Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing WebWatcher Help


  • This topic is locked This topic is locked
40 replies to this topic

#1 Madkool

Madkool

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 AM

Posted 06 December 2009 - 10:54 AM

I need help removing web watcher, which was put on my machine without my consent. I fear it will be used to collect my credit card info and personal information. I believe a ROOTKIT is involved, making this a malware infection. My hijack this log is as follows;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:52:23 AM, on 12/6/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\kfcxufx\atisvc_dsdshfs.exe
C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [DSUpdateLauncher] "c:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="c:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "c:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\program files\Dell DataSafe Local Backup\toasterLauncher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: atisvc_dsdshfs - Unknown owner - C:\Windows\system32\kfcxufx\atisvc_dsdshfs.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 10732 bytes

Edited by Madkool, 06 December 2009 - 10:55 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:48 AM

Posted 19 December 2009 - 06:16 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.

    First Location
    Second Location
    Third Location

  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:48 AM

Posted 24 December 2009 - 05:41 AM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:48 AM

Posted 03 February 2010 - 07:05 PM

Reopened at user's request

------------------------------------------

Please run the DDS and RootRepeal scans as above.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#5 Madkool

Madkool
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 AM

Posted 03 February 2010 - 07:49 PM

Thank you for your assistance, m0le =) The two requested logs are below. Do you need me to re run a HJT scan again as well? Some of the problems I'm having are blocked websites (this website was even blocked for awhile), email and messengers not opening, slow internet speed, and my spouse somehow getting access to old chat logs. I have since gotten a new hard drive, but the same problems have begun occurring again as of this evening, when he was left alone with my computer.



DDS (Ver_09-12-01.01) - NTFSx86
Run by ben at 18:32:34.79 on Wed 02/03/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vistaāā€˛¢ Home Basic 6.0.6002.2.1252.1.1033.18.3032.1698 [GMT -6:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\kfcxufx\atisvc_dsdshfs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\rundll32.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\RUNDLL32.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\kfcxufx\atisvc_dsdshfs.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\kfcxufx\atisvc_dsdshfs.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ben\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell.com
uDefault_Page_URL = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [McPvTray] c:\program files\mcafee\anti-theft\McPvTray.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\ben\appdata\roaming\mozilla\firefox\profiles\jgiq8bx7.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2009-11-17 63080]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-5 385536]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2010-1-28 81920]
R2 atisvc_dsdshfs;atisvc_dsdshfs;c:\windows\system32\kfcxufx\atisvc_dsdshfs.exe [2010-2-3 441326]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-2-3 203280]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-2-3 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-2-3 144704]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-2-3 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-2-3 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-2-3 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-2-3 40552]
S2 0061391265214347mcinstcleanup;McAfee Application Installer Cleanup (0061391265214347);c:\users\ben\appdata\local\temp\006139~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\users\ben\appdata\local\temp\006139~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-2-3 34248]

=============== Created Last 30 ================

2010-02-03 21:56:07 0 d-----w- c:\program files\TrendMicro
2010-02-03 16:28:01 6956 ----a-w- c:\windows\system32\Config.MPF
2010-02-03 16:27:33 0 d-----w- c:\programdata\SiteAdvisor
2010-02-03 16:25:52 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-02-03 16:25:52 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-02-03 16:25:52 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-02-03 16:25:49 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-02-03 16:25:33 0 d-----w- c:\program files\common files\McAfee
2010-02-03 16:25:32 0 d-----w- c:\program files\McAfee.com
2010-02-03 16:23:28 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-02-03 16:13:06 0 d-----w- c:\program files\Citrix
2010-02-03 16:13:00 61224 ----a-w- c:\users\ben\GoToAssistDownloadHelper.exe
2010-02-03 15:56:21 0 d-----w- c:\programdata\McAfee Anti-Theft
2010-02-03 15:55:47 0 d-----w- c:\program files\McAfee
2010-02-03 15:55:46 0 d-----w- c:\users\ben\appdata\roaming\McAfee
2010-02-03 15:52:52 0 d-----w- c:\programdata\McAfee
2010-02-03 15:18:15 82432 ----a-w- c:\windows\system32\msxml4r.dll
2010-02-03 15:18:15 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-02-03 15:18:15 402 ----a-w- c:\windows\system32\msxml4.inf
2010-02-03 15:18:15 1233920 ----a-w- c:\windows\system32\msxml4.dll
2010-02-03 15:18:09 0 d-----w- c:\windows\system32\kfcxufx
2010-01-31 08:58:21 0 d-----w- c:\program files\Windows Portable Devices
2010-01-31 08:58:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-01-31 03:08:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-01-30 02:24:29 0 d-----w- c:\windows\system32\eu-ES
2010-01-30 02:24:29 0 d-----w- c:\windows\system32\ca-ES
2010-01-30 02:24:28 0 d-----w- c:\windows\system32\vi-VN
2010-01-30 01:59:13 0 d-----w- c:\windows\system32\EventProviders
2010-01-30 01:57:59 37376 ----a-w- c:\windows\system32\EhStorPwdMgr.dll
2010-01-30 01:56:49 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-01-30 01:56:49 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-01-30 01:56:49 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-01-30 01:56:49 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-01-30 01:56:49 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-01-30 01:56:49 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-01-30 01:56:49 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-01-30 01:56:47 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-01-30 01:56:42 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-01-30 01:56:42 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-01-30 01:56:35 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-01-30 01:44:17 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-30 01:29:40 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-30 01:27:56 0 d-----w- c:\users\ben\Tracing
2010-01-30 01:26:02 243712 ----a-w- c:\windows\system32\rastls.dll
2010-01-30 01:20:09 0 d-----w- c:\program files\Microsoft
2010-01-30 01:19:42 0 d-----w- c:\program files\Windows Live SkyDrive
2010-01-30 01:19:13 0 d-----w- c:\windows\PCHEALTH
2010-01-30 01:18:08 0 d-----w- c:\program files\common files\Windows Live
2010-01-30 01:17:43 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-30 01:17:43 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-01-30 01:17:20 0 d-----w- c:\program files\iPod
2010-01-30 01:17:18 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-30 01:17:18 0 d-----w- c:\program files\iTunes
2010-01-30 01:13:40 0 d-----w- c:\program files\Bonjour
2010-01-30 01:13:12 0 d-----w- c:\programdata\Apple Computer
2010-01-30 01:11:50 0 d-----w- c:\programdata\Apple
2010-01-30 01:05:12 0 d-----w- c:\program files\Wide Angle Software
2010-01-30 00:32:38 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-01-30 00:32:31 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-01-30 00:32:27 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-01-30 00:32:27 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-01-30 00:30:46 0 d-----w- c:\programdata\Dell
2010-01-29 23:57:30 0 d-sh--we c:\programdata\Documents
2010-01-29 23:57:30 0 d-sh--we C:\Documents and Settings
2010-01-29 23:33:04 0 d-----w- c:\windows\system32\ENU
2010-01-29 23:33:03 1034776 ----a-w- c:\windows\system32\imsmudlg.exe
2010-01-29 23:32:58 0 d-----w- C:\Intel
2010-01-29 23:31:12 0 d-----w- c:\program files\Cisco
2010-01-29 23:30:15 0 d-----w- c:\program files\Dell
2010-01-29 23:30:07 0 d-----w- c:\program files\Dell Inc
2010-01-29 23:23:55 65536 ----a-w- c:\windows\ocsetup_cbs_install_OEMHelpCustomization.dpx
2010-01-29 23:23:55 196608 ----a-w- c:\windows\ocsetup_cbs_install_OEMHelpCustomization.perf
2010-01-29 23:23:55 102432768 ----a-w- c:\windows\ocsetup_install_OEMHelpCustomization.etl
2010-01-29 23:21:07 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2010-01-29 23:21:07 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2010-01-29 23:21:07 121232 ----a-w- c:\windows\system32\IScrNB.bmp
2010-01-29 23:18:43 993816 ----a-w- c:\windows\system32\igxpun.exe
2010-01-29 23:18:43 0 d-----w- c:\windows\system32\x64
2010-01-29 23:18:43 0 d-----w- c:\windows\system32\Lang
2010-01-29 23:18:42 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-01-29 17:12:56 773890 ----a-w- c:\windows\system32\oem6.inf
2010-01-29 17:11:59 0 d-----w- c:\program files\IDT
2010-01-29 17:10:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-01-29 00:29:39 5392 ---ha-r- C:\dell.sdr
2010-01-29 00:29:24 6815264 ----a-w- c:\windows\system\DriveIcon.dll
2010-01-29 00:29:24 62976 ----a-w- c:\windows\system32\drivers\RTSTOR.sys
2010-01-29 00:29:23 317976 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-01-29 00:29:05 87280 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-01-29 00:29:05 4157440 ----a-w- c:\windows\system32\bcmihvsrv.dll
2010-01-29 00:29:05 3850240 ----a-w- c:\windows\system32\bcmihvui.dll
2010-01-29 00:29:05 1331192 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2010-01-29 00:29:02 630784 ----a-w- c:\windows\system32\ykx32coinst.dll
2010-01-29 00:29:02 304128 ----a-w- c:\windows\system32\drivers\yk60x86.sys
2010-01-29 00:28:59 192048 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2010-01-29 00:28:59 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2010-01-29 00:28:59 107622 ----a-w- c:\windows\system32\Vxdif.dll
2010-01-29 00:28:59 0 d-----w- c:\program files\DellTPad
2010-01-29 00:28:52 835072 ----a-w- c:\windows\system32\stapo.dll
2010-01-29 00:28:52 432128 ----a-w- c:\windows\system32\stapi32.dll
2010-01-29 00:28:52 404992 ----a-w- c:\windows\system32\stcplx.dll
2010-01-29 00:28:52 398336 ----a-w- c:\windows\system32\drivers\stwrt.sys
2010-01-29 00:28:52 171520 ----a-w- c:\windows\system32\st326162.dll
2010-01-29 00:27:33 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-01-29 00:27:33 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-01-29 00:27:33 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-01-29 00:27:33 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-01-29 00:27:33 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-01-29 00:27:33 2501921 ----a-w- c:\windows\system32\wlan.tmf
2010-01-29 00:27:33 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-01-29 00:25:14 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-01-29 00:24:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-01-29 00:24:21 270848 ----a-w- c:\windows\system32\schannel.dll
2010-01-29 00:23:48 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-01-29 00:23:48 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-01-29 00:23:48 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-01-29 00:23:17 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-01-29 00:22:24 98816 ----a-w- c:\windows\system32\mfps.dll
2010-01-29 00:22:24 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-01-29 00:22:24 2868224 ----a-w- c:\windows\system32\mf.dll
2010-01-29 00:22:24 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-01-29 00:22:24 2048 ----a-w- c:\windows\system32\mferror.dll
2010-01-29 00:21:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-01-29 00:21:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-01-29 00:19:51 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-01-29 00:19:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-01-29 00:19:24 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-01-29 00:19:24 23552 ----a-w- c:\windows\system32\lpk.dll
2010-01-29 00:19:24 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-01-29 00:18:55 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-29 00:18:55 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-29 00:18:55 1696768 ----a-w- c:\windows\system32\gameux.dll
2010-01-29 00:15:13 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-01-29 00:13:34 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-01-29 00:13:34 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-01-29 00:13:34 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-01-29 00:11:01 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-01-29 00:11:01 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-01-29 00:11:00 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-01-29 00:11:00 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-01-29 00:11:00 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-01-29 00:08:21 623616 ----a-w- c:\windows\system32\localspl.dll
2010-01-29 00:07:56 9728 ----a-w- c:\windows\system32\lsass.exe
2010-01-29 00:07:56 72704 ----a-w- c:\windows\system32\secur32.dll
2010-01-29 00:07:56 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-01-29 00:07:56 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-01-29 00:07:56 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-01-29 00:07:56 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-01-29 00:06:39 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-01-29 00:06:39 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-01-29 00:06:12 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-01-29 00:05:21 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-01-29 00:05:21 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-01-29 00:05:21 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-01-29 00:05:21 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-01-29 00:05:21 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-01-29 00:05:21 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-01-29 00:05:21 17920 ----a-w- c:\windows\system32\netevent.dll
2010-01-29 00:05:21 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-01-29 00:05:21 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-01-29 00:05:21 10240 ----a-w- c:\windows\system32\finger.exe
2010-01-29 00:05:20 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-01-29 00:04:36 71680 ----a-w- c:\windows\system32\atl.dll
2010-01-29 00:04:13 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-01-29 00:03:50 8704 ----a-w- c:\windows\system32\hccoin.dll
2010-01-29 00:03:50 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2010-01-29 00:03:50 196608 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-01-29 00:03:50 15872 ----a-w- c:\windows\system32\hcrstco.dll
2010-01-29 00:03:49 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-01-29 00:03:49 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2010-01-29 00:03:49 226816 ----a-w- c:\windows\system32\drivers\usbport.sys
2010-01-29 00:03:03 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-01-29 00:01:52 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2010-01-28 23:57:59 0 d-----w- c:\windows\system32\oem
2010-01-28 23:57:58 0 d-----w- C:\Drivers
2010-01-28 23:51:25 0 d-----w- C:\DELL
2010-01-06 00:04:02 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys

==================== Find3M ====================

2010-02-03 16:20:05 174 --sha-w- c:\program files\desktop.ini
2010-01-31 08:58:18 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-31 08:58:18 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-31 08:58:18 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-31 08:58:18 143360 ----a-w- c:\windows\inf\infstor.dat
2010-01-30 02:08:58 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-01-29 17:11:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-01-29 00:00:06 5392 ----a-w- c:\windows\system32\drivers\1028_Dell_INS_1545.mrk
2009-12-18 13:01:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-16 11:44:23 834048 ----a-w- c:\windows\system32\wininet.dll
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 18:33:28.44 ===============


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/02/03 18:37
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x8D000000 Size: 851968 File Visible: No Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8E2B9000 Size: 36864 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x89C04000 Size: 1114112 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA9570000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{4f1560ea-0d36-11df-aa35-00256447277d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{352d0433-10d1-11df-a40d-00256447277d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{4f155fe1-0d36-11df-aa35-00256447277d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{4f156054-0d36-11df-aa35-00256447277d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{4f1560ba-0d36-11df-aa35-00256447277d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{4f1560c0-0d36-11df-aa35-00256447277d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{4f156233-0d36-11df-aa35-00256447277d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6c98bdc6-0d31-11df-80b0-00256447277d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7fab65f6-0d3f-11df-b455-00256447277d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7fab65fc-0d3f-11df-b455-00256447277d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7fab6623-0d3f-11df-b455-00256447277d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a807a0b2-110c-11df-8743-00256447277d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b6883251-10dd-11df-aa18-00256447277d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c6ede7ce-0d46-11df-acb2-00256447277d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e18d92b2-0e12-11df-a57f-00256447277d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f89ac4b1-0f79-11df-99cb-00256447277d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\System32\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\System32\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Program Files\Windows Media Player\Network Sharing\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\PLA\Reports\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\PLA\Rules\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f47e1bd6f6571810.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\534cf013667c78b2ecf44e00183c95e4c2336f1e150a38452cd7e61ec2a73bfc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\1154a0dd8ec7062351d700a2d07b3bb5154c840bfc84077d20f6947d1e08bb6f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.management_b03f5f7f11d50a3a_6.0.6001.18111_none_1f365af40c6b87d4\$$DeleteMe.System.Management.dll.01caa15362dcdada.00bd
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.runtime.remoting_b77a5c561934e089_6.0.6001.18111_none_c59556ea4531dbde\$$DeleteMe.System.Runtime.Remoting.dll.01caa153630a14fa.00be
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.0.6001.18000_none_420aa4b9c28d5162\$$DeleteMe.SmartcardCredentialProvider.dll.01caa1535e17b97a.006e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_d51103be4cb9d6c3\$$DeleteMe.apphelp.dll.01caa153603ff87a.0095
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18320_none_0c109f2bf2590080\$$DeleteMe.AcLayers.dll.01caa1535bda0e1a.0009
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-advapi32.resources_31bf3856ad364e35_6.0.6001.18000_en-us_18897833b0d4ef97\$$DeleteMe.advapi32.dll.mui.01caa153625eb1fa.00bb
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18293_none_aac1f52459f8aeb3\$$DeleteMe.atl.dll.01caa1535e1edd9a.0070
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18057_none_0cbe918751dfdd3f\$$DeleteMe.es.dll.01caa153601ea53a.008c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..ent-indexing-common_31bf3856ad364e35_6.0.6001.18000_none_06b40dcad71051f6\$$DeleteMe.Query.dll.01caa1535d8b485a.0053
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..rformance-xperfcore_31bf3856ad364e35_6.0.6001.18000_none_d71173946e986845\$$DeleteMe.diagperf.dll.01caa15360980b5a.00a6
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.0.6001.18000_none_d77db57c3ca78826\$$DeleteMe.certcli.dll.01caa1535cfed73a.003d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cmi_31bf3856ad364e35_6.0.6001.18000_none_a9ce4a485a8ade99\$$DeleteMe.cmiv2.dll.01caa153618614da.00b7
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\$$DeleteMe.rpcss.dll.01caa1536019e27a.008a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6001.18000_none_7701ab362cebf905\$$DeleteMe.umpnpmgr.dll.01caa153605eea5a.009d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-comdlg32_31bf3856ad364e35_6.0.6001.18000_none_b5b111a1a5a793a5\$$DeleteMe.comdlg32.dll.01caa1535cfed73a.003e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.0.6001.18000_none_db374cc18eed7408\$$DeleteMe.credui.dll.01caa1535bf1dbda.000b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6001.18000_none_5b6fc1dbddd3c6da\$$DeleteMe.crypt32.dll.01caa1535e2d25da.0076
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\$$DeleteMe.cryptsvc.dll.01caa1535d24ed3a.0044
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cryptui-dll_31bf3856ad364e35_6.0.6001.18000_none_85ee5b5e98235317\$$DeleteMe.cryptui.dll.01caa1535dc6caba.005d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6001.18000_none_8da39414bd31fb37\$$DeleteMe.uxsms.dll.01caa15360497dfa.0098
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\$$DeleteMe.dhcpcsvc.dll.01caa1536053037a.009a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\$$DeleteMe.dhcpcsvc6.dll.01caa1535bfdc2ba.000f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6001.18000_none_b1ee595da0f48e64\$$DeleteMe.samlib.dll.01caa1535d86859a.0052
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6001.18000_none_b1ee595da0f48e64\$$DeleteMe.samsrv.dll.01caa1535c3ba67a.0019
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-feclient_31bf3856ad364e35_6.0.6001.18000_none_beda112b5794d4e0\$$DeleteMe.feclient.dll.01caa15360660e7a.009f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6001.18145_none_79a5b70991018b47\$$DeleteMe.wersvc.dll.01caa1535e1c7c3a.006f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.18356_none_f57c34d19d6ef507\$$DeleteMe.httpapi.dll.01caa1536038d45a.0092
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18385_none_b4919f9fd7064103\$$DeleteMe.urlmon.dll.01caa1535e5cc15a.007d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\$$DeleteMe.imm32.dll.01caa1535c961aba.0029
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\$$DeleteMe.kernel32.dll.01caa1535c93b95a.0028
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ldap-client_31bf3856ad364e35_6.0.6001.18000_none_f33c4797566bb3db\$$DeleteMe.Wldap32.dll.01caa1535d8da9ba.0054
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\$$DeleteMe.lsasrv.dll.01caa153597189fa.0006
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\$$DeleteMe.lsass.exe.01caa153596cc73a.0005
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\$$DeleteMe.secur32.dll.01caa1535978ae1a.0008
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mmdeviceapi_31bf3856ad364e35_6.0.6001.18000_none_55044397b961da8a\$$DeleteMe.MMDevAPI.dll.01caa15360803d9a.00a3
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mprapi_31bf3856ad364e35_6.0.6001.18000_none_140c84ec53049b39\$$DeleteMe.mprapi.dll.01caa1535bf43d3a.000e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mpr_31bf3856ad364e35_6.0.6001.18000_none_add5c97257f151a1\$$DeleteMe.mpr.dll.01caa1535d0f80da.0041
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6001.18326_none_c74a7d60a56c2a8c\$$DeleteMe.msasn1.dll.01caa1535e04ae7a.006a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.0.6001.18000_none_c7427a4e786d74bc\$$DeleteMe.adtschema.dll.01caa1535e23a05a.0073
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\$$DeleteMe.msvcrt.dll.01caa1535d606f9a.004e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18306_none_8874480896d0b1bb\$$DeleteMe.msxml3.dll.01caa153601ea53a.008b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18000_none_440e77d1ec053e6c\$$DeleteMe.FwRemoteSvr.dll.01caa1535dbd453a.005b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129adec4a9f41\$$DeleteMe.FwRemoteSvr.dll.01caa1535dbd453a.005b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129adec4a9f41\$$DeleteMe.IPSECSVC.DLL.01caa1535d48a1da.004b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\$$DeleteMe.NaturalLanguage6.dll.01caa1536071f55a.00a2
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-o..inefiles-win32-apis_31bf3856ad364e35_6.0.6001.18000_none_ab6af9d0f92539f0\$$DeleteMe.cscapi.dll.01caa1536050a21a.0099
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6001.18000_none_bd002a8dfb7a3328\$$DeleteMe.oleaut32.dll.01caa1535cc5b63a.0031
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-onex_31bf3856ad364e35_6.0.6001.18000_none_a5cb1bed1d5ba052\$$DeleteMe.onex.dll.01caa1535c09a99a.0012
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6001.18000_none_58d6de41fc2dac16\$$DeleteMe.ntdll.dll.01caa153596a65da.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6001.18247_none_2ff7241d92c8344e\$$DeleteMe.localspl.dll.01caa153604259da.0096
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..ting-spooler-client_31bf3856ad364e35_6.0.6002.18005_none_95196f2b15cf9bd2\$$DeleteMe.winspool.drv.01caa25389e59430.0009
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-profsvc_31bf3856ad364e35_6.0.6001.18000_none_fbb1576d32ad0ba9\$$DeleteMe.profsvc.dll.01caa1535e4e791a.007a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-propsys_31bf3856ad364e35_7.0.6001.16503_none_f3d11aeeb9526bbb\$$DeleteMe.propsys.dll.01caa1535c987c1a.002a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\$$DeleteMe.spoolsv.exe.01caa15360282aba.008f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rasapi_31bf3856ad364e35_6.0.6001.18000_none_6d377f6a4f85327c\$$DeleteMe.rasapi32.dll.01caa1535c17f1da.0015
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-raschap_31bf3856ad364e35_6.0.6001.18336_none_12a49aaf775f5a38\$$DeleteMe.raschap.dll.01caa1535cbc30ba.002f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rasmanservice_31bf3856ad364e35_6.0.6001.18136_none_9ea32a1fa0bb6c5d\$$DeleteMe.rasmans.dll.01caa1535e0e33fa.006d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rasdlg_31bf3856ad364e35_6.0.6001.18000_none_6d133c0e4fa0edb1\$$DeleteMe.rasdlg.dll.01caa1535bf43d3a.000d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6001.18336_none_6c4ac3985036c39f\$$DeleteMe.rastls.dll.01caa1535db3bfba.005a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.22417_none_b48073ae5e33b3f0\$$DeleteMe.rpcrt4.dll.01caa1536057c63a.009c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..icensing-slc-client_31bf3856ad364e35_6.0.6001.18000_none_c51f5aefa5ed5be4\$$DeleteMe.SLC.dll.01caa1535d3a599a.004a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..mmaintenanceservice_31bf3856ad364e35_6.0.6001.18000_none_3d4df24ae03752d7\$$DeleteMe.sysmain.dll.01caa1535d5e0e3a.004d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..nsing-slc.resources_31bf3856ad364e35_6.0.6001.18000_en-us_ceccc3a6a5ce9a6b\$$DeleteMe.SLsvc.exe.mui.01caa15361e7ad3a.00b8
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\$$DeleteMe.services.exe.01caa1535c798a3a.0022
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\$$DeleteMe.scecli.dll.01caa1535bef7a7a.000a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6001.18000_none_4e4769e7f9aab897\$$DeleteMe.slwga.dll.01caa1535d594b7a.004c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\$$DeleteMe.netlogon.dll.01caa1535c80ae5a.0024
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.0.6001.18000_none_1a405db2b218d641\$$DeleteMe.wscapi.dll.01caa1535cf551ba.003b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.0.6001.18000_none_1a405db2b218d641\$$DeleteMe.wscsvc.dll.01caa15360afd91a.00aa
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.18272_none_3a83a0037cec045c\$$DeleteMe.wdigest.dll.01caa1535cdd83fa.0035
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-licensing-slc_31bf3856ad364e35_6.0.6001.18000_none_4e777d79f985fac8\$$DeleteMe.SLsvc.exe.01caa1535cdb229a.0034
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\$$DeleteMe.shsvcs.dll.01caa1535dde987a.0061
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-snmp-winsnmp-api_31bf3856ad364e35_6.0.6001.18000_none_e04d7d11c2a2726e\$$DeleteMe.wsnmp32.dll.01caa1535cf2f05a.0039
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-spp-main_31bf3856ad364e35_6.0.6001.18000_none_e446f6c1acdcd00d\$$DeleteMe.spp.dll.01caa1536063ad1a.009e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\$$DeleteMe.smss.exe.01caa1535960e05a.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-t..-platform-libraries_31bf3856ad364e35_6.0.6001.18000_none_ea70eae59b4e2b12\$$DeleteMe.IPHLPAPI.DLL.01caa1535ce7097a.0036
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\$$DeleteMe.srclient.dll.01caa1535c452bfa.001b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\$$DeleteMe.termsrv.dll.01caa153603d971a.0093
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.0.6001.18000_none_e33cd8dbe4f2987f\$$DeleteMe.tapisrv.dll.01caa1535d0abe1a.0040
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6001.18000_none_e5ac4d2ebeda6d57\$$DeleteMe.taskeng.exe.01caa1535e09713a.006c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.18000_none_2f011e91970278b8\$$DeleteMe.schedsvc.dll.01caa1535d29affa.0045
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-time-service_31bf3856ad364e35_6.0.6001.18000_none_88a763af6d4aa52f\$$DeleteMe.w32time.dll.01caa1535feca85a.0083
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-trustedinstaller_31bf3856ad364e35_6.0.6001.18000_none_910d33844d26b5fb\$$DeleteMe.TrustedInstaller.exe.01caa15363d469da.00c5
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-unimodem-core-tsp_31bf3856ad364e35_6.0.6001.18000_none_add9f22acf970298\$$DeleteMe.unimdm.tsp.01caa1535cbc30ba.0030
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\$$DeleteMe.user32.dll.01caa1535c85711a.0025
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-userenv_31bf3856ad364e35_6.0.6001.18000_none_90406a734b42d9a2\$$DeleteMe.userenv.dll.01caa1536053037a.009b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6001.18000_none_32943b11b3535c07\$$DeleteMe.wiaservc.dll.01caa1535fffb35a.0084
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-webdavredir-davclient_31bf3856ad364e35_6.0.6000.16386_none_9196a743555429b0\$$DeleteMe.davclnt.dll.01caa153603d971a.0094
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-webdavredir-webclient_31bf3856ad364e35_6.0.6001.18000_none_5525c9bcb3b1a381\$$DeleteMe.WebClnt.dll.01caa1535e5f22ba.007e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6001.18131_none_966249e6a135884c\$$DeleteMe.WindowsCodecs.dll.01caa15360ad77ba.00a8
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6002.18005_none_986d30869e3fe947\$$DeleteMe.WindowsCodecs.dll.01caa25389e332d0.0008
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\$$DeleteMe.winlogon.exe.01caa15360471c9a.0097
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\$$DeleteMe.wlanmsm.dll.01caa1535c8a33da.0026
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\$$DeleteMe.wlansec.dll.01caa1535c452bfa.001c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\$$DeleteMe.wlansvc.dll.01caa1535dd512fa.005e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1248 Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Handle [Index: 1956, Type: UnknownType]
Process: csrss.exe (PID: 572) Address: 0x85614978 Size: -

==EOF==

Edited by Madkool, 03 February 2010 - 08:17 PM.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:48 AM

Posted 04 February 2010 - 06:36 PM

Thanks for the logs.

There's absolutely nothing on them that should be causing the symptoms you describe. I would like to just test a couple of scanners to see if they catch anything.

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Then

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Thanks :(
Posted Image
m0le is a proud member of UNITE

#7 Madkool

Madkool
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 AM

Posted 04 February 2010 - 08:56 PM

I read this article (http://www.removeadware.com.au/articles/webwatcher/) and was wondering if I should run a scan from the website they suggested as well?

I ran the scans you suggested and got the following results;

The ESET scanner is not giving me an export to text file option, since it says no threats were found. Unless I'm not seeing it somewhere?

The Malware Bytes scan came up clean as well, but here is the log it produced
Malwarebytes' Anti-Malware 1.44
Database version: 3691
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

2/4/2010 7:55:47 PM
mbam-log-2010-02-04 (19-55-47).txt

Scan type: Full Scan (C:\|E:\|F:\|)
Objects scanned: 209650
Time elapsed: 2 hour(s), 3 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Madkool, 04 February 2010 - 08:58 PM.


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:48 AM

Posted 05 February 2010 - 06:09 PM

WebWatcher looks like an interesting program, designed to hide from children so they don't remove it it takes on a rootkit-like presence.

There are some tools that we can run to locate if the process is running so let's try one.

Please download and run Process Explorer

If Process explorer won't execute rename it Iexplore.exe

Under File and Save As, create a log and post here

Copy and paste the log into your next reply
Posted Image
m0le is a proud member of UNITE

#9 Madkool

Madkool
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 AM

Posted 05 February 2010 - 06:42 PM

Process PID CPU Description Company Name
System Idle Process 0 78.54
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4 0.77
smss.exe 492
csrss.exe 572
wininit.exe 616
services.exe 660
svchost.exe 876 8.47
mcagent.exe 3824 McAfee Integrated Security Platform McAfee, Inc.
igfxsrvc.exe 908 igfxsrvc Module Intel Corporation
WmiPrvSE.exe 4368
svchost.exe 936
svchost.exe 976
svchost.exe 1068
audiodg.exe 1260
svchost.exe 1124
wlanext.exe 1724
dwm.exe 3916 0.77 Desktop Window Manager Microsoft Corporation
svchost.exe 1164
taskeng.exe 3064
taskeng.exe 3912 Task Scheduler Engine Microsoft Corporation
stacsv.exe 1204
SLsvc.exe 1308
svchost.exe 1376
svchost.exe 1532
WLTRYSVC.EXE 1704
BCMWLTRY.EXE 1716
spoolsv.exe 1852
svchost.exe 1876
AEstSrv.exe 516
AppleMobileDeviceService.exe 552
atisvc_dsdshfs.exe 12 0.77
atisvc_dsdshfs.exe 3020 3.85
iexplore.exe 1096 Internet Explorer Microsoft Corporation
atisvc_dsdshfs.exe 3496
mDNSResponder.exe 560
IAANTmon.exe 884
McProxy.exe 1556
Mcshield.exe 512
MpfSrv.exe 2108
msksrver.exe 2272
svchost.exe 2328
svchost.exe 2444
svchost.exe 2492
SearchIndexer.exe 2524
SearchProtocolHost.exe 5820
SearchFilterHost.exe 332
rundll32.exe 2668 2.31
mcmscsvc.exe 2772
mcsysmon.exe 2188
McNASvc.exe 2200
iPodService.exe 4972
McSACore.exe 5264
lsass.exe 672
lsm.exe 680
csrss.exe 624
winlogon.exe 792
rundll32.exe 2208
explorer.exe 2412 0.77 Windows Explorer Microsoft Corporation
MSASCui.exe 3568 Windows Defender User Interface Microsoft Corporation
Apoint.exe 3616 Alps Pointing-device Driver Alps Electric Co., Ltd.
ApMsgFwd.exe 4376
hidfind.exe 4544 Alps Pointing-device Driver Alps Electric Co., Ltd.
igfxtray.exe 1752 igfxTray Module Intel Corporation
hkcmd.exe 836 hkcmd Module Intel Corporation
igfxpers.exe 3344 persistence Module Intel Corporation
WLTRAY.EXE 2144 Dell Wireless WLAN Card Wireless Network Tray Applet Dell Inc.
quickset.exe 156 QuickSet Dell Inc.
IAAnotif.exe 2904 Event Monitor User Notification Tool Intel Corporation
iTunesHelper.exe 3732 iTunesHelper Apple Inc.
jusched.exe 3796 Java™ Platform SE binary Sun Microsystems, Inc.
sttray.exe 1104 IDT PC Audio IDT, Inc.
McPvTray.exe 1112 McAfee Anti-Theft Tray McAfee
sidebar.exe 1028 Windows Sidebar Microsoft Corporation
procexp.exe 6044 2.31 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
ApntEx.exe 4612 1.54 Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd.
firefox.exe 4768 Firefox Mozilla Corporation

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:48 AM

Posted 06 February 2010 - 09:04 PM

Let's run a more detailed search with Autoruns

Download Autoruns

http://download.sysinternals.com/Files/Autoruns.zip
  • Extract the Autoruns Zip file contents to a folder.
  • Double-click the "Autoruns.exe".
  • Click on the "Everything" tab
  • Remove any entries that mention "File Not Found" by right-clicking the entry and select Delete.
  • Go to File then to Export As.
  • Save AutoRuns.txt file to the desktop.
  • Attach to your next reply.

Posted Image
m0le is a proud member of UNITE

#11 Madkool

Madkool
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 AM

Posted 06 February 2010 - 11:00 PM

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit" "" "" ""
+ "C:\Windows\system32\userinit.exe" "Userinit Logon Application" "Microsoft Corporation" "c:\windows\system32\userinit.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell" "" "" ""
+ "explorer.exe" "Windows Explorer" "Microsoft Corporation" "c:\windows\explorer.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Apoint" "Alps Pointing-device Driver" "Alps Electric Co., Ltd." "c:\program files\delltpad\apoint.exe"
+ "Broadcom Wireless Manager UI" "Dell Wireless WLAN Card Wireless Network Tray Applet" "Dell Inc." "c:\windows\system32\wltray.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IAAnotif" "Event Monitor User Notification Tool" "Intel Corporation" "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "mcagent_exe" "McAfee Integrated Security Platform" "McAfee, Inc." "c:\program files\mcafee.com\agent\mcagent.exe"
+ "McENUI" "EasyNetwork User Interface" "McAfee, Inc." "c:\program files\mcafee\mhn\mcenui.exe"
+ "McPvTray" "McAfee Anti-Theft Tray" "McAfee" "c:\program files\mcafee\anti-theft\mcpvtray.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "QuickSet" "QuickSet" "Dell Inc." "c:\program files\dell\quickset\quickset.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "SunJavaUpdateSched" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jusched.exe"
+ "SysTrayApp" "IDT PC Audio" "IDT, Inc." "c:\program files\idt\wdm\sttray.exe"
+ "Windows Defender" "Windows Defender User Interface" "Microsoft Corporation" "c:\program files\windows defender\msascui.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Sidebar" "Windows Sidebar" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "application/octet-stream" "Microsoft .NET Runtime Execution Engine" "Microsoft Corporation" "c:\windows\system32\mscoree.dll"
+ "application/x-complus" "Microsoft .NET Runtime Execution Engine" "Microsoft Corporation" "c:\windows\system32\mscoree.dll"
+ "application/x-msdownload" "Microsoft .NET Runtime Execution Engine" "Microsoft Corporation" "c:\windows\system32\mscoree.dll"
+ "deflate" "OLE32 Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\urlmon.dll"
+ "gzip" "OLE32 Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\urlmon.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "about" "Microsoft ® HTML Viewer" "Microsoft Corporation" "c:\windows\system32\mshtml.dll"
+ "cdl" "OLE32 Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\urlmon.dll"
+ "dssrequest" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
+ "dvd" "ActiveX control for streaming video" "Microsoft Corporation" "c:\windows\system32\msvidctl.dll"
+ "file" "OLE32 Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\urlmon.dll"
+ "ftp" "OLE32 Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\urlmon.dll"
+ "gopher" "OLE32 Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\urlmon.dll"
+ "http" "OLE32 Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\urlmon.dll"
+ "https" "OLE32 Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\urlmon.dll"
+ "its" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\windows\system32\itss.dll"
+ "javascript" "Microsoft ® HTML Viewer" "Microsoft Corporation" "c:\windows\system32\mshtml.dll"
+ "livecall" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8089.0726.dll"
+ "local" "OLE32 Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\urlmon.dll"
+ "mailto" "Microsoft ® HTML Viewer" "Microsoft Corporation" "c:\windows\system32\mshtml.dll"
+ "mhtml" "Microsoft Internet Messaging API Resources" "Microsoft Corporation" "c:\windows\system32\inetcomm.dll"
+ "mk" "OLE32 Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\urlmon.dll"
+ "ms-its" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\windows\system32\itss.dll"
+ "msnim" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8089.0726.dll"
+ "res" "Microsoft ® HTML Viewer" "Microsoft Corporation" "c:\windows\system32\mshtml.dll"
+ "sacore" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
+ "tv" "ActiveX control for streaming video" "Microsoft Corporation" "c:\windows\system32\msvidctl.dll"
+ "vbscript" "Microsoft ® HTML Viewer" "Microsoft Corporation" "c:\windows\system32\mshtml.dll"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Browser Customizations" "IEAK branding" "Microsoft Corporation" "c:\windows\system32\iedkcs32.dll"
+ "Internet Explorer" "IE Per-User Initialization Utility" "Microsoft Corporation" "c:\windows\system32\ie4uinit.exe"
+ "Internet Explorer" "IE Per-User Initialization Utility" "Microsoft Corporation" "c:\windows\system32\ie4uinit.exe"
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
+ "Microsoft Windows Media Player" "Microsoft Windows Media Player Setup Utility" "Microsoft Corporation" "c:\windows\system32\unregmp2.exe"
+ "Microsoft Windows Media Player" "Microsoft Windows Media Player Setup Utility" "Microsoft Corporation" "c:\windows\system32\unregmp2.exe"
+ "n/a" "Microsoft .NET IE SECURITY REGISTRATION" "Microsoft Corporation" "c:\windows\system32\mscories.dll"
+ "Themes Setup" "Windows Theme API" "Microsoft Corporation" "c:\windows\system32\themeui.dll"
+ "Windows Desktop Update" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler" "" "" ""
+ "Component Categories cache daemon" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "" "" ""
+ "WebCheck" "Web Site Monitor" "Microsoft Corporation" "c:\windows\system32\webcheck.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "BriefcaseMenu" "Windows Briefcase" "Microsoft Corporation" "c:\windows\system32\syncui.dll"
+ "McCtxMenu" "McAfee VirusScan - Context Menu" "McAfee, Inc." "c:\program files\mcafee\virusscan\mcctxmnu.dll"
+ "Open With" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "Open With EncryptionMenu" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "Sharing" "Shell extensions for sharing" "Microsoft Corporation" "c:\windows\system32\ntshrui.dll"
+ "Start Menu Pin" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "CopyAsPathMenu" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "MBAMShlExt" "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "Send To" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EncryptionMenu" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "Sharing" "Shell extensions for sharing" "Microsoft Corporation" "c:\windows\system32\ntshrui.dll"
"HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers" "" "" ""
+ "DfsShell Class" "Distributed File System shell extension" "Microsoft Corporation" "c:\windows\system32\dfsshlex.dll"
+ "Folder Customization Tab" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "MyFolder menu and properties" "My Documents Folder UI" "Microsoft Corporation" "c:\windows\system32\mydocs.dll"
+ "Security Shell Extension" "Security Shell Extension" "Microsoft Corporation" "c:\windows\system32\rshx32.dll"
+ "Sharing" "Shell extensions for sharing" "Microsoft Corporation" "c:\windows\system32\ntshrui.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "FileSystem" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "Sharing" "Shell extensions for sharing" "Microsoft Corporation" "c:\windows\system32\ntshrui.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "BriefcaseMenu" "Windows Briefcase" "Microsoft Corporation" "c:\windows\system32\syncui.dll"
+ "MBAMShlExt" "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "McCtxMenu" "McAfee VirusScan - Context Menu" "McAfee, Inc." "c:\program files\mcafee\virusscan\mcctxmnu.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
+ "New" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "EnhancedStorageShell" "Windows Enhanced Storage Shell Extension" "Microsoft Corporation" "c:\windows\system32\ehstorshell.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" "" "" ""
+ "&Address" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "&Links" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ ".CAB file viewer" "Cabinet File Viewer Shell Extension" "Microsoft Corporation" "c:\windows\system32\cabview.dll"
+ ".contact shell extension handler" "Microsoft ® Contacts DLL" "Microsoft Corporation" "c:\program files\common files\system\wab32.dll"
+ ".cpl, .dll, .exe, .ocx, .rll or .sys files" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ ".fon, .otf, .ttc or .ttf files" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ ".group shell extension handler" "Microsoft ® Contacts DLL" "Microsoft Corporation" "c:\program files\common files\system\wab32.dll"
+ "ActiveX Cache Folder" "Object Control Viewer" "Microsoft Corporation" "c:\windows\system32\occache.dll"
+ "Add New Hardware" "Add Hardware Wizard" "Microsoft Corporation" "c:\windows\system32\hdwwiz.exe"
+ "Address EditBox" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Administrative Tools" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Alphabetical Categorizer" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "Audio Media Properties Handler" "Media Metadata Handler" "Microsoft Corporation" "c:\windows\system32\mediametadatahandler.dll"
+ "AutoPlay" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Backup and Restore Center" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "BandProxy" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Briefcase" "Windows Briefcase" "Microsoft Corporation" "c:\windows\system32\syncui.dll"
+ "Client application shell extension" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "Client Side Cache Namespace Extension" "MSSearch Vista Platform" "Microsoft Corporation" "c:\windows\system32\mssvp.dll"
+ "Code Download Agent" "Web Site Monitor" "Microsoft Corporation" "c:\windows\system32\webcheck.dll"
+ "Color Control Panel Applet" "Microsoft Color Control Panel" "Microsoft Corporation" "c:\windows\system32\colorcpl.exe"
+ "Command Folder" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "Common Places Folder" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Compatibility Property Page" "Compatibility Tab Shell Extension Library" "Microsoft Corporation" "c:\windows\system32\acppage.dll"
+ "Compressed (zipped) Folder" "Compressed (zipped) Folders" "Microsoft Corporation" "c:\windows\system32\zipfldr.dll"
+ "Compressed (zipped) Folder Context Menu" "Compressed (zipped) Folders" "Microsoft Corporation" "c:\windows\system32\zipfldr.dll"
+ "Compressed (zipped) Folder Drop Handler" "Compressed (zipped) Folders" "Microsoft Corporation" "c:\windows\system32\zipfldr.dll"
+ "Compressed (zipped) Folder Right Drag Handler" "Compressed (zipped) Folders" "Microsoft Corporation" "c:\windows\system32\zipfldr.dll"
+ "Compressed (zipped) Folder SendTo Target" "Compressed (zipped) Folders" "Microsoft Corporation" "c:\windows\system32\zipfldr.dll"
+ "Computers and Devices" "Network Explorer" "Microsoft Corporation" "c:\windows\system32\networkexplorer.dll"
+ "contact_wab_auto_file" "Microsoft ® Contacts DLL" "Microsoft Corporation" "c:\program files\common files\system\wab32.dll"
+ "Control Panel" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "Control Panel command object for Start menu" "Windows Control Panel" "Microsoft Corporation" "c:\windows\system32\control.exe"
+ "Crypto PKO Extension" "Crypto Shell Extensions" "Microsoft Corporation" "c:\windows\system32\cryptext.dll"
+ "Crypto Sign Extension" "Crypto Shell Extensions" "Microsoft Corporation" "c:\windows\system32\cryptext.dll"
+ "Custom MRU AutoCompleted List" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Darwin App Publisher" "Shell Application Manager" "Microsoft Corporation" "c:\windows\system32\appwiz.cpl"
+ "Default Programs command object for Start menu" "Windows Control Panel" "Microsoft Corporation" "c:\windows\system32\control.exe"
+ "Desktop Shortcut" "Send Mail" "Microsoft Corporation" "c:\windows\system32\sendmail.dll"
+ "Device Manager" "Device Manager MMC Snapin" "Microsoft Corporation" "c:\windows\system32\devmgr.dll"
+ "DfsShell.DfsShell Property Sheet" "Distributed File System shell extension" "Microsoft Corporation" "c:\windows\system32\dfsshlex.dll"
+ "Directory Context Menu Verbs" "Directory Service Common UI" "Microsoft Corporation" "c:\windows\system32\dsuiext.dll"
+ "Directory Object Find" "Directory Service Find" "Microsoft Corporation" "c:\windows\system32\dsquery.dll"
+ "Directory Property UI" "Directory Service Common UI" "Microsoft Corporation" "c:\windows\system32\dsuiext.dll"
+ "Directory Query UI" "Directory Service Find" "Microsoft Corporation" "c:\windows\system32\dsquery.dll"
+ "Directory Start/Search Find" "Directory Service Find" "Microsoft Corporation" "c:\windows\system32\dsquery.dll"
+ "Disk Copy Extension" "Windows DiskCopy" "Microsoft Corporation" "c:\windows\system32\diskcopy.dll"
+ "Disk Quota UI" "Windows Shell Disk Quota UI DLL" "Microsoft Corporation" "c:\windows\system32\dskquoui.dll"
+ "Display Adapter CPL Extension" "Advanced display adapter properties" "Microsoft Corporation" "c:\windows\system32\deskadp.dll"
+ "Display Monitor CPL Extension" "Advanced display monitor properties" "Microsoft Corporation" "c:\windows\system32\deskmon.dll"
+ "Display TroubleShoot CPL Extension" "Advanced display performance properties" "Microsoft Corporation" "c:\windows\system32\deskperf.dll"
+ "DropTarget Object for Photo Printing Wizard" "Photo Printing Wizard" "Microsoft Corporation" "c:\windows\system32\photowiz.dll"
+ "DS Security Page" "Directory Service Security UI" "Microsoft Corporation" "c:\windows\system32\dssec.dll"
+ "E-mail" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Ease of Access" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "EMDFileProperties" "ReadyBoost Service" "Microsoft Corporation" "c:\windows\system32\emdmgmt.dll"
+ "Enhanced Storage Data Source" "Windows Enhanced Storage Shell Extension" "Microsoft Corporation" "c:\windows\system32\ehstorshell.dll"
+ "Execute Folder" "ExplorerFrame" "Microsoft Corporation" "c:\windows\system32\explorerframe.dll"
+ "Explorer Browser" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "Explorer Navigation Bar" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Explorer Search Band" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Explorer Travel Band" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Extensions Manager Folder" "Extensions Manager" "Microsoft Corporation" "c:\windows\system32\extmgr.dll"
+ "File Backup Index" "Microsoft® Windows Backup Shell Extension" "Microsoft Corporation" "c:\windows\system32\sdshext.dll"
+ "File Open Dialog" "Common Dialogs DLL" "Microsoft Corporation" "c:\windows\system32\comdlg32.dll"
+ "File Save Dialog" "Common Dialogs DLL" "Microsoft Corporation" "c:\windows\system32\comdlg32.dll"
+ "Folder Options" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "Fonts" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "For &People..." "Find People" "Microsoft Corporation" "c:\program files\windows mail\wabfind.dll"
+ "FTP Folders Webview" "Microsoft Internet Explorer FTP Folder Shell Extension" "Microsoft Corporation" "c:\windows\system32\msieftp.dll"
+ "Games Folder" "Games Explorer" "Microsoft Corporation" "c:\windows\system32\gameux.dll"
+ "GameUX.RichGameMediaThumbnail" "Games Explorer" "Microsoft Corporation" "c:\windows\system32\gameux.dll"
+ "Get Programs Online" "Shell Application Manager" "Microsoft Corporation" "c:\windows\system32\appwiz.cpl"
+ "Global Folder Settings" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "group_wab_auto_file" "Microsoft ® Contacts DLL" "Microsoft Corporation" "c:\program files\common files\system\wab32.dll"
+ "Help and Support" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Help and Support" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "History" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "HTML Document" "Microsoft ® HTML Viewer" "Microsoft Corporation" "c:\windows\system32\mshtml.dll"
+ "ICC Profile" "Microsoft Color Control Panel" "Microsoft Corporation" "c:\windows\system32\colorui.dll"
+ "ICM Monitor Management" "Microsoft Color Control Panel" "Microsoft Corporation" "c:\windows\system32\colorui.dll"
+ "ICM Printer Management" "Microsoft Color Control Panel" "Microsoft Corporation" "c:\windows\system32\colorui.dll"
+ "ICM Scanner Management" "Microsoft Color Control Panel" "Microsoft Corporation" "c:\windows\system32\colorui.dll"
+ "IE AutoComplete" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE BandProxy" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Custom MRU AutoCompleted List" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Fade Task" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE IShellFolderBand" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Menu Band" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Menu Desk Bar" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Menu Site" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Microsoft BrowserBand" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Microsoft History AutoComplete List" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Microsoft Multiple AutoComplete List Container" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Microsoft Shell Folder AutoComplete List" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE MRU AutoComplete List" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Navigation Bar" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Registry Tree Options Utility" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE RSS Feeder Folder" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Search Band" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Shell Band Site Menu" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Shell Rebar BandSite" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE Tracking Shell Menu" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IE User Assist" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "IGD Property Sheet Handler" "Internet Gateway Device properties" "Microsoft Corporation" "c:\windows\system32\icsigd.dll"
+ "In-pane search" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Install New Programs" "Shell Application Manager" "Microsoft Corporation" "c:\windows\system32\appwiz.cpl"
+ "Installed Updates" "Shell Application Manager" "Microsoft Corporation" "c:\windows\system32\appwiz.cpl"
+ "Internet" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Internet Name Space" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "InternetShortcut" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "iSCSI Initiator" "Microsoft iSCSI Initiator Configuration Tool" "Microsoft Corporation" "c:\windows\system32\iscsicpl.exe"
+ "iTunes" "iTunes Mini Player DLL" "Apple Inc." "c:\program files\itunes\itunesminiplayer.dll"
+ "Layout Folder" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "Mail Service" "Send Mail" "Microsoft Corporation" "c:\windows\system32\sendmail.dll"
+ "Manage Wireless Networks" "Wireless Preferred Networks" "Microsoft Corporation" "c:\windows\system32\wlanpref.dll"
+ "MAPI Search Namespace Extension" "MSSearch Vista Platform" "Microsoft Corporation" "c:\windows\system32\mssvp.dll"
+ "McAfee Vaults" "McAfee Anti-Theft" "McAfee" "c:\program files\mcafee\anti-theft\mcpvns.dll"
+ "Microsoft Agent Character Property Sheet Handler" "Microsoft Agent Property Sheet Handler" "Microsoft Corporation" "c:\windows\msagent\agentpsh.dll"
+ "Microsoft AutoComplete" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Microsoft Breadcrumb Bar" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Microsoft Browser Architecture" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "Microsoft BrowserBand" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Microsoft CommBand" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Microsoft Data Link" "OLE DB Core Services" "Microsoft Corporation" "c:\program files\common files\system\ole db\oledb32.dll"
+ "Microsoft History AutoComplete List" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Microsoft Internet Toolbar" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Microsoft Multiple AutoComplete List Container" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Microsoft Power Options" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Microsoft Shell Folder AutoComplete List" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Microsoft Url History Service" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "Microsoft Url Search Hook" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "Microsoft Web Browser" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "Microsoft Windows Font File Context Menu Handler" "Windows Font Folder" "Microsoft Corporation" "c:\windows\system32\fontext.dll"
+ "Microsoft Windows Font File Icon Handler" "Windows Font Folder" "Microsoft Corporation" "c:\windows\system32\fontext.dll"
+ "Microsoft Windows Font Folder" "Windows Font Folder" "Microsoft Corporation" "c:\windows\system32\fontext.dll"
+ "Microsoft Windows Font Previewer" "Windows Font Folder" "Microsoft Corporation" "c:\windows\system32\fontext.dll"
+ "Microsoft Windows Mail Html Preview Handler" "Microsoft Internet Messaging API Resources" "Microsoft Corporation" "c:\windows\system32\inetcomm.dll"
+ "Microsoft Windows Mail Html Preview Handler" "Microsoft Internet Messaging API Resources" "Microsoft Corporation" "c:\windows\system32\inetcomm.dll"
+ "Microsoft Windows Mail Html Preview Handler" "Microsoft Internet Messaging API Resources" "Microsoft Corporation" "c:\windows\system32\inetcomm.dll"
+ "Microsoft Windows MAPI Preview Handler" "MSSearch Vista Platform" "Microsoft Corporation" "c:\windows\system32\mssvp.dll"
+ "Microsoft Windows RTF Preview Handler" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "Microsoft XPS Properties" "Package Document Shell Extension Handler" "Microsoft Corporation" "c:\windows\system32\xpsshhdr.dll"
+ "Microsoft XPS Thumbnail" "Package Document Shell Extension Handler" "Microsoft Corporation" "c:\windows\system32\xpsshhdr.dll"
+ "Microsoft.ScannersAndCameras" "Imaging Devices Control Panel" "Microsoft Corporation" "c:\program files\windows photo gallery\imagingdevices.exe"
+ "MMC Icon Handler" "MMC Shell Extension DLL" "Microsoft Corporation" "c:\windows\system32\mmcshext.dll"
+ "Mobility Center Control Panel" "Windows Mobility Center" "Microsoft Corporation" "c:\windows\system32\mblctr.exe"
+ "MRU AutoComplete List" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "MSHTML Document" "Microsoft ® HTML Viewer" "Microsoft Corporation" "c:\windows\system32\mshtml.dll"
+ "MyDocs Drop Target" "My Documents Folder UI" "Microsoft Corporation" "c:\windows\system32\mydocs.dll"
+ "MyDocuments menu and properties" "My Documents Folder UI" "Microsoft Corporation" "c:\windows\system32\mydocs.dll"
+ "MyFolder Properties" "My Documents Folder UI" "Microsoft Corporation" "c:\windows\system32\mydocs.dll"
+ "nethood delegate folder" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Network and Sharing Center" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Network Connections" "Network Connections Shell" "Microsoft Corporation" "c:\windows\system32\netshell.dll"
+ "Network Connections" "Network Connections Shell" "Microsoft Corporation" "c:\windows\system32\netshell.dll"
+ "Network Explorer Property Sheet Handler" "Advanced network device properties" "Microsoft Corporation" "c:\windows\system32\ncdprop.dll"
+ "Network Map" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "New Shortcut Wizard" "Shell Application Manager" "Microsoft Corporation" "c:\windows\system32\appwiz.cpl"
+ "New Shortcut Wizard Modal" "Shell Application Manager" "Microsoft Corporation" "c:\windows\system32\appwiz.cpl"
+ "NTFS Security Page" "Security Shell Extension" "Microsoft Corporation" "c:\windows\system32\rshx32.dll"
+ "Office Document Property Handler" "Microsoft Property System" "Microsoft Corporation" "c:\windows\system32\propsys.dll"
+ "OLE Docfile Property Page" "OLE DocFile Property Page" "Microsoft Corporation" "c:\windows\system32\docprop.dll"
+ "OlePrn.PrinterURL" "Oleprn DLL" "Microsoft Corporation" "c:\windows\system32\oleprn.dll"
+ "Parental Controls" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Performance Information and Tools" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Personalization CPL Provider" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "PhotoAcqDropTarget" "Photo Acquisition" "Microsoft Corporation" "c:\program files\windows photo gallery\photoacq.dll"
+ "PlusPack CPL Extension" "Windows Theme API" "Microsoft Corporation" "c:\windows\system32\themeui.dll"
+ "Portable Devices" "Portable Devices Shell Extension" "Microsoft Corporation" "c:\windows\system32\wpdshext.dll"
+ "Portable Devices Menu" "Portable Devices Shell Extension" "Microsoft Corporation" "c:\windows\system32\wpdshext.dll"
+ "Portable Media Devices" "Portable Media Devices Shell Extension" "Microsoft Corporation" "c:\windows\system32\audiodev.dll"
+ "Print Ordering via the Web" "Windows Shell Web Services" "Microsoft Corporation" "c:\windows\system32\shwebsvc.dll"
+ "Printers Security Page" "Security Shell Extension" "Microsoft Corporation" "c:\windows\system32\rshx32.dll"
+ "printhood delegate folder" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Problem Reports and Solutions" "Problem Reports and Solutions" "Microsoft Corporation" "c:\windows\system32\wercon.exe"
+ "Programs and Features" "Shell Application Manager" "Microsoft Corporation" "c:\windows\system32\appwiz.cpl"
+ "Programs Folder and Fast Items" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "Property Labels" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Public Folder" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Registry Tree Options Utility" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Remote Sessions CPL Extension" "Remote Sessions CPL Extension" "Microsoft Corporation" "c:\windows\system32\remotepg.dll"
+ "RichGameMediaPropertyStore Class" "Games Explorer" "Microsoft Corporation" "c:\windows\system32\gameux.dll"
+ "Run..." "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Search" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Search Band" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Search Control" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Search Execute Command" "ExplorerFrame" "Microsoft Corporation" "c:\windows\system32\explorerframe.dll"
+ "Search Folder" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Search Folders" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "Set Program Access and Defaults" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Set User Defaults" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Shell Band Site Menu" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Shell DeskBarApp" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "Shell DocObject Viewer" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "Shell extensions for Microsoft Windows Network objects" "Network object shell UI" "Microsoft Corporation" "c:\windows\system32\ntlanui2.dll"
+ "Shell extensions for sharing" "Shell extensions for sharing" "Microsoft Corporation" "c:\windows\system32\ntshrui.dll"
+ "Shell extensions for sharing" "Shell extensions for sharing" "Microsoft Corporation" "c:\windows\system32\ntshrui.dll"
+ "Shell extensions for Windows Script Host" "Microsoft ® Shell Extension for Windows Script Host" "Microsoft Corporation" "c:\windows\system32\wshext.dll"
+ "Shell Icon Handler for Application References" "Application Deployment Support Library" "Microsoft Corporation" "c:\windows\system32\dfshim.dll"
+ "Shell Message Handler" "Microsoft Internet Messaging API Resources" "Microsoft Corporation" "c:\windows\system32\inetcomm.dll"
+ "Shell properties for a DS object" "Directory Service Find" "Microsoft Corporation" "c:\windows\system32\dsquery.dll"
+ "Shell Publishing Wizard Object" "Windows Shell Web Services" "Microsoft Corporation" "c:\windows\system32\shwebsvc.dll"
+ "Shell Rebar BandSite" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "ShellLink for Application References" "Application Deployment Support Library" "Microsoft Corporation" "c:\windows\system32\dfshim.dll"
+ "Shortcut" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "Show Desktop" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Speech Recognition Options" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Start Menu OEM Command" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Subscription Folder" "Web Site Monitor" "Microsoft Corporation" "c:\windows\system32\webcheck.dll"
+ "Subscription Mgr" "Web Site Monitor" "Microsoft Corporation" "c:\windows\system32\webcheck.dll"
+ "Summary Info Thumbnail handler (DOCFILES)" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "Sync Center Conflict Delegate Folder" "Microsoft Sync Center" "Microsoft Corporation" "c:\windows\system32\synccenter.dll"
+ "Sync Center Conflict Folder" "Microsoft Sync Center" "Microsoft Corporation" "c:\windows\system32\synccenter.dll"
+ "Sync Center Conflict Properties Extension" "Microsoft Sync Center" "Microsoft Corporation" "c:\windows\system32\synccenter.dll"
+ "Sync Center Device Notification Sink" "Microsoft Sync Center" "Microsoft Corporation" "c:\windows\system32\synccenter.dll"
+ "Sync Center Event Properties Extension" "Microsoft Sync Center" "Microsoft Corporation" "c:\windows\system32\synccenter.dll"
+ "Sync Center Folder" "Microsoft Sync Center" "Microsoft Corporation" "c:\windows\system32\synccenter.dll"
+ "Sync Center Handler Properties Extension" "Microsoft Sync Center" "Microsoft Corporation" "c:\windows\system32\synccenter.dll"
+ "Sync Center Item Properties Extension" "Microsoft Sync Center" "Microsoft Corporation" "c:\windows\system32\synccenter.dll"
+ "Sync Center Simple Conflict Presenter" "Microsoft Sync Center" "Microsoft Corporation" "c:\windows\system32\synccenter.dll"
+ "Sync Results Delegate Folder" "Microsoft Sync Center" "Microsoft Corporation" "c:\windows\system32\synccenter.dll"
+ "Sync Results Folder" "Microsoft Sync Center" "Microsoft Corporation" "c:\windows\system32\synccenter.dll"
+ "Sync Setup Delegate Folder" "Microsoft Sync Center" "Microsoft Corporation" "c:\windows\system32\synccenter.dll"
+ "Sync Setup Folder" "Microsoft Sync Center" "Microsoft Corporation" "c:\windows\system32\synccenter.dll"
+ "System" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Taskbar and Start Menu" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "Temporary Internet Files" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "Temporary Internet Files" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "The Internet" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
+ "Touch Band" "Microsoft Tablet PC Touch Input Component" "Microsoft Corporation" "c:\windows\system32\touchx.dll"
+ "Tree property value folder" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "User Accounts" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "User Accounts" "Advanced User Accounts Control Panel" "Microsoft Corporation" "c:\windows\system32\netplwiz.exe"
+ "User Assist" "Shell Browser UI Library" "Microsoft Corporation" "c:\windows\system32\browseui.dll"
+ "users files delegate folder" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Video Media Properties Handler" "Media Metadata Handler" "Microsoft Corporation" "c:\windows\system32\mediametadatahandler.dll"
+ "Video Thumbnail Extractor" "Media Metadata Handler" "Microsoft Corporation" "c:\windows\system32\mediametadatahandler.dll"
+ "View Available Networks" "View Available Networks" "Microsoft Corporation" "c:\windows\system32\van.dll"
+ "Web Printer Shell Extension" "Printer Settings User Interface" "Microsoft Corporation" "c:\windows\system32\printui.dll"
+ "Web Publishing Wizard" "Windows Shell Web Services" "Microsoft Corporation" "c:\windows\system32\shwebsvc.dll"
+ "WebCheck" "Web Site Monitor" "Microsoft Corporation" "c:\windows\system32\webcheck.dll"
+ "WebCheck SyncMgr Handler" "Web Site Monitor" "Microsoft Corporation" "c:\windows\system32\webcheck.dll"
+ "WebCheckWebCrawler" "Web Site Monitor" "Microsoft Corporation" "c:\windows\system32\webcheck.dll"
+ "Welcome Center" "Welcome Center" "Microsoft Corporation" "c:\windows\system32\oobefldr.dll"
+ "Window Switcher" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Window TXT Preview Handler" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "Windows Anytime Upgrade" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
+ "Windows Contact Preview Handler" "Microsoft ® Contacts DLL" "Microsoft Corporation" "c:\program files\common files\system\wab32.dll"
+ "Windows Defender" "Windows Defender User Interface" "Microsoft Corporation" "c:\program files\windows defender\msascui.exe"
+ "Windows Defender IOfficeAntiVirus implementation" "IOfficeAntiVirus Module" "Microsoft Corporation" "c:\program files\windows defender\mpoav.dll"
+ "Windows Features" "Windows Features" "Microsoft Corporation" "c:\windows\system32\optionalfeatures.exe"
+ "Windows Firewall" "Windows Firewall Control Panel" "Microsoft Corporation" "c:\windows\system32\firewallcontrolpanel.exe"
+ "Windows gadget DropTarget" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "Windows Media Player" "Windows Media Player Deskband" "Microsoft Corporation" "c:\program files\windows media player\wmpband.dll"
+ "Windows Media Player Add to Playlist Context Menu Handler" "Windows Media Player Launcher" "Microsoft Corporation" "c:\windows\system32\wmpshell.dll"
+ "Windows Media Player Burn Audio CD Context Menu Handler" "Windows Media Player Launcher" "Microsoft Corporation" "c:\windows\system32\wmpshell.dll"
+ "Windows Media Player Play as Playlist Context Menu Handler" "Windows Media Player Launcher" "Microsoft Corporation" "c:\windows\system32\wmpshell.dll"
+ "Windows Media Player Play as Playlist Context Menu Handler" "Windows Media Player Launcher" "Microsoft Corporation" "c:\windows\system32\wmpshell.dll"
+ "Windows Media Player Shop Music Context Menu Handler" "Windows Media Player Launcher" "Microsoft Corporation" "c:\windows\system32\wmpshell.dll"
+ "Windows Photo Gallery Viewer Image Verbs" "Windows Photo Gallery" "Microsoft Corporation" "c:\program files\windows photo gallery\photoviewer.dll"
+ "Windows Photo Gallery Viewer Video Verbs" "Windows Photo Gallery" "Microsoft Corporation" "c:\program files\windows photo gallery\photoviewer.dll"
+ "Windows Sidebar Properties" "Windows Sidebar" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "Wireless Devices" "Function Discovery Folder" "Microsoft Corporation" "c:\windows\system32\functiondiscoveryfolder.dll"
+ "WPL property store" "Shell Doc Object and Control Library" "Microsoft Corporation" "c:\windows\system32\shdocvw.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "McAfee Phishing Filter" "" "" "c:\program files\mcafee\msk\mskapbho.dll"
+ "McAfee SiteAdvisor BHO" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
+ "scriptproxy" "VSCore Script Scanner" "McAfee, Inc." "c:\program files\mcafee\virusscan\scriptsn.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" ""
+ "Microsoft Url Search Hook" "Internet Explorer" "Microsoft Corporation" "c:\windows\system32\ieframe.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "McAfee SiteAdvisor" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "\Launch BCM WLAN Tray" "Dell Wireless WLAN Card Wireless Network Tray Applet" "Dell Inc." "c:\windows\system32\wltray.exe"
+ "\McDefragTask" "QuickClean Console Application" "McAfee, Inc." "c:\program files\mcafee\mqc\qcconsol.exe"
+ "\McQcTask" "QuickClean Console Application" "McAfee, Inc." "c:\program files\mcafee\mqc\qcconsol.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Windows Defender Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
X "\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)" "Windows Rights Management client" "Microsoft Corporation" "c:\windows\system32\msdrm.dll"
+ "\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)" "Windows Rights Management client" "Microsoft Corporation" "c:\windows\system32\msdrm.dll"
+ "\Microsoft\Windows\Bluetooth\UninstallDeviceTask" "Bluetooth Uninstall Device Task" "Microsoft Corporation" "c:\windows\system32\bthudtask.exe"
+ "\Microsoft\Windows\CertificateServicesClient\SystemTask" "DIMS Job DLL" "Microsoft Corporation" "c:\windows\system32\dimsjob.dll"
+ "\Microsoft\Windows\CertificateServicesClient\UserTask" "DIMS Job DLL" "Microsoft Corporation" "c:\windows\system32\dimsjob.dll"
+ "\Microsoft\Windows\CertificateServicesClient\UserTask-Roam" "DIMS Job DLL" "Microsoft Corporation" "c:\windows\system32\dimsjob.dll"
+ "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" "Windows SQM Consolidator" "Microsoft Corporation" "c:\windows\system32\wsqmcons.exe"
+ "\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification" "Windows SQM Consolidator" "Microsoft Corporation" "c:\windows\system32\wsqmcons.exe"
+ "\Microsoft\Windows\Defrag\ScheduledDefrag" "Disk Defragmenter Module" "Microsoft Corp." "c:\windows\system32\defrag.exe"
+ "\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" "Windows Disk Failure Diagnostic Module" "Microsoft Corporation" "c:\windows\system32\dfdts.dll"
X "\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver" "Windows Disk Diagnostic User Resolver" "Microsoft Corporation" "c:\windows\system32\dfdwiz.exe"
+ "\Microsoft\Windows\MobilePC\HotStart" "Microsoft Windows HotStart User Agent" "Microsoft Corporation" "c:\windows\system32\hotstartuseragent.dll"
+ "\Microsoft\Windows\MobilePC\TMM" "Microsoft Transient Multi-Monitor Manager" "Microsoft Corporation" "c:\windows\system32\tmm.dll"
+ "\Microsoft\Windows\MUI\LPRemove" "MUI Language pack cleanup" "Microsoft Corporation" "c:\windows\system32\lpremove.exe"
+ "\Microsoft\Windows\Multimedia\SystemSoundsService" "PlaySound Service" "Microsoft Corporation" "c:\windows\system32\playsndsrv.dll"
+ "\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI" "Quarantine Agent Proxy" "Microsoft Corporation" "c:\windows\system32\qagent.dll"
+ "\Microsoft\Windows\PLA\System\ConvertLogEntries" "Performance Logs & Alerts" "Microsoft Corporation" "c:\windows\system32\pla.dll"
+ "\Microsoft\Windows\RAC\RACAgent" "Reliability analysis metrics calculation executable" "Microsoft Corporation" "c:\windows\system32\racagent.exe"
+ "\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask" "Windows Remote Assistance COM Server" "Microsoft Corporation" "c:\windows\system32\raserver.exe"
+ "\Microsoft\Windows\Shell\CrawlStartPages" "Indexing Options" "Microsoft Corporation" "c:\windows\system32\srchadmin.dll"
+ "\Microsoft\Windows\SystemRestore\SR" "Microsoft® Windows System Protection Configuration Library" "Microsoft Corporation" "c:\windows\system32\srrstr.dll"
+ "\Microsoft\Windows\Tcpip\IpAddressConflict1" "Network Diagnostic Framework Client API" "Microsoft Corporation" "c:\windows\system32\ndfapi.dll"
+ "\Microsoft\Windows\Tcpip\IpAddressConflict2" "Network Diagnostic Framework Client API" "Microsoft Corporation" "c:\windows\system32\ndfapi.dll"
+ "\Microsoft\Windows\Tcpip\WSHReset" "Network Command Shell" "Microsoft Corporation" "c:\windows\system32\netsh.exe"
+ "\Microsoft\Windows\Tcpip\WSHReset" "Manages scheduled tasks" "Microsoft Corporation" "c:\windows\system32\schtasks.exe"
+ "\Microsoft\Windows\TextServicesFramework\MsCtfMonitor" "MsCtfMonitor DLL" "Microsoft Corporation" "c:\windows\system32\msctfmonitor.dll"
+ "\Microsoft\Windows\UPnP\UPnPHostConfig" "A tool to aid in developing services for WindowsNT" "Microsoft Corporation" "c:\windows\system32\sc.exe"
+ "\Microsoft\Windows\WDI\ResolutionHost" "Windows Diagnostic Infrastructure" "Microsoft Corporation" "c:\windows\system32\wdi.dll"
+ "\Microsoft\Windows\Windows Error Reporting\QueueReporting" "Windows Problem Reporting" "Microsoft Corporation" "c:\windows\system32\wermgr.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AeLookupSvc" "Processes application compatibility cache requests for applications as they are launched" "Microsoft Corporation" "c:\windows\system32\aelupsvc.dll"
+ "AESTFilters" "Andrea filters APO access service (32-bit)" "Andrea Electronics Corporation" "c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\aestsrv.exe"
+ "ALG" "Provides support for 3rd party protocol plug-ins for Internet Connection Sharing" "Microsoft Corporation" "c:\windows\system32\alg.exe"
+ "Appinfo" "Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks." "Microsoft Corporation" "c:\windows\system32\appinfo.dll"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"
+ "atisvc_dsdshfs" "" "" "c:\windows\system32\kfcxufx\atisvc_dsdshfs.exe"
+ "AudioEndpointBuilder" "Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start" "Microsoft Corporation" "c:\windows\system32\audiosrv.dll"
+ "Audiosrv" "Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start" "Microsoft Corporation" "c:\windows\system32\audiosrv.dll"
+ "BFE" "The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications." "Microsoft Corporation" "c:\windows\system32\bfe.dll"
+ "BITS" "Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information." "Microsoft Corporation" "c:\windows\system32\qmgr.dll"
+ "Bonjour Service" "Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network. Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour, any network service that explicitly depends on it will fail to start." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "Browser" "Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\browser.dll"
+ "CertPropSvc" "Propagates certificates from smart cards." "Microsoft Corporation" "c:\windows\system32\certprop.dll"
+ "clr_optimization_v2.0.50727_32" "Microsoft .NET Framework NGEN" "Microsoft Corporation" "c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe"
+ "COMSysApp" "Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\dllhost.exe"
+ "CryptSvc" "Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\cryptsvc.dll"
+ "DcomLaunch" "Provides launch functionality for DCOM services." "Microsoft Corporation" "c:\windows\system32\rpcss.dll"
+ "DFSR" "Enables you to synchronize folders on multiple servers across local or wide area network (WAN) network connections. This service uses the Remote Differential Compression (RDC) protocol to update only the portions of files that have changed since the last replication." "Microsoft Corporation" "c:\windows\system32\dfsr.exe"
+ "Dhcp" "Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\dhcpcsvc.dll"
+ "Dnscache" "The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\dnsrslvr.dll"
+ "dot3svc" "This service performs IEEE 802.1X authentication on Ethernet interfaces" "Microsoft Corporation" "c:\windows\system32\dot3svc.dll"
+ "DPS" "The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\dps.dll"
+ "EapHost" "The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication." "Microsoft Corporation" "c:\windows\system32\eapsvc.dll"
+ "EMDMgmt" "Provides support for improving system performance using ReadyBoost." "Microsoft Corporation" "c:\windows\system32\emdmgmt.dll"
+ "Eventlog" "This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system." "Microsoft Corporation" "c:\windows\system32\wevtsvc.dll"
+ "EventSystem" "Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\es.dll"
+ "fdPHost" "Host process for Function Discovery providers." "Microsoft Corporation" "c:\windows\system32\fdphost.dll"
+ "FDResPub" "Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network." "Microsoft Corporation" "c:\windows\system32\fdrespub.dll"
+ "FontCache" "Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance." "Microsoft Corporation" "c:\windows\system32\fntcache.dll"
+ "FontCache3.0.0.0" "Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications." "Microsoft Corporation" "c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe"
+ "gpsvc" "The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is stopped or disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is stopped or disabled." "Microsoft Corporation" "c:\windows\system32\gpsvc.dll"
+ "hidserv" "Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\hidserv.dll"
+ "hkmsvc" "Provides X.509 certificate and key management services for the Network Access Protection Agent (NAPAgent). Enforcement technologies that use X.509 certificates may not function properly without this service" "Microsoft Corporation" "c:\windows\system32\kmsvc.dll"
+ "IAANTMON" "RAID Monitor" "Intel Corporation" "c:\program files\intel\intel matrix storage manager\iaantmon.exe"
+ "idsvc" "Securely enables the creation, management, and disclosure of digital identities." "Microsoft Corporation" "c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe"
+ "IKEEXT" "The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running." "Microsoft Corporation" "c:\windows\system32\ikeext.dll"
+ "IPBusEnum" "The PnP-X bus enumerator service manages the virtual network bus. It discovers network connected devices using the SSDP/WS discovery protocols and gives them presence in PnP. If this service is stopped or disabled, presence of NCD devices will not be maintained in PnP. All pnpx based scenarios will stop functioning." "Microsoft Corporation" "c:\windows\system32\ipbusenum.dll"
+ "iphlpsvc" "Provides automatic IPv6 connectivity over an IPv4 network. If this service is stopped, the machine will only have IPv6 connectivity if it is connected to a native IPv6 network." "Microsoft Corporation" "c:\windows\system32\iphlpsvc.dll"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "KeyIso" "The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements." "Microsoft Corporation" "c:\windows\system32\lsass.exe"
+ "KtmRm" "Coordinates transactions between MSDTC and the Kernel Transaction Manager (KTM)." "Microsoft Corporation" "c:\windows\system32\msdtckrm.dll"
+ "LanmanServer" "Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\srvsvc.dll"
+ "LanmanWorkstation" "Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\wkssvc.dll"
+ "lltdsvc" "Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly." "Microsoft Corporation" "c:\windows\system32\lltdsvc.dll"
+ "lmhosts" "Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\lmhsvc.dll"
+ "McAfee SiteAdvisor Service" "Provides low-level support for McAfee SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcsacore.exe"
+ "mcmscsvc" "McAfee Services" "McAfee, Inc." "c:\program files\mcafee\msc\mcmscsvc.exe"
+ "McNASvc" "Allows McAfee applications to communicate securely on the local network." "McAfee, Inc." "c:\program files\common files\mcafee\mna\mcnasvc.exe"
+ "McODS" "McAfee Scanner" "McAfee, Inc." "c:\program files\mcafee\virusscan\mcods.exe"
+ "McProxy" "McAfee Proxy Service" "McAfee, Inc." "c:\program files\common files\mcafee\mcproxy\mcproxy.exe"
+ "McShield" "Scans files for viruses and other threats when they are accessed by this computer." "McAfee, Inc." "c:\program files\mcafee\virusscan\mcshield.exe"
+ "McSysmon" "Monitors potentially unauthorized changes to this computer." "McAfee, Inc." "c:\program files\mcafee\virusscan\mcsysmon.exe"
+ "MMCSS" "Enables relative prioritization of work based on system-wide task priorities. This is intended mainly for multimedia applications. If this service is stopped, individual tasks resort to their default priority." "Microsoft Corporation" "c:\windows\system32\mmcss.dll"
+ "MpfService" "Helps protect your computer from intrusion and let's you manage your computer's trusted programs." "McAfee, Inc." "c:\program files\mcafee\mpf\mpfsrv.exe"
+ "MpsSvc" "Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network." "Microsoft Corporation" "c:\windows\system32\mpssvc.dll"
+ "MSDTC" "Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. " "Microsoft Corporation" "c:\windows\system32\msdtc.exe"
+ "MSiSCSI" "Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\iscsiexe.dll"
+ "msiserver" "Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\msiexec.exe"
+ "MSK80Service" "This service filters e-mail messages on your computer" "McAfee, Inc." "c:\program files\mcafee\msk\msksrver.exe"
+ "napagent" "Enables Network Access Protection (NAP) functionality on client computers" "Microsoft Corporation" "c:\windows\system32\qagentrt.dll"
+ "Netlogon" "Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\lsass.exe"
+ "Netman" "Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections." "Microsoft Corporation" "c:\windows\system32\netman.dll"
+ "netprofm" "Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change." "Microsoft Corporation" "c:\windows\system32\netprofm.dll"
+ "NlaSvc" "Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\nlasvc.dll"
+ "nsi" "This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start." "Microsoft Corporation" "c:\windows\system32\nsisvc.dll"
+ "p2pimsvc" "Provides Identity service for Peer Networking" "Microsoft Corporation" "c:\windows\system32\p2psvc.dll"
+ "p2psvc" "Provides Peer Networking Grouping services" "Microsoft Corporation" "c:\windows\system32\p2psvc.dll"
+ "PcaSvc" "Provides support for the Program Compatibility Assistant. If this service is stopped, the Program Compatibility Assistant will not function properly. If this service is disabled, any services that depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\pcasvc.dll"
+ "pla" "Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\pla.dll"
+ "PlugPlay" "Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability." "Microsoft Corporation" "c:\windows\system32\umpnpmgr.dll"
+ "PNRPAutoReg" "This service publishes a machine name using the Peer Name Resolution Protocol. Configuration is managed via the netsh context 'p2p pnrp peer' " "Microsoft Corporation" "c:\windows\system32\p2psvc.dll"
+ "PNRPsvc" "Enables Serverless Peer Name Resolution over the Internet. If disabled, some Peer to Peer and Collaborative applications, such as Windows Meetings, may not function" "Microsoft Corporation" "c:\windows\system32\p2psvc.dll"
+ "PolicyAgent" "Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool "netsh ipsec". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Firewall is not available when this service is stopped." "Microsoft Corporation" "c:\windows\system32\ipsecsvc.dll"
+ "ProfSvc" "This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully logon or logoff, applications may have problems getting to users' data, and components registered to receive profile event notifications will not receive them." "Microsoft Corporation" "c:\windows\system32\profsvc.dll"
+ "ProtectedStorage" "Provides protected storage for sensitive data, such as passwords, to prevent access by unauthorized services, processes, or users." "Microsoft Corporation" "c:\windows\system32\lsass.exe"
+ "QWAVE" "Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization." "Microsoft Corporation" "c:\windows\system32\qwave.dll"
+ "RasAuto" "Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address." "Microsoft Corporation" "c:\windows\system32\rasauto.dll"
+ "RasMan" "Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\rasmans.dll"
+ "RemoteRegistry" "Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\regsvc.dll"
+ "RpcLocator" "Manages the RPC name service database." "Microsoft Corporation" "c:\windows\system32\locator.exe"
+ "RpcSs" "Serves as the endpoint mapper and COM Service Control Manager. If this service is stopped or disabled, programs using COM or Remote Procedure Call (RPC) services will not function properly." "Microsoft Corporation" "c:\windows\system32\rpcss.dll"
+ "SamSs" "The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled." "Microsoft Corporation" "c:\windows\system32\lsass.exe"
+ "SCardSvr" "Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\scardsvr.dll"
+ "Schedule" "Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\schedsvc.dll"
+ "SCPolicySvc" "Allows the system to be configured to lock the user desktop upon smart card removal." "Microsoft Corporation" "c:\windows\system32\certprop.dll"
+ "SDRSVC" "Provides Windows Backup and Restore capabilities." "Microsoft Corporation" "c:\windows\system32\sdrsvc.dll"
+ "seclogon" "Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\seclogon.dll"
+ "SENS" "Monitors system events and notifies subscribers to COM+ Event System of these events." "Microsoft Corporation" "c:\windows\system32\sens.dll"
+ "SessionEnv" "Terminal Services Configuration service (TSCS) is responsible for all Terminal Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, TS themes, and TS certificates." "Microsoft Corporation" "c:\windows\system32\sessenv.dll"
+ "ShellHWDetection" "Provides notifications for AutoPlay hardware events." "Microsoft Corporation" "c:\windows\system32\shsvcs.dll"
+ "slsvc" "Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode." "Microsoft Corporation" "c:\windows\system32\slsvc.exe"
+ "SLUINotify" "Provides Software Licensing activation and notification" "Microsoft Corporation" "c:\windows\system32\sluinotify.dll"
+ "SNMPTRAP" "Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\snmptrap.exe"
+ "Spooler" "Loads files to memory for later printing" "Microsoft Corporation" "c:\windows\system32\spoolsv.exe"
+ "SSDPSRV" "Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\ssdpsrv.dll"
+ "SstpSvc" "Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers." "Microsoft Corporation" "c:\windows\system32\sstpsvc.dll"
+ "STacSV" "Manages audio jack configurations." "IDT, Inc." "c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\stacsv.exe"
+ "stisvc" "Provides image acquisition services for scanners and cameras" "Microsoft Corporation" "c:\windows\system32\wiaservc.dll"
+ "swprv" "Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\swprv.dll"
+ "SysMain" "Maintains and improves system performance over time." "Microsoft Corporation" "c:\windows\system32\sysmain.dll"
+ "TabletInputService" "Enables Tablet PC pen and ink functionality" "Microsoft Corporation" "c:\windows\system32\tabsvc.dll"
+ "TapiSrv" "Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service." "Microsoft Corporation" "c:\windows\system32\tapisrv.dll"
+ "TBS" "Enables access to the Trusted Platform Module (TPM), which provides hardware-based cryptographic services to system components and applications. If this service is stopped or disabled, applications will be unable to use keys protected by the TPM." "Microsoft Corporation" "c:\windows\system32\tbssvc.dll"
+ "TermService" "Allows users to connect interactively to a remote computer. Remote Desktop and Terminal Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item." "Microsoft Corporation" "c:\windows\system32\termsrv.dll"
+ "Themes" "Provides user experience theme management." "Microsoft Corporation" "c:\windows\system32\shsvcs.dll"
+ "THREADORDER" "Provides ordered execution for a group of threads within a specific period of time." "Microsoft Corporation" "c:\windows\system32\mmcss.dll"
+ "TrkWks" "Maintains links between NTFS files within a computer or across computers in a network." "Microsoft Corporation" "c:\windows\system32\trkwks.dll"
+ "TrustedInstaller" "Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer." "Microsoft Corporation" "c:\windows\servicing\trustedinstaller.exe"
+ "UI0Detect" "Enables user notification of user input for interactive services, which enables access to dialogs created by interactive services when they appear. If this service is stopped, notifications of new interactive service dialogs will no longer function and there may no longer be access to interactive service dialogs. If this service is disabled, both notifications of and access to new interactive service dialogs will no longer function." "Microsoft Corporation" "c:\windows\system32\ui0detect.exe"
+ "upnphost" "Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\upnphost.dll"
+ "UxSms" "Provides Desktop Window Manager startup and maintenance services" "Microsoft Corporation" "c:\windows\system32\uxsms.dll"
+ "vds" "Provides management services for disks, volumes, file systems, and storage arrays." "Microsoft Corporation" "c:\windows\system32\vds.exe"
+ "VSS" "Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\vssvc.exe"
+ "W32Time" "Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\w32time.dll"
+ "wcncsvc" "Act as a Registrar, issues network credential to Enrollee. If this service is disabled, the Windows Connect Now - Config Registrar will not function properly." "Microsoft Corporation" "c:\windows\system32\wcncsvc.dll"
+ "WcsPlugInService" "The WcsPlugInService service hosts third-party Windows Color System color device model and gamut map model plug-in modules. These plug-in modules are vendor-specific extensions to the Windows Color System baseline color device and gamut map models. Stopping or disabling the WcsPlugInService service will disable this extensibility feature, and the Windows Color System will use its baseline model processing rather than the vendor's desired processing. This might result in inaccurate color rendering." "Microsoft Corporation" "c:\windows\system32\wcspluginservice.dll"
+ "WdiServiceHost" "The Diagnostic Service Host service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, some diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\wdi.dll"
+ "WdiSystemHost" "The Diagnostic System Host service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, some diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\wdi.dll"
+ "WebClient" "Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\webclnt.dll"
+ "Wecsvc" "This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted." "Microsoft Corporation" "c:\windows\system32\wecsvc.dll"
+ "wercplsupport" "This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel." "Microsoft Corporation" "c:\windows\system32\wercplsupport.dll"
+ "WerSvc" "Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed." "Microsoft Corporation" "c:\windows\system32\wersvc.dll"
+ "WinDefend" "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions." "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WinHttpAutoProxySvc" "WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol." "Microsoft Corporation" "c:\windows\system32\winhttp.dll"
+ "Winmgmt" "Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\wbem\wmisvc.dll"
+ "WinRM" "Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix." "Microsoft Corporation" "c:\windows\system32\wsmsvc.dll"
+ "Wlansvc" "This service enumerates WLAN adapters, manages WLAN connections and profiles." "Microsoft Corporation" "c:\windows\system32\wlansvc.dll"
+ "wltrysvc" "Provides automatic configuration for the 802.11 adapter using the Broadcom supplicant." "" "c:\windows\system32\wltrysvc.exe"
+ "wmiApSrv" "Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated." "Microsoft Corporation" "c:\windows\system32\wbem\wmiapsrv.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "WPCSvc" "This service enables Windows Parental Controls on the system. If this service is not running, Parental controls will not work." "Microsoft Corporation" "c:\windows\system32\wpcsvc.dll"
+ "WPDBusEnum" "Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices." "Microsoft Corporation" "c:\windows\system32\wpdbusenum.dll"
+ "wscsvc" "Monitors system security settings and configurations." "Microsoft Corporation" "c:\windows\system32\wscsvc.dll"
+ "WSearch" "Provides content indexing and property caching for file, email and other content (via extensibility APIs). The service responds to file and email notifications to index modified content. If the service is stopped or disabled, the Explorer will not be able to display virtual folder views of items, and search in the Explorer will fall back to item-by-item slow search." "Microsoft Corporation" "c:\windows\system32\searchindexer.exe"
+ "wuauserv" "Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API." "Microsoft Corporation" "c:\windows\system32\wuaueng.dll"
+ "wudfsvc" "Manages user-mode driver host processes" "Microsoft Corporation" "c:\windows\system32\wudfsvc.dll"
+ "yksvc" "Service for Marvell® Yukon® Network Adapters" "Marvell" "c:\windows\system32\ykx32coinst.dll"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ACPI" "ACPI Driver for NT" "Microsoft Corporation" "c:\windows\system32\drivers\acpi.sys"
+ "AFD" "Ancilliary Function Driver for Winsock" "Microsoft Corporation" "c:\windows\system32\drivers\afd.sys"
+ "agp440" "440 NT AGP Filter" "Microsoft Corporation" "c:\windows\system32\drivers\agp440.sys"
+ "amdagp" "AMD NT AGP Filter" "Microsoft Corporation" "c:\windows\system32\drivers\amdagp.sys"
+ "ApfiltrService" "Alps Touch Pad Driver" "Alps Electric Co., Ltd." "c:\windows\system32\drivers\apfiltr.sys"
+ "AsyncMac" "RAS Asynchronous Media Driver" "Microsoft Corporation" "c:\windows\system32\drivers\asyncmac.sys"
+ "BCM42RLY" "Broadcom iLine10™ PCI Network Adapter Proxy Protocol Driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcm42rly.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl6.sys"
+ "Beep" "BEEP Driver" "Microsoft Corporation" "c:\windows\system32\drivers\beep.sys"
+ "bowser" "Implements the datagram receiver for the computer browser browser service." "Microsoft Corporation" "c:\windows\system32\drivers\bowser.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cdrom" "SCSI CD-ROM Driver" "Microsoft Corporation" "c:\windows\system32\drivers\cdrom.sys"
+ "CLFS" "Common Log (CLFS)" "Microsoft Corporation" "c:\windows\system32\clfs.sys"
+ "CmBatt" "Control Method Battery Driver" "Microsoft Corporation" "c:\windows\system32\drivers\cmbatt.sys"
+ "Compbatt" "Composite Battery Driver" "Microsoft Corporation" "c:\windows\system32\drivers\compbatt.sys"
+ "crcdisk" "Disk Block Verification Filter Driver" "Microsoft Corporation" "c:\windows\system32\drivers\crcdisk.sys"
+ "DfsC" "Client driver for access to DFS Namespaces" "Microsoft Corporation" "c:\windows\system32\drivers\dfsc.sys"
+ "disk" "PnP Disk Driver" "Microsoft Corporation" "c:\windows\system32\drivers\disk.sys"
+ "drmkaud" "Microsoft Kernel DRM Audio Descrambler Filter" "Microsoft Corporation" "c:\windows\system32\drivers\drmkaud.sys"
+ "DXGKrnl" "Controls the underlying video driver stacks to provide fully-featured display capabilities." "Microsoft Corporation" "c:\windows\system32\drivers\dxgkrnl.sys"
+ "e1express" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1e6032.sys"
+ "E1G60" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g60i32.sys"
+ "Ecache" "ReadyBoost Caching Driver" "Microsoft Corporation" "c:\windows\system32\drivers\ecache.sys"
+ "exfat" "exFAT File System Driver" "Microsoft Corporation" "c:\windows\system32\drivers\exfat.sys"
+ "fastfat" "Note - dependance on CDROM.SYS only if required to read/write DVD-RAM media (which appears as CD class device). (Core) (All pieces)" "Microsoft Corporation" "c:\windows\system32\drivers\fastfat.sys"
+ "FileInfo" "Collects information about files in memory to be consumed by other system services." "Microsoft Corporation" "c:\windows\system32\drivers\fileinfo.sys"
+ "Filetrace" "ETW File Trace Filter" "Microsoft Corporation" "c:\windows\system32\drivers\filetrace.sys"
+ "FltMgr" "File System Filter Manager Driver" "Microsoft Corporation" "c:\windows\system32\drivers\fltmgr.sys"
+ "gagp30kx" "MS Generic AGPv3.0 Filter for K8/9 Processor Platforms" "Microsoft Corporation" "c:\windows\system32\drivers\gagp30kx.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "HDAudBus" "High Definition Audio Bus Driver" "Microsoft Corporation" "c:\windows\system32\drivers\hdaudbus.sys"
+ "HTTP" "This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start." "Microsoft Corporation" "c:\windows\system32\drivers\http.sys"
+ "i8042prt" "i8042 Port Driver" "Microsoft Corporation" "c:\windows\system32\drivers\i8042prt.sys"
+ "iaStor" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd32.sys"
+ "intelppm" "Processor Device Driver" "Microsoft Corporation" "c:\windows\system32\drivers\intelppm.sys"
+ "IpFilterDriver" "IP Traffic Filter Driver" "Microsoft Corporation" "c:\windows\system32\drivers\ipfltdrv.sys"
+ "IpInIp" "IP in IP Tunnel Driver" "" "File not found: system32\DRIVERS\ipinip.sys"
+ "IPNAT" "IP Network Address Translator" "Microsoft Corporation" "c:\windows\system32\drivers\ipnat.sys"
+ "IRENUM" "IR Bus Enumerator" "Microsoft Corporation" "c:\windows\system32\drivers\irenum.sys"
+ "iScsiPrt" "Microsoft iSCSI Initiator Driver" "Microsoft Corporation" "c:\windows\system32\drivers\msiscsi.sys"
+ "kbdclass" "Keyboard Class Driver" "Microsoft Corporation" "c:\windows\system32\drivers\kbdclass.sys"
+ "KSecDD" "Kernel Security Support Provider Interface" "Microsoft Corporation" "c:\windows\system32\drivers\ksecdd.sys"
+ "lltdio" "Link-Layer Topology Mapper I/O Driver" "Microsoft Corporation" "c:\windows\system32\drivers\lltdio.sys"
+ "luafv" "Virtualizes file write failures to per-user locations." "Microsoft Corporation" "c:\windows\system32\drivers\luafv.sys"
+ "McPvDrv" "McAfee Anti-Theft Driver" "McAfee" "c:\windows\system32\drivers\mcpvdrv.sys"
+ "mfeavfk" "Anti-Virus File System Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfeavfk.sys"
+ "mfebopk" "Buffer Overflow Protection Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfebopk.sys"
+ "mfehidk" "McAfee Link Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfehidk.sys"
+ "mferkdk" "VSCore Code Analysis Driver" "McAfee, Inc." "c:\windows\system32\drivers\mferkdk.sys"
+ "mfesmfk" "System Monitor Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfesmfk.sys"
+ "Modem" "Modem Device Driver" "Microsoft Corporation" "c:\windows\system32\drivers\modem.sys"
+ "monitor" "Monitor Driver" "Microsoft Corporation" "c:\windows\system32\drivers\monitor.sys"
+ "mouclass" "Mouse Class Driver" "Microsoft Corporation" "c:\windows\system32\drivers\mouclass.sys"
+ "MountMgr" "Driver responsible with maintaining persistent drive letters and names for volumes" "Microsoft Corporation" "c:\windows\system32\drivers\mountmgr.sys"
+ "MPFP" "McAfee Personal Firewall Plus Driver" "McAfee, Inc." "c:\windows\system32\drivers\mpfp.sys"
+ "mpsdrv" "Windows Firewall Authorization Driver is a kernel mode driver that provides deep inspection services on inbound and outbound network traffic." "Microsoft Corporation" "c:\windows\system32\drivers\mpsdrv.sys"
+ "MRxDAV" "WebDav Client Redirector Driver" "Microsoft Corporation" "c:\windows\system32\drivers\mrxdav.sys"
+ "mrxsmb" "Implements the framework for the SMB filesystem redirector" "Microsoft Corporation" "c:\windows\system32\drivers\mrxsmb.sys"
+ "mrxsmb10" "Implements the SMB 1.x (CIFS) protocol. This protocol provides connectivity to network resources on pre-Windows Vista servers" "Microsoft Corporation" "c:\windows\system32\drivers\mrxsmb10.sys"
+ "mrxsmb20" "Implements the SMB 2.0 protocol, which provides connectivity to network resources on Windows Vista and later servers" "Microsoft Corporation" "c:\windows\system32\drivers\mrxsmb20.sys"
+ "Msfs" "Mailslot driver" "Microsoft Corporation" "c:\windows\system32\drivers\msfs.sys"
+ "msisadrv" "ISA Driver" "Microsoft Corporation" "c:\windows\system32\drivers\msisadrv.sys"
+ "MSKSSRV" "MS KS Server" "Microsoft Corporation" "c:\windows\system32\drivers\mskssrv.sys"
+ "MSPCLOCK" "MS Proxy Clock" "Microsoft Corporation" "c:\windows\system32\drivers\mspclock.sys"
+ "MSPQM" "MS Proxy Quality Manager" "Microsoft Corporation" "c:\windows\system32\drivers\mspqm.sys"
+ "MsRPC" "Kernel Remote Procedure Call Provider" "Microsoft Corporation" "c:\windows\system32\drivers\msrpc.sys"
+ "mssmbios" "System Management BIOS Driver" "Microsoft Corporation" "c:\windows\system32\drivers\mssmbios.sys"
+ "MSTEE" "WDM Tee/Communication Transform Filter " "Microsoft Corporation" "c:\windows\system32\drivers\mstee.sys"
+ "Mup" "Multiple UNC Provider" "Microsoft Corporation" "c:\windows\system32\drivers\mup.sys"
+ "NativeWifiP" "NativeWiFi Miniport Driver" "Microsoft Corporation" "c:\windows\system32\drivers\nwifi.sys"
+ "NDIS" "NDIS System Driver" "Microsoft Corporation" "c:\windows\system32\drivers\ndis.sys"
+ "NdisTapi" "Remote Access NDIS TAPI Driver" "Microsoft Corporation" "c:\windows\system32\drivers\ndistapi.sys"
+ "Ndisuio" "NDIS User mode I/O driver" "Microsoft Corporation" "c:\windows\system32\drivers\ndisuio.sys"
+ "NdisWan" "Remote Access NDIS WAN Driver" "Microsoft Corporation" "c:\windows\system32\drivers\ndiswan.sys"
+ "NDProxy" "NDIS Proxy" "Microsoft Corporation" "c:\windows\system32\drivers\ndproxy.sys"
+ "NetBIOS" "NetBIOS Interface" "Microsoft Corporation" "c:\windows\system32\drivers\netbios.sys"
+ "netbt" "This service implements NetBios over TCP/IP." "Microsoft Corporation" "c:\windows\system32\drivers\netbt.sys"
+ "Npfs" "NPFS Driver" "Microsoft Corporation" "c:\windows\system32\drivers\npfs.sys"
+ "nsiproxy" "NSI proxy service" "Microsoft Corporation" "c:\windows\system32\drivers\nsiproxy.sys"
+ "Ntfs" "NT File System Driver" "Microsoft Corporation" "c:\windows\system32\drivers\ntfs.sys"
+ "Null" "NULL Driver" "Microsoft Corporation" "c:\windows\system32\drivers\null.sys"
+ "nv_agp" "NForce NT AGP Filter" "Microsoft Corporation" "c:\windows\system32\drivers\nv_agp.sys"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "" "File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "" "File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "Parport" "Parallel Port Driver" "Microsoft Corporation" "c:\windows\system32\drivers\parport.sys"
+ "partmgr" "Disk class filter driver that auctions out partitions to volume managers" "Microsoft Corporation" "c:\windows\system32\drivers\partmgr.sys"
+ "Parvdm" "VDM Parallel Driver" "Microsoft Corporation" "c:\windows\system32\drivers\parvdm.sys"
+ "pci" "NT Plug and Play PCI Enumerator" "Microsoft Corporation" "c:\windows\system32\drivers\pci.sys"
+ "PEAUTH" "Protected Environment Authentication and Authorization Export Driver" "Microsoft Corporation" "c:\windows\system32\drivers\peauth.sys"
+ "PptpMiniport" "WAN Miniport (PPTP)" "Microsoft Corporation" "c:\windows\system32\drivers\raspptp.sys"
+ "PSched" "QoS Packet Scheduler" "Microsoft Corporation" "c:\windows\system32\drivers\pacer.sys"
+ "QWAVEdrv" "Quality Windows Audio/Video Experience component driver" "Microsoft Corporation" "c:\windows\system32\drivers\qwavedrv.sys"
+ "R300" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "RasAcd" "Remote Access Auto Connection Driver" "Microsoft Corporation" "c:\windows\system32\drivers\rasacd.sys"
+ "Rasl2tp" "WAN Miniport (L2TP)" "Microsoft Corporation" "c:\windows\system32\drivers\rasl2tp.sys"
+ "RasPppoe" "Remote Access PPPOE Driver" "Microsoft Corporation" "c:\windows\system32\drivers\raspppoe.sys"
+ "RasSstp" "WAN Miniport (SSTP)" "Microsoft Corporation" "c:\windows\system32\drivers\rassstp.sys"
+ "rdbss" "Provides the framework for network mini-redirectors" "Microsoft Corporation" "c:\windows\system32\drivers\rdbss.sys"
+ "RDPCDD" "RDPDD Chained DD" "Microsoft Corporation" "c:\windows\system32\drivers\rdpcdd.sys"
+ "RDPENCDD" "RDP Encoder Mirror Driver" "Microsoft Corporation" "c:\windows\system32\drivers\rdpencdd.sys"
+ "RDPWD" "RDP Terminal Stack Driver" "Microsoft Corporation" "c:\windows\system32\drivers\rdpwd.sys"
+ "rspndr" "Link-Layer Topology Responder Driver for NDIS 6" "Microsoft Corporation" "c:\windows\system32\drivers\rspndr.sys"
+ "RTSTOR" "Realtek USB Mass Storage Driver for Vista" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtstor.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "Serenum" "Serial Port Enumerator" "Microsoft Corporation" "c:\windows\system32\drivers\serenum.sys"
+ "Serial" "Serial Device Driver" "Microsoft Corporation" "c:\windows\system32\drivers\serial.sys"
+ "sffp_mmc" "Small Form Factor MMC Protocol Driver" "Microsoft Corporation" "c:\windows\system32\drivers\sffp_mmc.sys"
+ "sffp_sd" "Small Form Factor SD Protocol Driver" "Microsoft Corporation" "c:\windows\system32\drivers\sffp_sd.sys"
+ "sisagp" "SIS NT AGP Filter" "Microsoft Corporation" "c:\windows\system32\drivers\sisagp.sys"
+ "Smb" "Microsoft NetbiosSmb Device Driver" "Microsoft Corporation" "c:\windows\system32\drivers\smb.sys"
+ "spldr" "loader for security processor" "Microsoft Corporation" "c:\windows\system32\drivers\spldr.sys"
+ "srv" "Server driver" "Microsoft Corporation" "c:\windows\system32\drivers\srv.sys"
+ "srv2" "Default SDDL for Windows Resource Protected file" "Microsoft Corporation" "c:\windows\system32\drivers\srv2.sys"
+ "srvnet" "Server Network driver" "Microsoft Corporation" "c:\windows\system32\drivers\srvnet.sys"
+ "STHDA" "IDT PC Audio" "IDT, Inc." "c:\windows\system32\drivers\stwrt.sys"
+ "swenum" "Plug and Play Software Device Enumerator" "Microsoft Corporation" "c:\windows\system32\drivers\swenum.sys"
+ "Tcpip" "TCP/IP Protocol Driver" "Microsoft Corporation" "c:\windows\system32\drivers\tcpip.sys"
+ "Tcpip6" "Microsoft IPv6 Protocol Driver" "Microsoft Corporation" "c:\windows\system32\drivers\tcpip.sys"
+ "tcpipreg" "Provides compatibility for legacy applications which interact with TCP/IP through the registry. If this service is stopped, certain applications may have impaired functionality." "Microsoft Corporation" "c:\windows\system32\drivers\tcpipreg.sys"
+ "TDPIPE" "Named Pipe Transport Driver" "Microsoft Corporation" "c:\windows\system32\drivers\tdpipe.sys"
+ "TDTCP" "TCP Transport Driver" "Microsoft Corporation" "c:\windows\system32\drivers\tdtcp.sys"
+ "tdx" "NetIO Legacy TDI Support Driver" "Microsoft Corporation" "c:\windows\system32\drivers\tdx.sys"
+ "TermDD" "Terminal Server Driver" "Microsoft Corporation" "c:\windows\system32\drivers\termdd.sys"
+ "tssecsrv" "Terminal Services Security Filter Driver" "Microsoft Corporation" "c:\windows\system32\drivers\tssecsrv.sys"
+ "tunmp" "Microsoft Tunnel Interface Driver" "Microsoft Corporation" "c:\windows\system32\drivers\tunmp.sys"
+ "tunnel" "Microsoft Tunnel Interface Driver" "Microsoft Corporation" "c:\windows\system32\drivers\tunnel.sys"
+ "uagp35" "MS AGPv3.5 Filter" "Microsoft Corporation" "c:\windows\system32\drivers\uagp35.sys"
+ "uliagpkx" "ULi AGPv3.0 Filter for K8/9 Processor Platforms" "Microsoft Corporation" "c:\windows\system32\drivers\uliagpkx.sys"
+ "umbus" "User-Mode Bus Enumerator" "Microsoft Corporation" "c:\windows\system32\drivers\umbus.sys"
+ "usbehci" "EHCI eUSB Miniport Driver" "Microsoft Corporation" "c:\windows\system32\drivers\usbehci.sys"
+ "usbhub" "Default Hub Driver for USB" "Microsoft Corporation" "c:\windows\system32\drivers\usbhub.sys"
+ "usbuhci" "UHCI USB Miniport Driver" "Microsoft Corporation" "c:\windows\system32\drivers\usbuhci.sys"
+ "vga" "VGA/Super VGA Video Driver" "Microsoft Corporation" "c:\windows\system32\drivers\vgapnp.sys"
+ "VgaSave" "VGA/Super VGA Video Driver" "Microsoft Corporation" "c:\windows\system32\drivers\vga.sys"
+ "viaagp" "VIA NT AGP Filter" "Microsoft Corporation" "c:\windows\system32\drivers\viaagp.sys"
+ "volmgr" "Volume Manager Driver" "Microsoft Corporation" "c:\windows\system32\drivers\volmgr.sys"
+ "volmgrx" "Extension of the volume manager driver that manages software RAID volumes (spanned, striped, mirrored, RAID-5) on dynamic disks" "Microsoft Corporation" "c:\windows\system32\drivers\volmgrx.sys"
+ "volsnap" "Volume Shadow Copy Driver" "Microsoft Corporation" "c:\windows\system32\drivers\volsnap.sys"
+ "Wanarp" "Remote Access IP ARP Driver" "Microsoft Corporation" "c:\windows\system32\drivers\wanarp.sys"
+ "Wanarpv6" "Remote Access IPv6 ARP Driver" "Microsoft Corporation" "c:\windows\system32\drivers\wanarp.sys"
+ "Wdf01000" "WDF Dynamic" "Microsoft Corporation" "c:\windows\system32\drivers\wdf01000.sys"
+ "WmiAcpi" "Windows Management Interface for ACPI" "Microsoft Corporation" "c:\windows\system32\drivers\wmiacpi.sys"
+ "WUDFRd" "Windows Driver Foundation - User-mode Driver Framework Reflector" "Microsoft Corporation" "c:\windows\system32\drivers\wudfrd.sys"
+ "yukonwlh" "Miniport Driver for Marvell Yukon Ethernet Controller." "Marvell" "c:\windows\system32\drivers\yk60x86.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "midi" "Winmm audio system driver" "Microsoft Corporation" "c:\windows\system32\wdmaud.drv"
+ "midimapper" "Microsoft MIDI Mapper" "Microsoft Corporation" "c:\windows\system32\midimap.dll"
+ "mixer" "Winmm audio system driver" "Microsoft Corporation" "c:\windows\system32\wdmaud.drv"
+ "msacm.imaadpcm" "IMA ADPCM CODEC for MSACM" "Microsoft Corporation" "c:\windows\system32\imaadp32.acm"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.msadpcm" "Microsoft ADPCM CODEC for MSACM" "Microsoft Corporation" "c:\windows\system32\msadp32.acm"
+ "msacm.msg711" "Microsoft CCITT G.711 (A-Law and u-Law) CODEC for MSACM" "Microsoft Corporation" "c:\windows\system32\msg711.acm"
+ "msacm.msgsm610" "Microsoft GSM 6.10 Audio CODEC for MSACM" "Microsoft Corporation" "c:\windows\system32\msgsm32.acm"
+ "msacm.siren" "Messenger Audio Codec" "Microsoft Corporation" "c:\windows\system32\sirenacm.dll"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.i420" "Intel Indeo® Video YUV Codec" "Microsoft Corporation" "c:\windows\system32\iyuv_32.dll"
+ "vidc.iyuv" "Intel Indeo® Video YUV Codec" "Microsoft Corporation" "c:\windows\system32\iyuv_32.dll"
+ "vidc.mrle" "Microsoft RLE Compressor" "Microsoft Corporation" "c:\windows\system32\msrle32.dll"
+ "vidc.msvc" "Microsoft Video 1 Compressor" "Microsoft Corporation" "c:\windows\system32\msvidc32.dll"
+ "vidc.uyvy" "Microsoft UYVY Video Decompressor" "Microsoft Corporation" "c:\windows\system32\msyuv.dll"
+ "vidc.yuy2" "Microsoft UYVY Video Decompressor" "Microsoft Corporation" "c:\windows\system32\msyuv.dll"
+ "vidc.yvu9" "Toshiba Video Codec" "Microsoft Corporation" "c:\windows\system32\tsbyuv.dll"
+ "vidc.yvyu" "Microsoft UYVY Video Decompressor" "Microsoft Corporation" "c:\windows\system32\msyuv.dll"
+ "wave" "Winmm audio system driver" "Microsoft Corporation" "c:\windows\system32\wdmaud.drv"
+ "wavemapper" "Microsoft Sound Mapper" "Microsoft Corporation" "c:\windows\system32\msacm32.drv"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "AC3 Parser Filter" "DirectShow MPEG-2 Splitter." "Microsoft Corporation" "c:\windows\system32\mpg2splt.ax"
+ "ACM Wrapper" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "Allocator Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "AVI Decompressor" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "AVI Draw Filter" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "AVI mux" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\qcap.dll"
+ "AVI Splitter" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "AVI/WAV File Source" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "BDA MPEG2 Transport Information Filter" "Microsoft Transport Information Filter for MPEG2 based networks." "Microsoft Corporation" "c:\windows\system32\psisrndr.ax"
+ "Bitmap" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Color Space Converter" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "Default Video Renderer" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "DV Muxer" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\qdv.dll"
+ "DV Splitter" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\qdv.dll"
+ "DV Video Decoder" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\qdv.dll"
+ "DVD Navigator" "DirectShow DVD PlayBack Runtime." "Microsoft Corporation" "c:\windows\system32\qdvd.dll"
+ "Enhanced Video Renderer" "Enhanced Video Renderer DLL" "Microsoft Corporation" "c:\windows\system32\evr.dll"
+ "File Source (Async.)" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "File Source (URL)" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "File stream renderer" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "File Writer" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\qcap.dll"
+ "Frame Eater" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Full Screen Renderer" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "Infinite Pin Tee Filter" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\qcap.dll"
+ "Internal Text Renderer" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "Line 21 Decoder" "DirectShow DVD PlayBack Runtime." "Microsoft Corporation" "c:\windows\system32\qdvd.dll"
+ "Line 21 Decoder 2" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "MIDI Parser" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "MJPEG Decompressor" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "MPEG Audio Codec" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "MPEG Video Codec" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "MPEG-2 Demultiplexer" "DirectShow MPEG-2 Splitter." "Microsoft Corporation" "c:\windows\system32\mpg2splt.ax"
+ "MPEG-2 Sections and Tables" "Microsoft MPEG-2 Section and Table Acquisition Module" "Microsoft Corporation" "c:\windows\system32\mpeg2data.ax"
+ "MPEG-2 Splitter" "DirectShow MPEG-2 Splitter." "Microsoft Corporation" "c:\windows\system32\mpg2splt.ax"
+ "Mpeg-2 Video Stream Analysis" "DirectShow Stream Buffer Filter." "Microsoft Corporation" "c:\windows\system32\sbe.dll"
+ "MPEG-I Stream Splitter" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "Multi-file Parser" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "Multiple File Output" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Null Renderer" "DirectShow Editing." "Microsoft Corporation" "c:\windows\system32\qedit.dll"
+ "Overlay Mixer" "DirectShow DVD PlayBack Runtime." "Microsoft Corporation" "c:\windows\system32\qdvd.dll"
+ "Overlay Mixer2" "DirectShow DVD PlayBack Runtime." "Microsoft Corporation" "c:\windows\system32\qdvd.dll"
+ "Proxy Sink" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Record Queue" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "SAMI (CC) Reader" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "Sample Grabber" "DirectShow Editing." "Microsoft Corporation" "c:\windows\system32\qedit.dll"
+ "ShotDetect" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Smart Tee Filter" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\qcap.dll"
+ "SoundRecorder Null Renderer" "Windows Sound Recorder" "Microsoft Corporation" "c:\windows\system32\wavdest.dll"
+ "SoundRecorder Volume Watch" "Windows Sound Recorder" "Microsoft Corporation" "c:\windows\system32\wavdest.dll"
+ "SoundRecorder WAV Dest" "Windows Sound Recorder" "Microsoft Corporation" "c:\windows\system32\wavdest.dll"
+ "Stetch" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "StreamBufferSink" "DirectShow Stream Buffer Filter." "Microsoft Corporation" "c:\windows\system32\sbe.dll"
+ "StreamBufferSource" "DirectShow Stream Buffer Filter." "Microsoft Corporation" "c:\windows\system32\sbe.dll"
+ "VBI Codec" "Microsoft VBI Codec" "Microsoft Corporation" "c:\windows\system32\vbicodec.ax"
+ "VBI Surface Allocator" "VBI Surface Allocator Filter" "Microsoft Corporation" "c:\windows\system32\vbisurf.ax"
+ "VGA 16 color ditherer" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "Video Mixing Renderer 9" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "Video Port Manager" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "Video Renderer" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "Wave Parser" "DirectShow Runtime." "Microsoft Corporation" "c:\windows\system32\quartz.dll"
+ "WM ASF Reader" "DirectShow ASF Support" "Microsoft Corporation" "c:\windows\system32\qasf.dll"
+ "WM ASF Writer" "DirectShow ASF Support" "Microsoft Corporation" "c:\windows\system32\qasf.dll"
+ "WM VIH2 Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMEnc Screen Capture Filter" "WMPSrcWp Module" "Microsoft Corporation" "c:\windows\system32\wmpsrcwp.dll"
+ "WMT Audio Analyzer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WST Pager" "Microsoft Teletext Server" "Microsoft Corporation" "c:\windows\system32\wstpager.ax"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "autocheck autochk *" "Auto Check Utility" "Microsoft Corporation" "c:\windows\system32\autochk.exe"
"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls" "" "" ""
+ "advapi32" "Advanced Windows 32 Base API" "Microsoft Corporation" "c:\windows\system32\advapi32.dll"
+ "clbcatq" "COM+ Configuration Catalog" "Microsoft Corporation" "c:\windows\system32\clbcatq.dll"
+ "COMDLG32" "Common Dialogs DLL" "Microsoft Corporation" "c:\windows\system32\comdlg32.dll"
+ "gdi32" "GDI Client DLL" "Microsoft Corporation" "c:\windows\system32\gdi32.dll"
+ "IERTUTIL" "Run time utility for Internet Explorer" "Microsoft Corporation" "c:\windows\system32\iertutil.dll"
+ "IMAGEHLP" "Windows NT Image Helper" "Microsoft Corporation" "c:\windows\system32\imagehlp.dll"
+ "IMM32" "Multi-User Windows IMM32 API Client DLL" "Microsoft Corporation" "c:\windows\system32\imm32.dll"
+ "kernel32" "Windows NT BASE API Client DLL" "Microsoft Corporation" "c:\windows\system32\kernel32.dll"
+ "LPK" "Language Pack" "Microsoft Corporation" "c:\windows\system32\lpk.dll"
+ "MSCTF" "MSCTF Server DLL" "Microsoft Corporation" "c:\windows\system32\msctf.dll"
+ "MSVCRT" "Windows NT CRT DLL" "Microsoft Corporation" "c:\windows\system32\msvcrt.dll"
+ "NORMALIZ" "Unicode Normalization DLL" "Microsoft Corporation" "c:\windows\system32\normaliz.dll"
+ "NSI" "NSI User-mode interface DLL" "Microsoft Corporation" "c:\windows\system32\nsi.dll"
+ "ole32" "Microsoft OLE for Windows" "Microsoft Corporation" "c:\windows\system32\ole32.dll"
+ "OLEAUT32" "" "Microsoft Corporation" "c:\windows\system32\oleaut32.dll"
+ "rpcrt4" "Remote Procedure Call Runtime" "Microsoft Corporation" "c:\windows\system32\rpcrt4.dll"
+ "Setupapi" "Windows Setup API" "Microsoft Corporation" "c:\windows\system32\setupapi.dll"
+ "SHELL32" "Windows Shell Common Dll" "Microsoft Corporation" "c:\windows\system32\shell32.dll"
+ "SHLWAPI" "Shell Light-weight Utility Library" "Microsoft Corporation" "c:\windows\system32\shlwapi.dll"
+ "URLMON" "OLE32 Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\urlmon.dll"
+ "user32" "Multi-User Windows USER API Client DLL" "Microsoft Corporation" "c:\windows\system32\user32.dll"
+ "USP10" "Uniscribe Unicode script processor" "Microsoft Corporation" "c:\windows\system32\usp10.dll"
+ "WININET" "Internet Extensions for Win32" "Microsoft Corporation" "c:\windows\system32\wininet.dll"
+ "WLDAP32" "Win32 LDAP API DLL" "Microsoft Corporation" "c:\windows\system32\wldap32.dll"
+ "WS2_32" "Windows Socket 2.0 32-Bit DLL" "Microsoft Corporation" "c:\windows\system32\ws2_32.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "GenericProvider" "Windows Authentication UI" "Microsoft Corporation" "c:\windows\system32\authui.dll"
+ "NPProvider" "Windows Authentication UI" "Microsoft Corporation" "c:\windows\system32\authui.dll"
+ "PasswordProvider" "Windows Authentication UI" "Microsoft Corporation" "c:\windows\system32\authui.dll"
+ "Smartcard Credential Provider" "Windows Smartcard Credential Provider" "Microsoft Corporation" "c:\windows\system32\smartcardcredentialprovider.dll"
+ "Smartcard Pin Provider" "Windows Smartcard Credential Provider" "Microsoft Corporation" "c:\windows\system32\smartcardcredentialprovider.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters" "" "" ""
+ "GenericFilter" "Windows Authentication UI" "Microsoft Corporation" "c:\windows\system32\authui.dll"
+ "RemoteLogonFilter" "Windows Authentication UI" "Microsoft Corporation" "c:\windows\system32\authui.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers" "" "" ""
+ "CRasProvider" "RAS PLAP Credential Provider" "Microsoft Corporation" "c:\windows\system32\rasplap.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKCU\Control Panel\Desktop\Scrnsave.exe" "" "" ""
+ "C:\Windows\system32\logon.scr" "Logon Screen Saver" "Microsoft Corporation" "c:\windows\system32\logon.scr"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries" "" "" ""
+ "MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3C9F7DC5-4D6C-4AF4-84E0-35FC61523A89}] DATAGRAM 7" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3C9F7DC5-4D6C-4AF4-84E0-35FC61523A89}] SEQPACKET 7" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6823F767-EF4C-4D67-8B97-B2DE893B0E75}] DATAGRAM 1" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6823F767-EF4C-4D67-8B97-B2DE893B0E75}] SEQPACKET 1" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "MSAFD NetBIOS [\Device\NetBT_Tcpip6_{714FBD57-6756-4E9F-9662-2908E14304FD}] DATAGRAM 3" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "MSAFD NetBIOS [\Device\NetBT_Tcpip6_{714FBD57-6756-4E9F-9662-2908E14304FD}] SEQPACKET 3" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "MSAFD NetBIOS [\Device\NetBT_Tcpip6_{A1BD9811-54BF-46F1-93BE-428CA3763737}] DATAGRAM 5" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "MSAFD NetBIOS [\Device\NetBT_Tcpip6_{A1BD9811-54BF-46F1-93BE-428CA3763737}] SEQPACKET 5" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "MSAFD NetBIOS [\Device\NetBT_Tcpip6_{BBE8EB76-1F50-4115-88CF-C4E730677958}] DATAGRAM 0" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "MSAFD NetBIOS [\Device\NetBT_Tcpip6_{BBE8EB76-1F50-4115-88CF-C4E730677958}] SEQPACKET 0" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "MSAFD NetBIOS [\Device\NetBT_Tcpip_{714FBD57-6756-4E9F-9662-2908E14304FD}] DATAGRAM 2" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "MSAFD NetBIOS [\Device\NetBT_Tcpip_{714FBD57-6756-4E9F-9662-2908E14304FD}] SEQPACKET 2" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "MSAFD NetBIOS [\Device\NetBT_Tcpip_{A1BD9811-54BF-46F1-93BE-428CA3763737}] DATAGRAM 4" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "MSAFD NetBIOS [\Device\NetBT_Tcpip_{A1BD9811-54BF-46F1-93BE-428CA3763737}] SEQPACKET 4" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "MSAFD Tcpip [RAW/IP]" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "MSAFD Tcpip [RAW/IPv6]" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "MSAFD Tcpip [TCP/IP]" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "MSAFD Tcpip [TCP/IPv6]" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "MSAFD Tcpip [UDP/IP]" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "MSAFD Tcpip [UDP/IPv6]" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "RSVP TCP Service Provider" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "RSVP TCPv6 Service Provider" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "RSVP UDP Service Provider" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
+ "RSVP UDPv6 Service Provider" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "E-mail Naming Shim Provider" "E-mail Naming Shim Provider" "Microsoft Corporation" "c:\windows\system32\napinsp.dll"
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "Network Location Awareness Legacy (NLAv1) Namespace" "Network Location Awareness 2" "Microsoft Corporation" "c:\windows\system32\nlaapi.dll"
+ "NTDS" "LDAP RnR Provider DLL" "Microsoft Corporation" "c:\windows\system32\winrnr.dll"
+ "PNRP Cloud Namespace Provider" "PNRP Name Space Provider" "Microsoft Corporation" "c:\windows\system32\pnrpnsp.dll"
+ "PNRP Name Namespace Provider" "PNRP Name Space Provider" "Microsoft Corporation" "c:\windows\system32\pnrpnsp.dll"
+ "Tcpip" "Microsoft Windows Sockets 2.0 Service Provider" "Microsoft Corporation" "c:\windows\system32\mswsock.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Local Port" "Local Spooler DLL" "Microsoft Corporation" "c:\windows\system32\localspl.dll"
+ "Standard TCP/IP Port" "Standard TCP/IP Port Monitor DLL" "Microsoft Corporation" "c:\windows\system32\tcpmon.dll"
+ "USB Monitor" "Standard Dynamic Printing Port Monitor DLL" "Microsoft Corporation" "c:\windows\system32\usbmon.dll"
+ "WSD Port" "WSD Printer Port Monitor" "Microsoft Corporation" "c:\windows\system32\wsdmon.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders" "" "" ""
+ "credssp.dll" "TS Single Sign On Security Package" "Microsoft Corporation" "c:\windows\system32\credssp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages" "" "" ""
+ "msv1_0" "Microsoft Authentication Package v1.0" "Microsoft Corporation" "c:\windows\system32\msv1_0.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages" "" "" ""
+ "scecli" "Windows Security Configuration Editor Client Engine" "Microsoft Corporation" "c:\windows\system32\scecli.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages" "" "" ""
+ "kerberos" "Kerberos Security Package" "Microsoft Corporation" "c:\windows\system32\kerberos.dll"
+ "msv1_0" "Microsoft Authentication Package v1.0" "Microsoft Corporation" "c:\windows\system32\msv1_0.dll"
+ "schannel" "TLS / SSL Security Provider" "Microsoft Corporation" "c:\windows\system32\schannel.dll"
+ "tspkg" "Web Service Security Package" "Microsoft Corporation" "c:\windows\system32\tspkg.dll"
+ "wdigest" "Microsoft Digest Access" "Microsoft Corporation" "c:\windows\system32\wdigest.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "BCMLogon" "Dell Wireless WLAN Card Logon Provider" "Dell Inc." "c:\windows\system32\bcmlogon.dll"
+ "LanmanWorkstation" "Microsoft Windows Network" "Microsoft Corporation" "c:\windows\system32\ntlanman.dll"
+ "RDPNP" "Microsoft Terminal Services" "Microsoft Corporation" "c:\windows\system32\drprov.dll"
+ "webclient" "Web Client Network" "Microsoft Corporation" "c:\windows\system32\davclnt.dll"
"C:\Users\ben\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Clock" "Watch the clock in your own time zone or any city in the world." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\Clock.gadget\en-US\Gadget.xml"
+ "Feed Headlines" "Track the latest news, sports, and entertainment headlines." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\RSSFeeds.Gadget\en-US\Gadget.xml"
+ "Slide Show" "Show a continuous slide show of your pictures." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\SlideShow.Gadget\en-US\Gadget.xml"

Edited by Madkool, 06 February 2010 - 11:02 PM.


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:48 AM

Posted 07 February 2010 - 05:47 AM

There doesn't look to be any sign of WebWatcher (running or otherwise) on your PC.

This machine looks clean. Has anything else strange happened since we started this topic?
Posted Image
m0le is a proud member of UNITE

#13 Madkool

Madkool
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 AM

Posted 07 February 2010 - 10:27 AM

There doesn't look to be any sign of WebWatcher (running or otherwise) on your PC.

This machine looks clean. Has anything else strange happened since we started this topic?


Same symptoms that I mentioned before, including msn not starting. (i.e., it pops up then disappears as if it's being blocked.) This is really frustrating ><;

Edited by Madkool, 07 February 2010 - 10:59 AM.


#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:48 AM

Posted 07 February 2010 - 12:02 PM

Okay, there are some applications being blocked from running so let's try Combofix. There are a number of very difficult to spot rootkits and trojans around at the moment. Let's see if Combofix finds evidence of any of these.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#15 Madkool

Madkool
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 AM

Posted 07 February 2010 - 12:30 PM

I can combo fix, but now no programs will execute from my computer (typing from i pod)

Edit: I did a restart, and now the other programs will execute again, however, none of the problems were resolved from the scan. I also lost the log upon restart, should I try again? I also noticed, before my computer restarted, I got some kind of error prompt that said "CatchMe.cfx (not sure on the extention) failed to initialize.

Edited by Madkool, 07 February 2010 - 12:42 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users