\msdtc.exe
+ MSIServer Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\msiexec.exe
+ Netlogon Supports pass-through authentication of account logon events for computers in a domain. Microsoft Corporation c:\windows\system32\lsass.exe
+ Netman Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. Microsoft Corporation c:\windows\system32\netman.dll
+ Nla Collects and stores network configuration and location information, and notifies applications when this information changes. Microsoft Corporation c:\windows\system32\mswsock.dll
+ NtLmSsp Provides security to remote procedure call (RPC) programs that use transports other than named pipes. Microsoft Corporation c:\windows\system32\lsass.exe
+ NtmsSvc Removable Storage Manager Microsoft Corporation c:\windows\system32\ntmssvc.dll
+ Pctspk PCTSPK.EXE PCtel, Inc. c:\windows\system32\pctspk.exe
+ PlugPlay Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Microsoft Corporation c:\windows\system32\services.exe
+ PolicyAgent Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. Microsoft Corporation c:\windows\system32\lsass.exe
+ ProtectedStorage Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Microsoft Corporation c:\windows\system32\lsass.exe
+ RasAuto Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. Microsoft Corporation c:\windows\system32\rasauto.dll
+ RasMan Creates a network connection. Microsoft Corporation c:\windows\system32\rasmans.dll
+ RDSessMgr Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box. Microsoft Corporation c:\windows\system32\sessmgr.exe
+ RpcLocator Manages the RPC name service database. Microsoft Corporation c:\windows\system32\locator.exe
+ RpcSs Provides the endpoint mapper and other miscellaneous RPC services. Microsoft Corporation c:\windows\system32\rpcss.dll
+ RSVP Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets. Microsoft Corporation c:\windows\system32\rsvp.exe
+ SamSs Stores security information for local user accounts. Microsoft Corporation c:\windows\system32\lsass.exe
+ SCardSvr Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\scardsvr.exe
+ Schedule Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\schedsvc.dll
+ seclogon Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\seclogon.dll
+ SENS Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. Microsoft Corporation c:\windows\system32\sens.dll
+ SharedAccess Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Microsoft Corporation c:\windows\system32\ipnathlp.dll
+ ShellHWDetection Windows Shell Services Dll Microsoft Corporation c:\windows\system32\shsvcs.dll
+ Spooler Loads files to memory for later printing. Microsoft Corporation c:\windows\system32\spoolsv.exe
+ srservice Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties Microsoft Corporation c:\windows\system32\srsvc.dll
+ SSDPSRV Enables discovery of UPnP devices on your home network. Microsoft Corporation c:\windows\system32\ssdpsrv.dll
+ stisvc Provides image acquisition services for scanners and cameras. Microsoft Corporation c:\windows\system32\wiaservc.dll
+ SwPrv Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\dllhost.exe
+ SysmonLog Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\smlogsvc.exe
+ TapiSrv Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service. Microsoft Corporation c:\windows\system32\tapisrv.dll
+ TermService Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server. Microsoft Corporation c:\windows\system32\termsrv.dll
+ Themes Provides user experience theme management. Microsoft Corporation c:\windows\system32\shsvcs.dll
+ TrkWks Maintains links between NTFS files within a computer or across computers in a network domain. Microsoft Corporation c:\windows\system32\trkwks.dll
+ upnphost Provides support to host Universal Plug and Play devices. Microsoft Corporation c:\windows\system32\upnphost.dll
+ UPS Manages an uninterruptible power supply (UPS) connected to the computer. Microsoft Corporation c:\windows\system32\ups.exe
+ Viewpoint Manager Service Ensures Viewpoint 3D and Rich Media Technologies are up to date Viewpoint Corporation c:\program files\viewpoint\common\viewpointservice.exe
+ VSS Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\vssvc.exe
+ W32Time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\w32time.dll
+ WebClient Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\webclnt.dll
+ winmgmt Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\wbem\wmisvc.dll
+ WmdmPmSN Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device. Microsoft Corporation c:\windows\system32\mspmsnsv.dll
+ WmiApSrv Provides performance library information from WMI HiPerf providers. Microsoft Corporation c:\windows\system32\wbem\wmiapsrv.exe
+ wscsvc Monitors system security settings and configurations. Microsoft Corporation c:\windows\system32\wscsvc.dll
+ wuauserv Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. Microsoft Corporation c:\windows\system32\wuauserv.dll
+ WZCSVC Provides automatic configuration for the 802.11 adapters Microsoft Corporation c:\windows\system32\wzcsvc.dll
+ xmlprov Manages XML configuration files on a domain basis for automatic network provisioning. Microsoft Corporation c:\windows\system32\xmlprov.dll
HKLM\System\CurrentControlSet\Services
+ Aavmker4 avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP ALWIL Software c:\windows\system32\drivers\aavmker4.sys
+ ACPI ACPI Driver for NT Microsoft Corporation c:\windows\system32\drivers\acpi.sys
+ aec Microsoft Acoustic Echo Canceller Microsoft Corporation c:\windows\system32\drivers\aec.sys
+ AFD AFD Networking Support Environment Microsoft Corporation c:\windows\system32\drivers\afd.sys
+ ALCXWDM Realtek AC'97 Audio Driver (WDM) Realtek Semiconductor Corp. c:\windows\system32\drivers\alcxwdm.sys
+ aswMon2 avast! File System Filter Driver for Windows XP ALWIL Software c:\windows\system32\drivers\aswmon2.sys
+ aswRdr avast! TDI RDR Driver ALWIL Software c:\windows\system32\drivers\aswrdr.sys
+ aswSP avast! self protection module ALWIL Software c:\windows\system32\drivers\aswsp.sys
+ aswTdi avast! TDI Filter Driver ALWIL Software c:\windows\system32\drivers\aswtdi.sys
+ AsyncMac RAS Asynchronous Media Driver Microsoft Corporation c:\windows\system32\drivers\asyncmac.sys
+ atapi IDE/ATAPI Port Driver Microsoft Corporation c:\windows\system32\drivers\atapi.sys
+ Atmarpc ATM ARP Client Protocol Microsoft Corporation c:\windows\system32\drivers\atmarpc.sys
+ audstub AudStub Driver Microsoft Corporation c:\windows\system32\drivers\audstub.sys
+ Beep BEEP Driver Microsoft Corporation c:\windows\system32\drivers\beep.sys
+ Cdaudio CD-ROM Audio Filter Driver Microsoft Corporation c:\windows\system32\drivers\cdaudio.sys
+ Cdrom SCSI CD-ROM Driver Microsoft Corporation c:\windows\system32\drivers\cdrom.sys
+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys
+ Disk PnP Disk Driver Microsoft Corporation c:\windows\system32\drivers\disk.sys
+ DMusic Microsoft Kernel DLS Synthesizer Microsoft Corporation c:\windows\system32\drivers\dmusic.sys
+ drmkaud Microsoft Kernel DRM Audio Descrambler Filter Microsoft Corporation c:\windows\system32\drivers\drmkaud.sys
+ Fdc Floppy Disk Controller Driver Microsoft Corporation c:\windows\system32\drivers\fdc.sys
+ Fips FIPS Crypto Driver Microsoft Corporation c:\windows\system32\drivers\fips.sys
+ Flpydisk Floppy Driver Microsoft Corporation c:\windows\system32\drivers\flpydisk.sys
+ FltMgr File System Filter Manager Driver Microsoft Corporation c:\windows\system32\drivers\fltmgr.sys
+ Ftdisk FT Disk Driver Microsoft Corporation c:\windows\system32\drivers\ftdisk.sys
+ gameenum Game Port Enumerator Microsoft Corporation c:\windows\system32\drivers\gameenum.sys
+ Gpc Generic Packet Classifier Microsoft Corporation c:\windows\system32\drivers\msgpc.sys
+ HTTP This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\drivers\http.sys
+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys
+ i8042prt i8042 Port Driver Microsoft Corporation c:\windows\system32\drivers\i8042prt.sys
+ Imapi IMAPI Kernel Driver Microsoft Corporation c:\windows\system32\drivers\imapi.sys
+ ip6fw Provides intrusion prevention service for a home or small office network. Microsoft Corporation c:\windows\system32\drivers\ip6fw.sys
+ IpFilterDriver IP Traffic Filter Driver Microsoft Corporation c:\windows\system32\drivers\ipfltdrv.sys
+ IpInIp IP in IP Tunnel Driver Microsoft Corporation c:\windows\system32\drivers\ipinip.sys
+ IpNat IP Network Address Translator Microsoft Corporation c:\windows\system32\drivers\ipnat.sys
+ IPSec IPSEC driver Microsoft Corporation c:\windows\system32\drivers\ipsec.sys
+ IRENUM Infra-Red Bus Enumerator Microsoft Corporation c:\windows\system32\drivers\irenum.sys
+ isapnp PNP ISA Bus Driver Microsoft Corporation c:\windows\system32\drivers\isapnp.sys
+ Kbdclass Keyboard Class Driver Microsoft Corporation c:\windows\system32\drivers\kbdclass.sys
+ kmixer Kernel Mode Audio Mixer Microsoft Corporation c:\windows\system32\drivers\kmixer.sys
+ KSecDD Kernel Security Support Provider Interface Microsoft Corporation c:\windows\system32\drivers\ksecdd.sys
+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
+ mnmdd Frame buffer simulator Microsoft Corporation c:\windows\system32\drivers\mnmdd.sys
+ Modem Modem Device Driver Microsoft Corporation c:\windows\system32\drivers\modem.sys
+ Mouclass Mouse Class Driver Microsoft Corporation c:\windows\system32\drivers\mouclass.sys
+ MountMgr Mount Manager Microsoft Corporation c:\windows\system32\drivers\mountmgr.sys
+ MRxDAV WebDav Client Redirector Microsoft Corporation c:\windows\system32\drivers\mrxdav.sys
+ MRxSmb MRXSMB Microsoft Corporation c:\windows\system32\drivers\mrxsmb.sys
+ ms_mpu401 MPU401 Adapter Driver Microsoft Corporation c:\windows\system32\drivers\msmpu401.sys
+ Msfs Mailslot driver Microsoft Corporation c:\windows\system32\drivers\msfs.sys
+ MSKSSRV MS KS Server Microsoft Corporation c:\windows\system32\drivers\mskssrv.sys
+ MSPCLOCK MS Proxy Clock Microsoft Corporation c:\windows\system32\drivers\mspclock.sys
+ MSPQM MS Proxy Quality Manager Microsoft Corporation c:\windows\system32\drivers\mspqm.sys
+ mssmbios System Management BIOS Driver Microsoft Corporation c:\windows\system32\drivers\mssmbios.sys
+ Mup Multiple UNC Provider driver Microsoft Corporation c:\windows\system32\drivers\mup.sys
+ NDIS NDIS 5.1 wrapper driver Microsoft Corporation c:\windows\system32\drivers\ndis.sys
+ NdisTapi Remote Access NDIS TAPI Driver Microsoft Corporation c:\windows\system32\drivers\ndistapi.sys
+ Ndisuio NDIS Usermode I/O Protocol Microsoft Corporation c:\windows\system32\drivers\ndisuio.sys
+ NdisWan Remote Access NDIS WAN Driver Microsoft Corporation c:\windows\system32\drivers\ndiswan.sys
+ NDProxy NDIS Proxy Microsoft Corporation c:\windows\system32\drivers\ndproxy.sys
+ NetBIOS NetBIOS Interface Microsoft Corporation c:\windows\system32\drivers\netbios.sys
+ NetBT NetBios over Tcpip Microsoft Corporation c:\windows\system32\drivers\netbt.sys
+ Npfs NPFS Driver Microsoft Corporation c:\windows\system32\drivers\npfs.sys
+ Null NULL Driver Microsoft Corporation c:\windows\system32\drivers\null.sys
+ NwlnkFlt IPX Traffic Filter Driver Microsoft Corporation c:\windows\system32\drivers\nwlnkflt.sys
+ NwlnkFwd IPX Traffic Forwarder Driver Microsoft Corporation c:\windows\system32\drivers\nwlnkfwd.sys
+ Parport Parallel Port Driver Microsoft Corporation c:\windows\system32\drivers\parport.sys
+ PartMgr Partition Manager Microsoft Corporation c:\windows\system32\drivers\partmgr.sys
+ ParVdm VDM Parallel Driver Microsoft Corporation c:\windows\system32\drivers\parvdm.sys
+ PCI NT Plug and Play PCI Enumerator Microsoft Corporation c:\windows\system32\drivers\pci.sys
+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
+ PCIIde Generic PCI IDE Bus Driver Microsoft Corporation c:\windows\system32\drivers\pciide.sys
+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
+ PptpMiniport WAN Miniport (PPTP) Microsoft Corporation c:\windows\system32\drivers\raspptp.sys
+ Processor Processor Device Driver Microsoft Corporation c:\windows\system32\drivers\processr.sys
+ PSched QoS Packet Scheduler Microsoft Corporation c:\windows\system32\drivers\psched.sys
+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys
+ Ptserlp HSP Modem Serial Device Driver for NT 5.0 PCTEL, INC. c:\windows\system32\drivers\ptserlp.sys
+ RasAcd Remote Access Auto Connection Driver Microsoft Corporation c:\windows\system32\drivers\rasacd.sys
+ Rasl2tp WAN Miniport (L2TP) Microsoft Corporation c:\windows\system32\drivers\rasl2tp.sys
+ RasPppoe Remote Access PPPOE Driver Microsoft Corporation c:\windows\system32\drivers\raspppoe.sys
+ Raspti Direct Parallel Microsoft Corporation c:\windows\system32\drivers\raspti.sys
+ Rdbss Rdbss Microsoft Corporation c:\windows\system32\drivers\rdbss.sys
+ RDPCDD RDP Miniport Microsoft Corporation c:\windows\system32\drivers\rdpcdd.sys
+ RDPWD RDP Terminal Stack Driver (US/Canada Only, Not for Export) Microsoft Corporation c:\windows\system32\drivers\rdpwd.sys
+ redbook Redbook Audio Filter Driver Microsoft Corporation c:\windows\system32\drivers\redbook.sys
+ Secdrv SafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys
+ serenum Serial Port Enumerator Microsoft Corporation c:\windows\system32\drivers\serenum.sys
+ Serial Serial Device Driver Microsoft Corporation c:\windows\system32\drivers\serial.sys
+ Sfloppy SCSI Floppy Driver Microsoft Corporation c:\windows\system32\drivers\sfloppy.sys
+ sisagp SiS NT AGP Filter Silicon Integrated Systems Corporation c:\windows\system32\drivers\sisagp.sys
+ SISNIC SiS PCI Fast Ethernet Adapter Driver SiS Corporation c:\windows\system32\drivers\sisnic.sys
+ splitter Microsoft Kernel Audio Splitter Microsoft Corporation c:\windows\system32\drivers\splitter.sys
+ sr System Restore Filesystem Filter Driver Microsoft Corporation c:\windows\system32\drivers\sr.sys
+ Srv Srv Microsoft Corporation c:\windows\system32\drivers\srv.sys
+ swenum Plug and Play Software Device Enumerator Microsoft Corporation c:\windows\system32\drivers\swenum.sys
+ swmidi Microsoft GS Wavetable Synthesizer Microsoft Corporation c:\windows\system32\drivers\swmidi.sys
+ sysaudio System Audio WDM Filter Microsoft Corporation c:\windows\system32\drivers\sysaudio.sys
+ Tcpip TCP/IP Protocol Driver Microsoft Corporation c:\windows\system32\drivers\tcpip.sys
+ TDPIPE Named Pipe Transport Driver Microsoft Corporation c:\windows\system32\drivers\tdpipe.sys
+ TDTCP TCP Transport Driver Microsoft Corporation c:\windows\system32\drivers\tdtcp.sys
+ TermDD Terminal Server Driver Microsoft Corporation c:\windows\system32\drivers\termdd.sys
+ TVICHW32 TVicHW32 Driver for Windows NT/2000/XP EnTech Taiwan c:\windows\system32\drivers\tvichw32.sys
+ Update Update Driver Microsoft Corporation c:\windows\system32\drivers\update.sys
+ usbhub Default Hub Driver for USB Microsoft Corporation c:\windows\system32\drivers\usbhub.sys
+ usbohci OHCI USB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbohci.sys
+ USBSTOR USB Mass Storage Class Driver Microsoft Corporation c:\windows\system32\drivers\usbstor.sys
+ VgaSave Controls the VGA display adapter to provide basic display capabilities. Microsoft Corporation c:\windows\system32\drivers\vga.sys
+ Vmodem HSP Modem Modem Device Driver PCTEL, INC. c:\windows\system32\drivers\vmodem.sys
+ VolSnap Volume Shadow Copy Driver Microsoft Corporation c:\windows\system32\drivers\volsnap.sys
+ Vpctcom HSP Modem Virtual Control Device PCtel, Inc. c:\windows\system32\drivers\vpctcom.sys
+ Vvoice HSP Modem device driver PCtel, Inc. c:\windows\system32\drivers\vvoice.sys
+ Wanarp Remote Access IP ARP Driver Microsoft Corporation c:\windows\system32\drivers\wanarp.sys
+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys
+ wdmaud MMSYSTEM Wave/Midi API mapper Microsoft Corporation c:\windows\system32\drivers\wdmaud.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
+ autocheck autochk * Auto Check Utility Microsoft Corporation c:\windows\system32\autochk.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
+ Your Image File Name Here without a path Symbolic Debugger for Windows 2000 Microsoft Corporation c:\windows\system32\ntsd.exe
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
+ advapi32 Advanced Windows 32 Base API Microsoft Corporation c:\windows\system32\advapi32.dll
+ comdlg32 Common Dialogs DLL Microsoft Corporation c:\windows\system32\comdlg32.dll
+ gdi32 GDI Client DLL Microsoft Corporation c:\windows\system32\gdi32.dll
+ imagehlp Windows NT Image Helper Microsoft Corporation c:\windows\system32\imagehlp.dll
+ kernel32 Windows NT BASE API Client DLL Microsoft Corporation c:\windows\system32\kernel32.dll
+ lz32 LZ Expand/Compress API DLL Microsoft Corporation c:\windows\system32\lz32.dll
+ ole32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\ole32.dll
+ oleaut32 Microsoft Corporation c:\windows\system32\oleaut32.dll
+ olecli32 Object Linking and Embedding Client Library Microsoft Corporation c:\windows\system32\olecli32.dll
+ olecnv32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olecnv32.dll
+ olesvr32 Object Linking and Embedding Server Library Microsoft Corporation c:\windows\system32\olesvr32.dll
+ olethk32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olethk32.dll
+ rpcrt4 Remote Procedure Call Runtime Microsoft Corporation c:\windows\system32\rpcrt4.dll
+ shell32 Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ url Internet Shortcut Shell Extension DLL Microsoft Corporation c:\windows\system32\url.dll
+ urlmon OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ user32 Windows XP USER API Client DLL Microsoft Corporation c:\windows\system32\user32.dll
+ version Version Checking and File Installation Libraries Microsoft Corporation c:\windows\system32\version.dll
+ wininet Internet Extensions for Win32 Microsoft Corporation c:\windows\system32\wininet.dll
+ wldap32 Win32 LDAP API DLL Microsoft Corporation c:\windows\system32\wldap32.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
+ logonui.exe Windows Logon UI Microsoft Corporation c:\windows\system32\logonui.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ crypt32chain Crypto API32 Microsoft Corporation c:\windows\system32\crypt32.dll
+ cryptnet Crypto Network Related API Microsoft Corporation c:\windows\system32\cryptnet.dll
+ cscdll Offline Network Agent Microsoft Corporation c:\windows\system32\cscdll.dll
+ ScCertProp Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll
+ Schedule Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll
+ sclgntfy Secondary Logon Service Notification DLL Microsoft Corporation c:\windows\system32\sclgntfy.dll
+ SensLogn Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll
+ termsrv Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll
+ wlballoon Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll
HKCU\Control Panel\Desktop\Scrnsave.exe
+ C:\WINDOWS\System32\logon.scr Logon Screen Saver Microsoft Corporation c:\windows\system32\logon.scr
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
+ 000000000001 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ 000000000002 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ 000000000003 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ 000000000004 Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll
+ 000000000005 Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll
+ 000000000006 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ 000000000007 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ 000000000008 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ 000000000009 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ 000000000010 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ 000000000011 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
+ Network Location Awareness (NLA) Namespace Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ NTDS LDAP RnR Provider DLL Microsoft Corporation c:\windows\system32\winrnr.dll
+ Tcpip Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ BJ Language Monitor Langage Monitor for Canon Bubble-Jet Printer Microsoft Corporation c:\windows\system32\cnbjmon.dll
+ Local Port Local Spooler DLL Microsoft Corporation c:\windows\system32\localspl.dll
+ PJL Language Monitor PJL Language monitor Microsoft Corporation c:\windows\system32\pjlmon.dll
+ Standard TCP/IP Port Standard TCP/IP Port Monitor DLL Microsoft Corporation c:\windows\system32\tcpmon.dll
+ USB Monitor Standard Dynamic Printing Port Monitor DLL Microsoft Corporation c:\windows\system32\usbmon.dll
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
+ digest.dll Digest SSPI Authentication Package Microsoft Corporation c:\windows\system32\digest.dll
+ msapsspc.dll DPA Client for 32 bit platforms Microsoft Corporation c:\windows\system32\msapsspc.dll
+ msnsspc.dll MSN Internet Access Microsoft Corporation c:\windows\system32\msnsspc.dll
+ schannel.dll TLS / SSL Security Provider Microsoft Corporation c:\windows\system32\schannel.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
+ msv1_0 Microsoft Authentication Package v1.0 Microsoft Corporation c:\windows\system32\msv1_0.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
+ scecli Windows Security Configuration Editor Client Engine Microsoft Corporation c:\windows\system32\scecli.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
+ kerberos Kerberos Security Package Microsoft Corporation c:\windows\system32\kerberos.dll
+ msv1_0 Microsoft Authentication Package v1.0 Microsoft Corporation c:\windows\system32\msv1_0.dll
+ schannel TLS / SSL Security Provider Microsoft Corporation c:\windows\system32\schannel.dll
+ wdigest Microsoft Digest Access Microsoft Corporation c:\windows\system32\wdigest.dll
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
+ LanmanWorkstation Microsoft Windows Network Microsoft Corporation c:\windows\system32\ntlanman.dll
+ RDPNP Microsoft Terminal Services Microsoft Corporation c:\windows\system32\drprov.dll
+ WebClient Web Client Network Microsoft Corporation c:\windows\system32\davclnt.dll

I followed the preparation instructions, and hope I did this right. I don't have Kaspersky, but I included my autoruns scan. Thank you, and I'll await your response. Currently, I can still use my pc, but I won't and will wait patiently. thanks again.
Sincerely,
Deb

Attached Files


Edited by dohaver, 29 April 2009 - 02:25 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:00 AM

Posted 11 May 2009 - 10:35 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:00 AM

Posted 19 May 2009 - 03:54 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please start a new topic.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users