please help VIRUS see Hijack this - Need advice for windows

  • bbgrh
  • Novice
  • Novice
  • bbgrh
  • Posts: 20

Post 3+ Months Ago

please,i would appreciate any help/advice on what to do to clean up my slowing laptop, and need help removing whatever virus or malware or whatever is there, and if possible more info about how to avoid this.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:23 PM, on 7/14/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: Justin.tv Publisher - http://www.justin.tv/plugins/justintv_publisher.CAB
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: gearsec - GEAR Software - C:\Windows\system32\gearsec.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7170 bytes
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8388
  • Loc: USA

Post 3+ Months Ago

I don't see anything there that would be causing you any problems at all. Did you run a Scanner like Spyware Doctor or something like that?

Did you run your ESET Smart Security? What are the results?
  • bbgrh
  • Novice
  • Novice
  • bbgrh
  • Posts: 20

Post 3+ Months Ago

Bogey wrote:
I don't see anything there that would be causing you any problems at all. Did you run a Scanner like Spyware Doctor or something like that?

Did you run your ESET Smart Security? What are the results?




Hi, thanks for the response, I appreciate it so much.

I have spybot search and destroy installed, as well as ad-aware. scans with both come up with nothing.

Do you suggest I run a scan with spyware doctor? I can do it if you think its a better program.

I ran eset, but it identifies keygens (there are quite a few) and i am not sure how to make it not quarantine or make changes to the program when it scans. Bunch of programs dont work after eset scan.

Wow so I guess I am just paranoid. Thats interesting, thank you for your input on that, and taking the time to help me.

I have a couple more questions, if you have time to answer them, that would be wonderful.

Is there a way for me to know if and when someone accesses my webcam without my knowledge?

Someone told me to go to my event viewer, and to the security tab, to see a log of when people have changed something in my computer. Is it true that the "audit failed"s are when people tried to access and make changes to my computer?

I know I am not just paranoid about etting my private pictures taken from my computer lately, I have found them posted in various places on the web, by searching for them by filename. it appears to me to be a bot posting them, but a lot of the pages are in other languages.

Is there anything else you can tell me?
  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8388
  • Loc: USA

Post 3+ Months Ago

I don't know if Spyware Doctor is the better program, but it has found a number of stuff that Spyware S & D or Ad-Aware haven't found. THe only problem with Spyware Doctor is that it is not for free if you intend to remove something with it... but it will scan your computer and give you the results for free.

You could do it, make a screenshot of the results, and then post the screenshot here with the results, if there are any... or maybe you're just paranoid.

About those images you have of you on other sites... they could have being retrieved from the storage facilities you have given them too...

And I don't know about those questions... I'm sure though that there are some people on ozzu that would be of good assistance there.
  • bbgrh
  • Novice
  • Novice
  • bbgrh
  • Posts: 20

Post 3+ Months Ago

Bogey wrote:
I don't know if Spyware Doctor is the better program, but it has found a number of stuff that Spyware S & D or Ad-Aware haven't found. THe only problem with Spyware Doctor is that it is not for free if you intend to remove something with it... but it will scan your computer and give you the results for free.

You could do it, make a screenshot of the results, and then post the screenshot here with the results, if there are any... or maybe you're just paranoid.

About those images you have of you on other sites... they could have being retrieved from the storage facilities you have given them too...

And I don't know about those questions... I'm sure though that there are some people on ozzu that would be of good assistance there.






Hi again, I downloaded spyware doctor free. It found this:

http://s255.photobucket.com/albums/hh13 ... esults.jpg

backdoor looks to have come from an irc attack, like i thought.

what do i do now?? pleaase help!

also need to know if there is a way i can find out if and when someone is accessing my webcams without my knowlege.

thanks again,
angela

thanks
  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8388
  • Loc: USA

Post 3+ Months Ago

Can you do that again and get a bigger picture? I don't have a magnifying glass at the moment :D

I can't help you at the moment since I can't read anything in that image and it doesn't look like there is any way to get the picture to get bigger... downloading it would still result in that small image and there doesn't seem to be an option to see it in full view.
  • bbgrh
  • Novice
  • Novice
  • bbgrh
  • Posts: 20

Post 3+ Months Ago

Bogey wrote:
Can you do that again and get a bigger picture? I don't have a magnifying glass at the moment :D

I can't help you at the moment since I can't read anything in that image and it doesn't look like there is any way to get the picture to get bigger... downloading it would still result in that small image and there doesn't seem to be an option to see it in full view.




oh oooops sorry I feel silly now. I dont even know how to do this right.... but i think i got it now. one of these should work...

Image


hopefully you can see what i am referring to, the last line about backdoor.rbot!ct

the program file it is in is a program i use, jasc, but i do not use that particular photo program. i only have installed jasc paintshop pro. the backdoor refers to a jasc photo program that i dont think i have installed.

thanks for being so patient with me, youre awesome!!
  • UPSGuy
  • Lurker ಠ_ಠ
  • Web Master
  • User avatar
  • Posts: 2733
  • Loc: Nashville, TN

Post 3+ Months Ago

Keep in mind that Spyware Doctor is selling a product. They want you to think you need to purchase their software. Wouldn't be the first false-positive bait scheme I've ever seen.
  • bbgrh
  • Novice
  • Novice
  • bbgrh
  • Posts: 20

Post 3+ Months Ago

UPSGuy wrote:
Keep in mind that Spyware Doctor is selling a product. They want you to think you need to purchase their software. Wouldn't be the first false-positive bait scheme I've ever seen.



good point. i really believe someone got into my computer though. i angered someone on mIRC and suddenly my laptop is acting funny.
  • UPSGuy
  • Lurker ಠ_ಠ
  • Web Master
  • User avatar
  • Posts: 2733
  • Loc: Nashville, TN

Post 3+ Months Ago

If you've already used spybot S&D and adaware, try the product at malwarebytes.org. It's highly recommended by a few guys here that I trust. If you still think someone could be accessing your machine, then get a good firewall solution, a good AV scanner, and let us know what the curious behaviors are that you find suspect.
  • bbgrh
  • Novice
  • Novice
  • bbgrh
  • Posts: 20

Post 3+ Months Ago

UPSGuy wrote:
If you've already used spybot S&D and adaware, try the product at malwarebytes.org. It's highly recommended by a few guys here that I trust. If you still think someone could be accessing your machine, then get a good firewall solution, a good AV scanner, and let us know what the curious behaviors are that you find suspect.



thank you, I downloaded malwarebytes and ran a scan.
it found something in my registry but it looked like an error... i had the program fix it.
i thought i had copied the screen shot but i was in a hurry. after the fix, i noticed my clipboard was empty. so, likely by my own fault i still dont know if i had a problem or it was even fixed or not, because i dont know what to refer to now...

I am still trying to figure out if there is a way for me to know if and when someone is accessing my webcam.

i know it is possible because i work on a webcam site and people are supposed to pay for it, at certain times, and they have described what i was doing in private paid chat when they shouldnt have been able to see it. is that a result of the lack of security for the site i work for? or is it the actual webcam expoit? apparently a lot of hackers know about this program to see anyones webcam at any time. i would love more info related to this topic, and info on how to protect myself against this. Even just being able to tell if someone is accessing it.

i just need some advice.
someone please help me.

i will post the symptoms that lead me to believe someone is accessing my laptop, when i am able to tell if it is still happening. i am hoping maybe the problem is fixed? .... :/

i am sorry for all the questions and for jumping around between subjects, but i need to know some stuff because not knowing can be dangerous and also if you dont ask you will never know! And I know how to use google and I read a lot and try to figure things out on my own before i ask.
i really appreciate your help.
thanks in advance....
  • bbgrh
  • Novice
  • Novice
  • bbgrh
  • Posts: 20

Post 3+ Months Ago

Malwarebytes' Anti-Malware 1.39
Database version: 2481
Windows 6.0.6001 Service Pack 1

7/22/2009 1:34:53 PM
mbam-log-2009-07-22 (13-34-39).txt

Scan type: Quick Scan
Objects scanned: 81434
Time elapsed: 4 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • UPSGuy
  • Lurker ಠ_ಠ
  • Web Master
  • User avatar
  • Posts: 2733
  • Loc: Nashville, TN

Post 3+ Months Ago

If they're accessing via webcam, there's probably a hole in your site's access system or software. Have a look at this quick Google search, for instance.
  • bbgrh
  • Novice
  • Novice
  • bbgrh
  • Posts: 20

Post 3+ Months Ago

Now I purchased a new hard drive after i dropped my laptop and the hard drive started making noises. it is still accessable so i thought it would be good to change it out for a bigger one. so i did and i didnt make vista recovery discs, but i am going to put the old drive back in and do that (discless install originally) anyways, as the old drive has viruses on it, i installed what i thought was a good copy on a disc from someone i thought was knowledgeable about computers enough to know what they were giving me was legit.

so i install it and now i am running some version of vista that i have never seen anything like before, and i think someone is accessing it remotely, theyve installed some keylogging crap (because when start to type, the cursor jumps to the left 5 keys or to the previous field) but i only suspect some real bad things are going on because i think i recognize the words as red flags, and thats the extent of my knowledge, i dont know what to do beyond that.

i have it all set up on this os the way i want, all my programs are ready to go, and some i dont have discs for anymore... it would be a pain but i can wipe it all out and start over with legit recovery discs from my old drive, but i want to avoid that if possible. the thing is, i think if its possible, this version of vista is unuseable, somehow it has my settings so i cant change them.

the menu to log off has changed. now there is no "restart" and i must log off and then restart. and sometimes it asks me if i want to log off when i turn it off, because there are other users logged into my computer!!! I am the only one who should be.

i have a svchost.exe that doesnt run in safe mode that takes up around 58,000 k all the time. i have created memory dump files, which i have tried to attach but couldnt.

two files appeared in my user file, which are hidden and they are not deleteable and they are called ntuser.dat.LOG1 and ntuser.dat.LOG2

it has placed my computer into a business workgroup and even called it WORKGROUP and i cannot change it. it sets itself back to that on reboot.

i think its happening during reboot. i did a pre-boot scan using avast and avast found viruses in some downloads of mine, but this behavior and problems i am describing started long before anything was downloaded.

i have even had my screen resetting a lot, and at one point, i could see an icon under my start button.

i dont know if anyone can tell me what is going on, at this point i have been troubleshooting and learning and would like to know i am not crazy, theres also a lanman service popping up, printer spooler... all bad things from what I know, am I right?

here are some logs from different tools i have run...

Process PID CPU Description Company Name
System Idle Process 0 98.66
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 456 Windows Session Manager Microsoft Corporation
csrss.exe 524 Client Server Runtime Process Microsoft Corporation
wininit.exe 576 Windows Start-Up Application Microsoft Corporation
services.exe 624 Services and Controller app Microsoft Corporation
svchost.exe 820 Host Process for Windows Services Microsoft Corporation
nvvsvc.exe 876 NVIDIA Driver Helper Service, Version 177.13 NVIDIA Corporation
rundll32.exe 1384 Windows host process (Rundll32) Microsoft Corporation
svchost.exe 904 Host Process for Windows Services Microsoft Corporation
svchost.exe 940 Host Process for Windows Services Microsoft Corporation
svchost.exe 1024 Host Process for Windows Services Microsoft Corporation
audiodg.exe 1248 Windows Audio Device Graph Isolation Microsoft Corporation
svchost.exe 1092 Host Process for Windows Services Microsoft Corporation
dwm.exe 532 Desktop Window Manager Microsoft Corporation
svchost.exe 1136 Host Process for Windows Services Microsoft Corporation
taskeng.exe 464 Task Scheduler Engine Microsoft Corporation
taskeng.exe 888 Task Scheduler Engine Microsoft Corporation
svchost.exe 1276 Host Process for Windows Services Microsoft Corporation
SLsvc.exe 1300 Microsoft Software Licensing Service Microsoft Corporation
svchost.exe 1348 Host Process for Windows Services Microsoft Corporation
svchost.exe 1560 Host Process for Windows Services Microsoft Corporation
aswUpdSv.exe 1696 avast! Antivirus updating service ALWIL Software
ashServ.exe 1708 avast! antivirus service ALWIL Software
svchost.exe 1900 Host Process for Windows Services Microsoft Corporation
AppleMobileDeviceService.exe 1676 Apple Mobile Device Service Apple Inc.
mDNSResponder.exe 744 Bonjour Service Apple Inc.
iPodService.exe 1556 iPodService Module Apple Inc.
svchost.exe 2072 Host Process for Windows Services Microsoft Corporation
svchost.exe 2184 Host Process for Windows Services Microsoft Corporation
svchost.exe 2224 Host Process for Windows Services Microsoft Corporation
SearchIndexer.exe 2276 Microsoft Windows Search Indexer Microsoft Corporation
XAudio.exe 2460 Modem Audio Service Conexant Systems, Inc.
SDWinSec.exe 2648 Spybot-S&D Security Center integration Safer Networking Ltd.
ashMaiSv.exe 2952 avast! e-Mail Scanner Service ALWIL Software
ashWebSv.exe 2996 avast! Web Scanner ALWIL Software
lsass.exe 672 Local Security Authority Process Microsoft Corporation
lsm.exe 684 Local Session Manager Service Microsoft Corporation
csrss.exe 588 Client Server Runtime Process Microsoft Corporation
winlogon.exe 648 Windows Logon Application Microsoft Corporation
explorer.exe 828 Windows Explorer Microsoft Corporation
ashDisp.exe 1400 avast! service GUI component ALWIL Software
wmpnscfg.exe 3348 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
iTunes.exe 3676 iTunes Apple Inc.
AppleMobileDeviceHelper.exe 3024 AppleMobileDeviceHelper
distnoted.exe 1828 distnoted.exe
firefox.exe 3848 Firefox Mozilla Corporation
AutoRun.exe 3460
taskmgr.exe 2068 Windows Task Manager Microsoft Corporation
PROCEXP.EXE 2284 Sysinternals Process Explorer Sysinternals
  • bbgrh
  • Novice
  • Novice
  • bbgrh
  • Posts: 20

Post 3+ Months Ago

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
+ C:\Windows\system32\userinit.exe Userinit Logon Application Microsoft Corporation c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
+ explorer.exe Windows Explorer Microsoft Corporation c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ avast! avast! service GUI component ALWIL Software c:\program files\alwil software\avast4\ashdisp.exe
HKLM\SOFTWARE\Classes\Protocols\Filter
+ application/octet-stream Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-complus Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-msdownload Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscoree.dll
+ deflate OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ gzip OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
HKLM\SOFTWARE\Classes\Protocols\Handler
+ about Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll
+ cdl OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ dvd ActiveX control for streaming video Microsoft Corporation c:\windows\system32\msvidctl.dll
+ file OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ ftp OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ http OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ https OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ its Microsoft® InfoTech Storage System Library Microsoft Corporation c:\windows\system32\itss.dll
+ javascript Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll
+ local OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ mailto Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll
+ mhtml Microsoft Internet Messaging API Resources Microsoft Corporation c:\windows\system32\inetcomm.dll
+ mk OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ ms-its Microsoft® InfoTech Storage System Library Microsoft Corporation c:\windows\system32\itss.dll
+ res Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll
+ tv ActiveX control for streaming video Microsoft Corporation c:\windows\system32\msvidctl.dll
+ vbscript Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ Browser Customizations IEAK branding Microsoft Corporation c:\windows\system32\iedkcs32.dll
+ Microsoft Windows Mail 7 Windows Mail Microsoft Corporation c:\program files\windows mail\winmail.exe
+ Microsoft Windows Media Player Microsoft Windows Media Player Setup Utility Microsoft Corporation c:\windows\system32\unregmp2.exe
+ Microsoft Windows Media Player Microsoft Windows Media Player Setup Utility Microsoft Corporation c:\windows\system32\unregmp2.exe
+ Themes Setup Microsoft(C) Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe
+ Windows Desktop Update Microsoft(C) Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ &Address Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ &Links Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ .CAB file viewer Cabinet File Viewer Shell Extension Microsoft Corporation c:\windows\system32\cabview.dll
+ .contact shell extension handler Microsoft (R) Contacts DLL Microsoft Corporation c:\program files\common files\system\wab32.dll
+ .cpl, .dll, .exe, .ocx, .rll or .sys files Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ .fon, .otf, .ttc or .ttf files Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ .group shell extension handler Microsoft (R) Contacts DLL Microsoft Corporation c:\program files\common files\system\wab32.dll
+ ActiveX Cache Folder Object Control Viewer Microsoft Corporation c:\windows\system32\occache.dll
+ Add New Hardware Add Hardware Wizard Microsoft Corporation c:\windows\system32\hdwwiz.exe
+ Address EditBox Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Administrative Tools Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Alphabetical Categorizer Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ Audio Media Properties Handler Media Metadata Handler Microsoft Corporation c:\windows\system32\mediametadatahandler.dll
+ avast avast! Shell Extension ALWIL Software c:\program files\alwil software\avast4\ashshell.dll
+ BandProxy Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ BitLocker Drive Encryption CPL Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Briefcase Windows Briefcase Microsoft Corporation c:\windows\system32\syncui.dll
+ Client application shell extension Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ Client Side Cache Namespace Extension MSSearch Vista Platform Microsoft Corporation c:\windows\system32\mssvp.dll
+ Code Download Agent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Color Control Panel Applet Microsoft Color Control Panel Microsoft Corporation c:\windows\system32\colorcpl.exe
+ Command Folder Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ Common Places Folder Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Compatibility Property Page Compatibility Tab Shell Extension Library Microsoft Corporation c:\windows\system32\acppage.dll
+ Compressed (zipped) Folder Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll
+ Compressed (zipped) Folder Context Menu Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll
+ Compressed (zipped) Folder Drop Handler Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll
+ Compressed (zipped) Folder Right Drag Handler Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll
+ Compressed (zipped) Folder SendTo Target Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll
+ Computers and Devices Network Explorer Microsoft Corporation c:\windows\system32\networkexplorer.dll
+ contact_wab_auto_file Microsoft (R) Contacts DLL Microsoft Corporation c:\program files\common files\system\wab32.dll
+ Control Panel Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ Control Panel command object for Start menu Windows Control Panel Microsoft Corporation c:\windows\system32\control.exe
+ Crypto PKO Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll
+ Crypto Sign Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll
+ Custom MRU AutoCompleted List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Darwin App Publisher Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl
+ Default Programs command object for Start menu Windows Control Panel Microsoft Corporation c:\windows\system32\control.exe
+ Desktop Shortcut Send Mail Microsoft Corporation c:\windows\system32\sendmail.dll
+ Device Manager Device Manager MMC Snapin Microsoft Corporation c:\windows\system32\devmgr.dll
+ DfsShell.DfsShell Property Sheet Distributed File System shell extension Microsoft Corporation c:\windows\system32\dfsshlex.dll
+ Directory Context Menu Verbs Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiext.dll
+ Directory Object Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll
+ Directory Property UI Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiext.dll
+ Directory Query UI Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll
+ Directory Start/Search Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll
+ Disk Copy Extension Windows DiskCopy Microsoft Corporation c:\windows\system32\diskcopy.dll
+ Disk Quota UI Windows Shell Disk Quota UI DLL Microsoft Corporation c:\windows\system32\dskquoui.dll
+ Display Adapter CPL Extension Advanced display adapter properties Microsoft Corporation c:\windows\system32\deskadp.dll
+ Display Monitor CPL Extension Advanced display monitor properties Microsoft Corporation c:\windows\system32\deskmon.dll
+ Display TroubleShoot CPL Extension Advanced display performance properties Microsoft Corporation c:\windows\system32\deskperf.dll
+ DropTarget Object for Photo Printing Wizard Photo Printing Wizard Microsoft Corporation c:\windows\system32\photowiz.dll
+ DS Security Page Directory Service Security UI Microsoft Corporation c:\windows\system32\dssec.dll
+ E-mail Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ EMDFileProperties ReadyBoost Service Microsoft Corporation c:\windows\system32\emdmgmt.dll
+ Enhanced Storage Data Source Windows Enhanced Storage Shell Extension Microsoft Corporation c:\windows\system32\ehstorshell.dll
+ Execute Folder ExplorerFrame Microsoft Corporation c:\windows\system32\explorerframe.dll
+ Explorer Browser Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ Explorer Navigation Bar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Explorer Search Band Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Explorer Travel Band Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ File Backup Index Microsoft® Windows Backup Shell Extension Microsoft Corporation c:\windows\system32\sdshext.dll
+ File Open Dialog Common Dialogs DLL Microsoft Corporation c:\windows\system32\comdlg32.dll
+ File Save Dialog Common Dialogs DLL Microsoft Corporation c:\windows\system32\comdlg32.dll
+ Folder Options Windows host process (Rundll32) Microsoft Corporation c:\windows\system32\rundll32.exe
+ Fonts Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ For &People... Find People Microsoft Corporation c:\program files\windows mail\wabfind.dll
+ FTP Folders Webview Microsoft Internet Explorer FTP Folder Shell Extension Microsoft Corporation c:\windows\system32\msieftp.dll
+ Games Folder Games Explorer Microsoft Corporation c:\windows\system32\gameux.dll
+ GameUX.RichGameMediaThumbnail Games Explorer Microsoft Corporation c:\windows\system32\gameux.dll
+ Get Programs Online Windows host process (Rundll32) Microsoft Corporation c:\windows\system32\rundll32.exe
+ Global Folder Settings Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ group_wab_auto_file Microsoft (R) Contacts DLL Microsoft Corporation c:\program files\common files\system\wab32.dll
+ Help and Support Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Help and Support Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ History Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ HTML Document Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll
+ ICC Profile Microsoft Color Control Panel Microsoft Corporation c:\windows\system32\colorui.dll
+ ICM Monitor Management Microsoft Color Control Panel Microsoft Corporation c:\windows\system32\colorui.dll
+ ICM Printer Management Microsoft Color Control Panel Microsoft Corporation c:\windows\system32\colorui.dll
+ ICM Scanner Management Microsoft Color Control Panel Microsoft Corporation c:\windows\system32\colorui.dll
+ IE AutoComplete Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE BandProxy Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Custom MRU AutoCompleted List Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Fade Task Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE History and Feeds Shell Data Source for Windows Search Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE IShellFolderBand Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Menu Band Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Menu Desk Bar Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Menu Site Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Microsoft BrowserBand Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Microsoft History AutoComplete List Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Microsoft Multiple AutoComplete List Container Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Microsoft Shell Folder AutoComplete List Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE MRU AutoComplete List Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Navigation Bar Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Registry Tree Options Utility Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE RSS Feeder Folder Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Search Band Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Shell Band Site Menu Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Shell Rebar BandSite Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IE Tracking Shell Menu Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IGD Property Sheet Handler Internet Gateway Device properties Microsoft Corporation c:\windows\system32\icsigd.dll
+ In-pane search Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Install New Programs Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl
+ Installed Updates Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl
+ Internet Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Internet Name Space Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ InternetShortcut Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ IPropertyStore Handler for Images Photo Metadata Handler Microsoft Corporation c:\windows\system32\photometadatahandler.dll
+ iSCSI Initiator Microsoft iSCSI Initiator Configuration Tool Microsoft Corporation c:\windows\system32\iscsicpl.exe
+ iTunes iTunes Mini Player DLL Apple Inc. c:\program files\itunes\itunesminiplayer.dll
+ Layout Folder Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ Mail Service Send Mail Microsoft Corporation c:\windows\system32\sendmail.dll
+ Manage Wireless Networks Wireless Preferred Networks Microsoft Corporation c:\windows\system32\wlanpref.dll
+ MAPI Search Namespace Extension MSSearch Vista Platform Microsoft Corporation c:\windows\system32\mssvp.dll
+ Microsoft Agent Character Property Sheet Handler Microsoft Agent Property Sheet Handler Microsoft Corporation c:\windows\msagent\agentpsh.dll
+ Microsoft AutoComplete Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Breadcrumb Bar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft BrowserBand Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft CommBand Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Data Link OLE DB Core Services Microsoft Corporation c:\program files\common files\system\ole db\oledb32.dll
+ Microsoft History AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Internet Toolbar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Multiple AutoComplete List Container Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Power Options Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Microsoft Shell Folder AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Url History Service Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ Microsoft Url Search Hook Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ Microsoft Web Browser Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ Microsoft Windows Font File Context Menu Handler Windows Font Folder Microsoft Corporation c:\windows\system32\fontext.dll
+ Microsoft Windows Font File Icon Handler Windows Font Folder Microsoft Corporation c:\windows\system32\fontext.dll
+ Microsoft Windows Font Folder Windows Font Folder Microsoft Corporation c:\windows\system32\fontext.dll
+ Microsoft Windows Font Previewer Windows Font Folder Microsoft Corporation c:\windows\system32\fontext.dll
+ Microsoft Windows Mail Html Preview Handler Microsoft Internet Messaging API Resources Microsoft Corporation c:\windows\system32\inetcomm.dll
+ Microsoft Windows Mail Html Preview Handler Microsoft Internet Messaging API Resources Microsoft Corporation c:\windows\system32\inetcomm.dll
+ Microsoft Windows Mail Html Preview Handler Microsoft Internet Messaging API Resources Microsoft Corporation c:\windows\system32\inetcomm.dll
+ Microsoft Windows MAPI Preview Handler MSSearch Vista Platform Microsoft Corporation c:\windows\system32\mssvp.dll
+ Microsoft Windows RTF Preview Handler Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ Microsoft XPS Properties Package Document Shell Extension Handler Microsoft Corporation c:\windows\system32\xpsshhdr.dll
+ Microsoft XPS Thumbnail Package Document Shell Extension Handler Microsoft Corporation c:\windows\system32\xpsshhdr.dll
+ Microsoft.ScannersAndCameras Imaging Devices Control Panel Microsoft Corporation c:\program files\windows photo gallery\imagingdevices.exe
+ MMC Icon Handler MMC Shell Extension DLL Microsoft Corporation c:\windows\system32\mmcshext.dll
+ Mobility Center Control Panel Windows Mobility Center Microsoft Corporation c:\windows\system32\mblctr.exe
+ MRU AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ MSHTML Document Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll
+ MyDocs Drop Target My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll
+ MyDocuments menu and properties My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll
+ MyFolder Properties My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll
+ nethood delegate folder Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Network Connections Network Connections Shell Microsoft Corporation c:\windows\system32\netshell.dll
+ Network Connections Network Connections Shell Microsoft Corporation c:\windows\system32\netshell.dll
+ Network Explorer Property Sheet Handler Advanced network device properties Microsoft Corporation c:\windows\system32\ncdprop.dll
+ New Shortcut Wizard Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl
+ New Shortcut Wizard Modal Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl
+ NTFS Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32.dll
+ NvCpl DesktopContext Class NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
+ Office Document Property Handler Microsoft Property System Microsoft Corporation c:\windows\system32\propsys.dll
+ Offline Files Context Menu Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll
+ Offline Files Folder Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll
+ Offline Files Folder Options Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll
+ Offline Files Icon Overlay Handler Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll
+ Offline Files Property Sheet Extension Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll
+ OLE Docfile Property Page OLE DocFile Property Page Microsoft Corporation c:\windows\system32\docprop.dll
+ OlePrn.PrinterURL Oleprn DLL Microsoft Corporation c:\windows\system32\oleprn.dll
+ Photo Thumbnail Extractor Photo Metadata Handler Microsoft Corporation c:\windows\system32\photometadatahandler.dll
+ Photo Thumbnail Provider Photo Metadata Handler Microsoft Corporation c:\windows\system32\photometadatahandler.dll
+ PhotoAcqDropTarget Photo Acquisition Microsoft Corporation c:\program files\windows photo gallery\photoacq.dll
+ Play on my TV helper NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
+ PlusPack CPL Extension Windows Theme API Microsoft Corporation c:\windows\system32\themeui.dll
+ Portable Devices Portable Devices Shell Extension Microsoft Corporation c:\windows\system32\wpdshext.dll
+ Portable Devices Menu Portable Devices Shell Extension Microsoft Corporation c:\windows\system32\wpdshext.dll
+ Portable Media Devices Portable Media Devices Shell Extension Microsoft Corporation c:\windows\system32\audiodev.dll
+ Previous Versions Previous Versions property page Microsoft Corporation c:\windows\system32\twext.dll
+ Previous Versions Property Page Previous Versions property page Microsoft Corporation c:\windows\system32\twext.dll
+ Print Ordering via the Web Windows Shell Web Services Microsoft Corporation c:\windows\system32\shwebsvc.dll
+ Printers Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32.dll
+ printhood delegate folder Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Problem Reports and Solutions Problem Reports and Solutions Microsoft Corporation c:\windows\system32\wercon.exe
+ Programs and Features Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl
+ Programs Folder and Fast Items Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ Property Labels Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Public Folder Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Registry Tree Options Utility Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Remote Sessions CPL Extension Remote Sessions CPL Extension Microsoft Corporation c:\windows\system32\remotepg.dll
+ RichGameMediaPropertyStore Class Games Explorer Microsoft Corporation c:\windows\system32\gameux.dll
+ Run... Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Search Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Search Band Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Search Control Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Search Execute Command ExplorerFrame Microsoft Corporation c:\windows\system32\explorerframe.dll
+ Search Folder Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Search Folders Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ Set Program Access and Defaults Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Shell Band Site Menu Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Shell DeskBarApp Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Shell DocObject Viewer Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ Shell extensions for Microsoft Windows Network objects Network object shell UI Microsoft Corporation c:\windows\system32\ntlanui2.dll
+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll
+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll
+ Shell extensions for Windows Script Host Microsoft (R) Shell Extension for Windows Script Host Microsoft Corporation c:\windows\system32\wshext.dll
+ Shell Icon Handler for Application References Application Deployment Support Library Microsoft Corporation c:\windows\system32\dfshim.dll
+ Shell Message Handler Microsoft Internet Messaging API Resources Microsoft Corporation c:\windows\system32\inetcomm.dll
+ Shell properties for a DS object Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll
+ Shell Publishing Wizard Object Windows Shell Web Services Microsoft Corporation c:\windows\system32\shwebsvc.dll
+ Shell Rebar BandSite Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ ShellLink for Application References Application Deployment Support Library Microsoft Corporation c:\windows\system32\dfshim.dll
+ Shortcut Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ Show Desktop Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Start Menu OEM Command Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Subscription Folder Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Subscription Mgr Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Summary Info Thumbnail handler (DOCFILES) Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ Sync Center Conflict Delegate Folder Microsoft Sync Center Microsoft Corporation c:\windows\system32\synccenter.dll
+ Sync Center Conflict Folder Microsoft Sync Center Microsoft Corporation c:\windows\system32\synccenter.dll
+ Sync Center Conflict Properties Extension Microsoft Sync Center Microsoft Corporation c:\windows\system32\synccenter.dll
+ Sync Center Device Notification Sink Microsoft Sync Center Microsoft Corporation c:\windows\system32\synccenter.dll
+ Sync Center Event Properties Extension Microsoft Sync Center Microsoft Corporation c:\windows\system32\synccenter.dll
+ Sync Center Folder Microsoft Sync Center Microsoft Corporation c:\windows\system32\synccenter.dll
+ Sync Center Handler Properties Extension Microsoft Sync Center Microsoft Corporation c:\windows\system32\synccenter.dll
+ Sync Center Item Properties Extension Microsoft Sync Center Microsoft Corporation c:\windows\system32\synccenter.dll
+ Sync Center Simple Conflict Presenter Microsoft Sync Center Microsoft Corporation c:\windows\system32\synccenter.dll
+ Sync Results Delegate Folder Microsoft Sync Center Microsoft Corporation c:\windows\system32\synccenter.dll
+ Sync Results Folder Microsoft Sync Center Microsoft Corporation c:\windows\system32\synccenter.dll
+ Sync Setup Delegate Folder Microsoft Sync Center Microsoft Corporation c:\windows\system32\synccenter.dll
+ Sync Setup Folder Microsoft Sync Center Microsoft Corporation c:\windows\system32\synccenter.dll
+ Tablet PC Input Panel Microsoft Tablet Input Band Microsoft Corporation c:\program files\common files\microsoft shared\ink\tipband.dll
+ Taskbar and Start Menu Windows host process (Rundll32) Microsoft Corporation c:\windows\system32\rundll32.exe
+ Temporary Internet Files Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ Temporary Internet Files Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ The Internet Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
+ Touch Band Microsoft Tablet PC Touch Input Component Microsoft Corporation c:\windows\system32\touchx.dll
+ Tree property value folder Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ User Accounts Advanced User Accounts Control Panel Microsoft Corporation c:\windows\system32\netplwiz.exe
+ User Assist Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ users files delegate folder Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Video Media Properties Handler Media Metadata Handler Microsoft Corporation c:\windows\system32\mediametadatahandler.dll
+ Video Thumbnail Extractor Media Metadata Handler Microsoft Corporation c:\windows\system32\mediametadatahandler.dll
+ View Available Networks View Available Networks Microsoft Corporation c:\windows\system32\van.dll
+ Web Printer Shell Extension Printer Settings User Interface Microsoft Corporation c:\windows\system32\printui.dll
+ Web Publishing Wizard Windows Shell Web Services Microsoft Corporation c:\windows\system32\shwebsvc.dll
+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ WebCheck SyncMgr Handler Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ WebCheckWebCrawler Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Welcome Center Welcome Center Microsoft Corporation c:\windows\system32\oobefldr.dll
+ Window Switcher Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Window TXT Preview Handler Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ Windows Contact Preview Handler Microsoft (R) Contacts DLL Microsoft Corporation c:\program files\common files\system\wab32.dll
+ Windows Defender Windows Defender User Interface Microsoft Corporation c:\program files\windows defender\msascui.exe
+ Windows Defender IOfficeAntiVirus implementation IOfficeAntiVirus Module Microsoft Corporation c:\program files\windows defender\mpoav.dll
+ Windows Features Windows Features Microsoft Corporation c:\windows\system32\optionalfeatures.exe
+ Windows Firewall Windows Firewall Control Panel Microsoft Corporation c:\windows\system32\firewallcontrolpanel.exe
+ Windows gadget DropTarget Sidebar droptarget Microsoft Corporation c:\program files\windows sidebar\sbdrop.dll
+ Windows Media Player Windows Media Player Deskband Microsoft Corporation c:\program files\windows media player\wmpband.dll
+ Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll
+ Windows Media Player Burn Audio CD Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll
+ Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll
+ Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll
+ Windows Media Player Shop Music Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll
+ Windows Photo Gallery Viewer Image Verbs Windows Photo Gallery Microsoft Corporation c:\program files\windows photo gallery\photoviewer.dll
+ Windows Photo Gallery Viewer Video Verbs Windows Photo Gallery Microsoft Corporation c:\program files\windows photo gallery\photoviewer.dll
+ Windows Sidebar Properties Windows Sidebar Microsoft Corporation c:\program files\windows sidebar\sidebar.exe
+ Windows Update Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ WinRAR shell extension c:\program files\winrar\rarext.dll
+ Wireless Devices Function Discovery Folder Microsoft Corporation c:\windows\system32\functiondiscoveryfolder.dll
+ WPL property store Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
  • bbgrh
  • Novice
  • Novice
  • bbgrh
  • Posts: 20

Post 3+ Months Ago

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
+ ieframe.dll Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll
HKLM\System\CurrentControlSet\Services
+ AeLookupSvc Processes application compatibility cache requests for applications as they are launched Microsoft Corporation c:\windows\system32\aelupsvc.dll
+ Apple Mobile Device Provides the interface to Apple mobile devices. Apple Inc. c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
+ aswUpdSv Provides automatic updating for the avast! antivirus. ALWIL Software c:\program files\alwil software\avast4\aswupdsv.exe
+ AudioEndpointBuilder Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start Microsoft Corporation c:\windows\system32\audiosrv.dll
+ Audiosrv Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start Microsoft Corporation c:\windows\system32\audiosrv.dll
+ avast! Antivirus Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler. ALWIL Software c:\program files\alwil software\avast4\ashserv.exe
+ BFE The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. Microsoft Corporation c:\windows\system32\bfe.dll
+ BITS Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information. Microsoft Corporation c:\windows\system32\qmgr.dll
+ Bonjour Service Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network. Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour, any network service that explicitly depends on it will fail to start. Apple Inc. c:\program files\bonjour\mdnsresponder.exe
+ Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\browser.dll
+ CryptSvc Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\cryptsvc.dll
+ DcomLaunch Provides launch functionality for DCOM services. Microsoft Corporation c:\windows\system32\rpcss.dll
+ Dhcp Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\dhcpcsvc.dll
+ Dnscache The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\dnsrslvr.dll
+ DPS The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\dps.dll
+ ehstart Starts Windows Media Center Scheduler and Windows Media Center Receiver services at startup if TV is enabled within Windows Media Center. Microsoft Corporation c:\windows\ehome\ehstart.dll
+ EMDMgmt Provides support for improving system performance using ReadyBoost. Microsoft Corporation c:\windows\system32\emdmgmt.dll
+ Eventlog This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system. Microsoft Corporation c:\windows\system32\wevtsvc.dll
+ EventSystem Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\es.dll
+ FDResPub Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network. Microsoft Corporation c:\windows\system32\fdrespub.dll
+ gpsvc The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is stopped or disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is stopped or disabled. Microsoft Corporation c:\windows\system32\gpsvc.dll
+ hidserv Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\hidserv.dll
+ IKEEXT The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running. Microsoft Corporation c:\windows\system32\ikeext.dll
+ iphlpsvc Provides automatic IPv6 connectivity over an IPv4 network. If this service is stopped, the machine will only have IPv6 connectivity if it is connected to a native IPv6 network. Microsoft Corporation c:\windows\system32\iphlpsvc.dll
+ iPod Service iPod hardware management services Apple Inc. c:\program files\ipod\bin\ipodservice.exe
+ KtmRm Coordinates transactions between MSDTC and the Kernel Transaction Manager (KTM). Microsoft Corporation c:\windows\system32\msdtckrm.dll
+ LanmanWorkstation Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\wkssvc.dll
+ lmhosts Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\lmhsvc.dll
+ MMCSS Enables relative prioritization of work based on system-wide task priorities. This is intended mainly for multimedia applications. If this service is stopped, individual tasks resort to their default priority. Microsoft Corporation c:\windows\system32\mmcss.dll
+ MpsSvc Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network. Microsoft Corporation c:\windows\system32\mpssvc.dll
+ netprofm Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change. Microsoft Corporation c:\windows\system32\netprofm.dll
+ NlaSvc Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\nlasvc.dll
+ nsi This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start. Microsoft Corporation c:\windows\system32\nsisvc.dll
+ nvsvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation c:\windows\system32\nvvsvc.exe
+ PcaSvc Provides support for the Program Compatibility Assistant. If this service is stopped, the Program Compatibility Assistant will not function properly. If this service is disabled, any services that depend on it will fail to start. Microsoft Corporation c:\windows\system32\pcasvc.dll
+ PlugPlay Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Microsoft Corporation c:\windows\system32\umpnpmgr.dll
+ PolicyAgent Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool "netsh ipsec". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Firewall is not available when this service is stopped. Microsoft Corporation c:\windows\system32\ipsecsvc.dll
+ ProfSvc This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully logon or logoff, applications may have problems getting to users' data, and components registered to receive profile event notifications will not receive them. Microsoft Corporation c:\windows\system32\profsvc.dll
+ RpcSs Serves as the endpoint mapper and COM Service Control Manager. If this service is stopped or disabled, programs using COM or Remote Procedure Call (RPC) services will not function properly. Microsoft Corporation c:\windows\system32\rpcss.dll
+ SamSs The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled. Microsoft Corporation c:\windows\system32\lsass.exe
+ SBSDWSCService Spybot-S&D Security Center integration Safer Networking Ltd. c:\program files\spybot - search & destroy\sdwinsec.exe
+ Schedule Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\schedsvc.dll
+ SENS Monitors system events and notifies subscribers to COM+ Event System of these events. Microsoft Corporation c:\windows\system32\sens.dll
+ ShellHWDetection Provides notifications for AutoPlay hardware events. Microsoft Corporation c:\windows\system32\shsvcs.dll
+ slsvc Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. Microsoft Corporation c:\windows\system32\slsvc.exe
+ stisvc Provides image acquisition services for scanners and cameras Microsoft Corporation c:\windows\system32\wiaservc.dll
+ SysMain Maintains and improves system performance over time. Microsoft Corporation c:\windows\system32\sysmain.dll
+ TabletInputService Enables Tablet PC pen and ink functionality Microsoft Corporation c:\windows\system32\tabsvc.dll
+ TBS Enables access to the Trusted Platform Module (TPM), which provides hardware-based cryptographic services to system components and applications. If this service is stopped or disabled, applications will be unable to use keys protected by the TPM. Microsoft Corporation c:\windows\system32\tbssvc.dll
+ Themes Provides user experience theme management. Microsoft Corporation c:\windows\system32\shsvcs.dll
+ TrkWks Maintains links between NTFS files within a computer or across computers in a network. Microsoft Corporation c:\windows\system32\trkwks.dll
+ upnphost Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\upnphost.dll
+ UxSms Provides Desktop Window Manager startup and maintenance services Microsoft Corporation c:\windows\system32\uxsms.dll
+ W32Time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\w32time.dll
+ WebClient Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\webclnt.dll
+ WerSvc Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed. Microsoft Corporation c:\windows\system32\wersvc.dll
+ WinDefend Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions. Microsoft Corporation c:\program files\windows defender\mpsvc.dll
+ Winmgmt Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\wbem\wmisvc.dll
+ Wlansvc This service enumerates WLAN adapters, manages WLAN connections and profiles. Microsoft Corporation c:\windows\system32\wlansvc.dll
+ wscsvc Monitors system security settings and configurations. Microsoft Corporation c:\windows\system32\wscsvc.dll
+ WSearch Provides content indexing and property caching for file, email and other content (via extensibility APIs). The service responds to file and email notifications to index modified content. If the service is stopped or disabled, the Explorer will not be able to display virtual folder views of items, and search in the Explorer will fall back to item-by-item slow search. Microsoft Corporation c:\windows\system32\searchindexer.exe
+ wuauserv Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. Microsoft Corporation c:\windows\system32\wuaueng.dll
+ wudfsvc Manages user-mode driver host processes Microsoft Corporation c:\windows\system32\wudfsvc.dll
+ XAudioService User-mode gate for Modem Speakerphone Conexant Systems, Inc. c:\windows\system32\drivers\xaudio.exe
HKLM\System\CurrentControlSet\Services
+ ACPI ACPI Driver for NT Microsoft Corporation c:\windows\system32\drivers\acpi.sys
+ AFD Ancilliary Function Driver for Winsock Microsoft Corporation c:\windows\system32\drivers\afd.sys
+ agp440 440 NT AGP Filter Microsoft Corporation c:\windows\system32\drivers\agp440.sys
+ amdagp AMD NT AGP Filter Microsoft Corporation c:\windows\system32\drivers\amdagp.sys
+ AmdK8 Processor Device Driver Microsoft Corporation c:\windows\system32\drivers\amdk8.sys
+ aswFsBlk avast! mini-filter driver (aswFsBlk) ALWIL Software c:\windows\system32\drivers\aswfsblk.sys
+ aswMonFlt avast! mini-filter driver (aswMonFlt) ALWIL Software c:\windows\system32\drivers\aswmonflt.sys
+ AsyncMac RAS Asynchronous Media Driver Microsoft Corporation c:\windows\system32\drivers\asyncmac.sys
+ atapi ATAPI IDE Miniport Driver Microsoft Corporation c:\windows\system32\drivers\atapi.sys
+ athr Atheros Extensible Wireless LAN device driver Atheros Communications, Inc. c:\windows\system32\drivers\athr.sys
+ bowser Implements the datagram receiver for the computer browser browser service. Microsoft Corporation c:\windows\system32\drivers\bowser.sys
+ BrFiltLo Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver Brother Industries, Ltd. c:\windows\system32\drivers\brfiltlo.sys
+ BrFiltUp Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver Brother Industries, Ltd. c:\windows\system32\drivers\brfiltup.sys
+ BrUsbSer Brother USB Serial Driver Brother Industries Ltd. c:\windows\system32\drivers\brusbser.sys
+ BthEnum Bluetooth Bus Extender Microsoft Corporation c:\windows\system32\drivers\bthenum.sys
+ BthPan Bluetooth Device (Personal Area Network) Microsoft Corporation c:\windows\system32\drivers\bthpan.sys
+ BTHPORT Bluetooth Bus Driver Microsoft Corporation c:\windows\system32\drivers\bthport.sys
+ BTHUSB Bluetooth Miniport Driver Microsoft Corporation c:\windows\system32\drivers\bthusb.sys
+ cdrom SCSI CD-ROM Driver Microsoft Corporation c:\windows\system32\drivers\cdrom.sys
+ CLFS Common Log (CLFS) Microsoft Corporation c:\windows\system32\clfs.sys
+ CmBatt Control Method Battery Driver Microsoft Corporation c:\windows\system32\drivers\cmbatt.sys
+ Compbatt Composite Battery Driver Microsoft Corporation c:\windows\system32\drivers\compbatt.sys
+ crcdisk Disk Block Verification Filter Driver Microsoft Corporation c:\windows\system32\drivers\crcdisk.sys
+ DfsC Client driver for access to DFS Namespaces Microsoft Corporation c:\windows\system32\drivers\dfsc.sys
+ disk PnP Disk Driver Microsoft Corporation c:\windows\system32\drivers\disk.sys
+ drmkaud Microsoft Kernel DRM Audio Descrambler Filter Microsoft Corporation c:\windows\system32\drivers\drmkaud.sys
+ DXGKrnl Controls the underlying video driver stacks to provide fully-featured display capabilities. Microsoft Corporation c:\windows\system32\drivers\dxgkrnl.sys
+ E100B Intel(R) PRO/100 Adapter NDIS 5.1 driver Intel Corporation c:\windows\system32\drivers\e100b325.sys
+ E1G60 Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver Intel Corporation c:\windows\system32\drivers\e1g60i32.sys
+ Ecache ReadyBoost Caching Driver Microsoft Corporation c:\windows\system32\drivers\ecache.sys
+ FETNDIS NDIS 5.0 miniport driver VIA Technologies, Inc. c:\windows\system32\drivers\fetnd5.sys
+ FileInfo Collects information about files in memory to be consumed by other system services. Microsoft Corporation c:\windows\system32\drivers\fileinfo.sys
+ Filetrace ETW File Trace Filter Microsoft Corporation c:\windows\system32\drivers\filetrace.sys
+ FltMgr File System Filter Manager Driver Microsoft Corporation c:\windows\system32\drivers\fltmgr.sys
+ fvevol Bitlocker Drive Encryption Filter Driver Microsoft Corporation c:\windows\system32\drivers\fvevol.sys
+ gagp30kx MS Generic AGPv3.0 Filter for K8/9 Processor Platforms Microsoft Corporation c:\windows\system32\drivers\gagp30kx.sys
+ GEARAspiWDM CD DVD Filter GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys
+ HdAudAddService High Definition Audio Function Driver Microsoft Corporation c:\windows\system32\drivers\hdaudio.sys
+ HDAudBus High Definition Audio Bus Driver Microsoft Corporation c:\windows\system32\drivers\hdaudbus.sys
+ HidUsb USB Miniport Driver for Input Devices Microsoft Corporation c:\windows\system32\drivers\hidusb.sys
+ HSF_DPV HSF_DP driver Conexant Systems, Inc. c:\windows\system32\drivers\hsx_dpv.sys
+ HSXHWAZL HSF_HWAZL WDM driver Conexant Systems, Inc. c:\windows\system32\drivers\hsxhwazl.sys
+ HTTP This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\drivers\http.sys
+ i8042prt i8042 Port Driver Microsoft Corporation c:\windows\system32\drivers\i8042prt.sys
+ IpFilterDriver IP Traffic Filter Driver Microsoft Corporation c:\windows\system32\drivers\ipfltdrv.sys
+ IpInIp IP in IP Tunnel Driver File not found: system32\DRIVERS\ipinip.sys
+ IPNAT IP Network Address Translator Microsoft Corporation c:\windows\system32\drivers\ipnat.sys
+ IRENUM IR Bus Enumerator Microsoft Corporation c:\windows\system32\drivers\irenum.sys
+ iScsiPrt Microsoft iSCSI Initiator Driver Microsoft Corporation c:\windows\system32\drivers\msiscsi.sys
+ kbdclass Keyboard Class Driver Microsoft Corporation c:\windows\system32\drivers\kbdclass.sys
+ kbdhid HID Keyboard Filter Driver Microsoft Corporation c:\windows\system32\drivers\kbdhid.sys
+ KSecDD Kernel Security Support Provider Interface Microsoft Corporation c:\windows\system32\drivers\ksecdd.sys
+ lltdio Link-Layer Topology Mapper I/O Driver Microsoft Corporation c:\windows\system32\drivers\lltdio.sys
+ luafv Virtualizes file write failures to per-user locations. Microsoft Corporation c:\windows\system32\drivers\luafv.sys
+ mdmxsdk Diagnostic Interface x86 Driver Conexant c:\windows\system32\drivers\mdmxsdk.sys
+ Modem Modem Device Driver Microsoft Corporation c:\windows\system32\drivers\modem.sys
+ monitor Monitor Driver Microsoft Corporation c:\windows\system32\drivers\monitor.sys
+ mouclass Mouse Class Driver Microsoft Corporation c:\windows\system32\drivers\mouclass.sys
+ mouhid HID Mouse Filter Driver Microsoft Corporation c:\windows\system32\drivers\mouhid.sys
+ MountMgr Driver responsible with maintaining persistent drive letters and names for volumes Microsoft Corporation c:\windows\system32\drivers\mountmgr.sys
+ mpsdrv Windows Firewall Authorization Driver is a kernel mode driver that provides deep inspection services on inbound and outbound network traffic. Microsoft Corporation c:\windows\system32\drivers\mpsdrv.sys
+ MRxDAV WebDav Client Redirector Driver Microsoft Corporation c:\windows\system32\drivers\mrxdav.sys
+ mrxsmb Implements the framework for the SMB filesystem redirector Microsoft Corporation c:\windows\system32\drivers\mrxsmb.sys
+ mrxsmb10 Implements the SMB 1.x (CIFS) protocol. This protocol provides connectivity to network resources on pre-Windows Vista servers Microsoft Corporation c:\windows\system32\drivers\mrxsmb10.sys
+ mrxsmb20 Implements the SMB 2.0 protocol, which provides connectivity to network resources on Windows Vista and later servers Microsoft Corporation c:\windows\system32\drivers\mrxsmb20.sys
+ msisadrv ISA Driver Microsoft Corporation c:\windows\system32\drivers\msisadrv.sys
+ MSKSSRV MS KS Server Microsoft Corporation c:\windows\system32\drivers\mskssrv.sys
+ MSPCLOCK MS Proxy Clock Microsoft Corporation c:\windows\system32\drivers\mspclock.sys
+ MSPQM MS Proxy Quality Manager Microsoft Corporation c:\windows\system32\drivers\mspqm.sys
+ mssmbios System Management BIOS Driver Microsoft Corporation c:\windows\system32\drivers\mssmbios.sys
+ MSTEE WDM Tee/Communication Transform Filter Microsoft Corporation c:\windows\system32\drivers\mstee.sys
+ Mup Multiple UNC Provider Microsoft Corporation c:\windows\system32\drivers\mup.sys
+ NativeWifiP NativeWiFi Miniport Driver Microsoft Corporation c:\windows\system32\drivers\nwifi.sys
+ NDIS NDIS System Driver Microsoft Corporation c:\windows\system32\drivers\ndis.sys
+ NdisTapi Remote Access NDIS TAPI Driver Microsoft Corporation c:\windows\system32\drivers\ndistapi.sys
+ Ndisuio NDIS User mode I/O driver Microsoft Corporation c:\windows\system32\drivers\ndisuio.sys
+ NdisWan Remote Access NDIS WAN Driver Microsoft Corporation c:\windows\system32\drivers\ndiswan.sys
+ Netaapl Apple Mobile Device Ethernet Apple Inc. c:\windows\system32\drivers\netaapl.sys
+ NetBIOS NetBIOS Interface Microsoft Corporation c:\windows\system32\drivers\netbios.sys
+ netbt This service implements NetBios over TCP/IP. Microsoft Corporation c:\windows\system32\drivers\netbt.sys
+ nsiproxy NSI proxy service Microsoft Corporation c:\windows\system32\drivers\nsiproxy.sys
+ nv_agp NForce NT AGP Filter Microsoft Corporation c:\windows\system32\drivers\nv_agp.sys
+ NVENETFD NVIDIA MCP Networking Function Driver. NVIDIA Corporation c:\windows\system32\drivers\nvmfdx32.sys
+ nvlddmkm NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 177.13 NVIDIA Corporation c:\windows\system32\drivers\nvlddmkm.sys
+ nvsmu NVIDIA® nForce(TM) SMU Microcontroller Driver NVIDIA Corporation c:\windows\system32\drivers\nvsmu.sys
+ NwlnkFlt IPX Traffic Filter Driver File not found: system32\DRIVERS\nwlnkflt.sys
+ NwlnkFwd IPX Traffic Forwarder Driver File not found: system32\DRIVERS\nwlnkfwd.sys
+ ohci1394 1394 OpenHCI Port Driver Microsoft Corporation c:\windows\system32\drivers\ohci1394.sys
+ Parport Parallel Port Driver Microsoft Corporation c:\windows\system32\drivers\parport.sys
+ partmgr Disk class filter driver that auctions out partitions to volume managers Microsoft Corporation c:\windows\system32\drivers\partmgr.sys
+ Parvdm VDM Parallel Driver Microsoft Corporation c:\windows\system32\drivers\parvdm.sys
+ pci NT Plug and Play PCI Enumerator Microsoft Corporation c:\windows\system32\drivers\pci.sys
+ pciide Generic PCI IDE Bus Driver Microsoft Corporation c:\windows\system32\drivers\pciide.sys
+ PEAUTH Protected Environment Authentication and Authorization Export Driver Microsoft Corporation c:\windows\system32\drivers\peauth.sys
+ PptpMiniport WAN Miniport (PPTP) Microsoft Corporation c:\windows\system32\drivers\raspptp.sys
+ PSched QoS Packet Scheduler Microsoft Corporation c:\windows\system32\drivers\pacer.sys
+ QWAVEdrv Quality Windows Audio/Video Experience component driver Microsoft Corporation c:\windows\system32\drivers\qwavedrv.sys
+ RasAcd Remote Access Auto Connection Driver Microsoft Corporation c:\windows\system32\drivers\rasacd.sys
+ Rasl2tp WAN Miniport (L2TP) Microsoft Corporation c:\windows\system32\drivers\rasl2tp.sys
+ RasPppoe Remote Access PPPOE Driver Microsoft Corporation c:\windows\system32\drivers\raspppoe.sys
+ RasSstp WAN Miniport (SSTP) Microsoft Corporation c:\windows\system32\drivers\rassstp.sys
+ rdbss Provides the framework for network mini-redirectors Microsoft Corporation c:\windows\system32\drivers\rdbss.sys
+ RDPCDD RDPDD Chained DD Microsoft Corporation c:\windows\system32\drivers\rdpcdd.sys
+ rdpdr Microsoft RDP Device redirector Microsoft Corporation c:\windows\system32\drivers\rdpdr.sys
+ RDPENCDD RDP Encoder Mirror Driver Microsoft Corporation c:\windows\system32\drivers\rdpencdd.sys
+ RFCOMM Bluetooth Device (RFCOMM Protocol TDI) Microsoft Corporation c:\windows\system32\drivers\rfcomm.sys
+ rimmptsk RICOH MMC Driver REDC c:\windows\system32\drivers\rimmptsk.sys
+ rimsptsk RICOH MS Driver REDC c:\windows\system32\drivers\rimsptsk.sys
+ rspndr Link-Layer Topology Responder Driver for NDIS 6 Microsoft Corporation c:\windows\system32\drivers\rspndr.sys
+ sdbus SecureDigital Bus Driver Microsoft Corporation c:\windows\system32\drivers\sdbus.sys
+ Serenum Serial Port Enumerator Microsoft Corporation c:\windows\system32\drivers\serenum.sys
+ Serial Serial Device Driver Microsoft Corporation c:\windows\system32\drivers\serial.sys
+ sffdisk Small Form Factor Disk Driver Microsoft Corporation c:\windows\system32\drivers\sffdisk.sys
+ sffp_mmc Small Form Factor MMC Protocol Driver Microsoft Corporation c:\windows\system32\drivers\sffp_mmc.sys
+ sffp_sd Small Form Factor SD Protocol Driver Microsoft Corporation c:\windows\system32\drivers\sffp_sd.sys
+ sisagp SIS NT AGP Filter Microsoft Corporation c:\windows\system32\drivers\sisagp.sys
+ Smb Microsoft NetbiosSmb Device Driver Microsoft Corporation c:\windows\system32\drivers\smb.sys
+ srv Server driver Microsoft Corporation c:\windows\system32\drivers\srv.sys
+ srv2 Default SDDL for Windows Resource Protected file Microsoft Corporation c:\windows\system32\drivers\srv2.sys
+ srvnet Server Network driver Microsoft Corporation c:\windows\system32\drivers\srvnet.sys
+ swenum Plug and Play Software Device Enumerator Microsoft Corporation c:\windows\system32\drivers\swenum.sys
+ Tcpip TCP/IP Protocol Driver Microsoft Corporation c:\windows\system32\drivers\tcpip.sys
+ Tcpip6 Microsoft IPv6 Protocol Driver Microsoft Corporation c:\windows\system32\drivers\tcpip.sys
+ tcpipreg Provides compatibility for legacy applications which interact with TCP/IP through the registry. If this service is stopped, certain applications may have impaired functionality. Microsoft Corporation c:\windows\system32\drivers\tcpipreg.sys
+ TDPIPE Named Pipe Transport Driver Microsoft Corporation c:\windows\system32\drivers\tdpipe.sys
+ TDTCP TCP Transport Driver Microsoft Corporation c:\windows\system32\drivers\tdtcp.sys
+ tdx NetIO Legacy TDI Support Driver Microsoft Corporation c:\windows\system32\drivers\tdx.sys
+ TermDD Terminal Server Driver Microsoft Corporation c:\windows\system32\drivers\termdd.sys
+ tssecsrv Terminal Services Security Filter Driver Microsoft Corporation c:\windows\system32\drivers\tssecsrv.sys
+ tunmp Microsoft Tunnel Interface Driver Microsoft Corporation c:\windows\system32\drivers\tunmp.sys
+ tunnel Microsoft Tunnel Interface Driver Microsoft Corporation c:\windows\system32\drivers\tunnel.sys
+ uagp35 MS AGPv3.5 Filter Microsoft Corporation c:\windows\system32\drivers\uagp35.sys
+ uliagpkx ULi AGPv3.0 Filter for K8/9 Processor Platforms Microsoft Corporation c:\windows\system32\drivers\uliagpkx.sys
+ umbus User-Mode Bus Enumerator Microsoft Corporation c:\windows\system32\drivers\umbus.sys
+ USBAAPL Apple Mobile Device USB Driver Apple, Inc. c:\windows\system32\drivers\usbaapl.sys
+ usbccgp USB Common Class Generic Parent Driver Microsoft Corporation c:\windows\system32\drivers\usbccgp.sys
+ usbehci EHCI eUSB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbehci.sys
+ usbhub Default Hub Driver for USB Microsoft Corporation c:\windows\system32\drivers\usbhub.sys
+ usbohci OHCI USB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbohci.sys
+ USBSTOR USB Mass Storage Class Driver Microsoft Corporation c:\windows\system32\drivers\usbstor.sys
+ usbvideo USB Video Class Driver Microsoft Corporation c:\windows\system32\drivers\usbvideo.sys
+ vga VGA/Super VGA Video Driver Microsoft Corporation c:\windows\system32\drivers\vgapnp.sys
+ VgaSave VGA/Super VGA Video Driver Microsoft Corporation c:\windows\system32\drivers\vga.sys
+ viaagp VIA NT AGP Filter Microsoft Corporation c:\windows\system32\drivers\viaagp.sys
+ volmgr Volume Manager Driver Microsoft Corporation c:\windows\system32\drivers\volmgr.sys
+ volmgrx Extension of the volume manager driver that manages software RAID volumes (spanned, striped, mirrored, RAID-5) on dynamic disks Microsoft Corporation c:\windows\system32\drivers\volmgrx.sys
+ volsnap Volume Shadow Copy Driver Microsoft Corporation c:\windows\system32\drivers\volsnap.sys
+ Wanarp Remote Access IP ARP Driver Microsoft Corporation c:\windows\system32\drivers\wanarp.sys
+ Wanarpv6 Remote Access IPv6 ARP Driver Microsoft Corporation c:\windows\system32\drivers\wanarp.sys
+ Wdf01000 WDF Dynamic Microsoft Corporation c:\windows\system32\drivers\wdf01000.sys
+ winachsf HSF_CNXT driver Conexant Systems, Inc. c:\windows\system32\drivers\hsx_cnxt.sys
+ WmiAcpi Windows Management Interface for ACPI Microsoft Corporation c:\windows\system32\drivers\wmiacpi.sys
+ WpdUsb WPD USB Driver Microsoft Corporation c:\windows\system32\drivers\wpdusb.sys
+ WUDFRd Windows Driver Foundation - User-mode Driver Framework Reflector Microsoft Corporation c:\windows\system32\drivers\wudfrd.sys
+ XAudio Modem Audio Device Driver Conexant Systems, Inc. c:\windows\system32\drivers\xaudio.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
+ autocheck autochk * Auto Check Utility Microsoft Corporation c:\windows\system32\autochk.exe
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
+ advapi32 Advanced Windows 32 Base API Microsoft Corporation c:\windows\system32\advapi32.dll
+ clbcatq COM+ Configuration Catalog Microsoft Corporation c:\windows\system32\clbcatq.dll
+ COMDLG32 Common Dialogs DLL Microsoft Corporation c:\windows\system32\comdlg32.dll
+ gdi32 GDI Client DLL Microsoft Corporation c:\windows\system32\gdi32.dll
+ IERTUTIL Run time utility for Internet Explorer Microsoft Corporation c:\windows\system32\iertutil.dll
+ IMAGEHLP Windows NT Image Helper Microsoft Corporation c:\windows\system32\imagehlp.dll
+ IMM32 Multi-User Windows IMM32 API Client DLL Microsoft Corporation c:\windows\system32\imm32.dll
+ kernel32 Windows NT BASE API Client DLL Microsoft Corporation c:\windows\system32\kernel32.dll
+ LPK Language Pack Microsoft Corporation c:\windows\system32\lpk.dll
+ MSCTF MSCTF Server DLL Microsoft Corporation c:\windows\system32\msctf.dll
+ MSVCRT Windows NT CRT DLL Microsoft Corporation c:\windows\system32\msvcrt.dll
+ NORMALIZ Unicode Normalization DLL Microsoft Corporation c:\windows\system32\normaliz.dll
+ NSI NSI User-mode interface DLL Microsoft Corporation c:\windows\system32\nsi.dll
+ ole32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\ole32.dll
+ OLEAUT32 Microsoft Corporation c:\windows\system32\oleaut32.dll
+ rpcrt4 Remote Procedure Call Runtime Microsoft Corporation c:\windows\system32\rpcrt4.dll
+ Setupapi Windows Setup API Microsoft Corporation c:\windows\system32\setupapi.dll
+ SHELL32 Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ SHLWAPI Shell Light-weight Utility Library Microsoft Corporation c:\windows\system32\shlwapi.dll
+ URLMON OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ user32 Multi-User Windows USER API Client DLL Microsoft Corporation c:\windows\system32\user32.dll
+ USP10 Uniscribe Unicode script processor Microsoft Corporation c:\windows\system32\usp10.dll
+ WININET Internet Extensions for Win32 Microsoft Corporation c:\windows\system32\wininet.dll
+ WLDAP32 Win32 LDAP API DLL Microsoft Corporation c:\windows\system32\wldap32.dll
+ WS2_32 Windows Socket 2.0 32-Bit DLL Microsoft Corporation c:\windows\system32\ws2_32.dll
HKCU\Control Panel\Desktop\Scrnsave.exe
+ C:\Windows\system32\logon.scr Logon Screen Saver Microsoft Corporation c:\windows\system32\logon.scr
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{0111BD14-EEDD-4ED9-91B6-9F9E0445875D}] DATAGRAM 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{0111BD14-EEDD-4ED9-91B6-9F9E0445875D}] SEQPACKET 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{03067A94-3C3B-402C-A047-368234E053E7}] DATAGRAM 10 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{03067A94-3C3B-402C-A047-368234E053E7}] SEQPACKET 10 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{79C1AF7D-7F8C-457F-86C1-CA059C1F3FC5}] DATAGRAM 6 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{79C1AF7D-7F8C-457F-86C1-CA059C1F3FC5}] SEQPACKET 6 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{84D29E27-AB7F-4137-A426-1BA9BAC0DF50}] DATAGRAM 8 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{84D29E27-AB7F-4137-A426-1BA9BAC0DF50}] SEQPACKET 8 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{878083FF-2479-4668-917E-4EED3C98647D}] DATAGRAM 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{878083FF-2479-4668-917E-4EED3C98647D}] SEQPACKET 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{94BD6379-6369-41AF-9FDE-0F8A3EE46C13}] DATAGRAM 4 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{94BD6379-6369-41AF-9FDE-0F8A3EE46C13}] SEQPACKET 4 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{0111BD14-EEDD-4ED9-91B6-9F9E0445875D}] DATAGRAM 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{0111BD14-EEDD-4ED9-91B6-9F9E0445875D}] SEQPACKET 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{03067A94-3C3B-402C-A047-368234E053E7}] DATAGRAM 9 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{03067A94-3C3B-402C-A047-368234E053E7}] SEQPACKET 9 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{79C1AF7D-7F8C-457F-86C1-CA059C1F3FC5}] DATAGRAM 5 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{79C1AF7D-7F8C-457F-86C1-CA059C1F3FC5}] SEQPACKET 5 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{878083FF-2479-4668-917E-4EED3C98647D}] DATAGRAM 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{878083FF-2479-4668-917E-4EED3C98647D}] SEQPACKET 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD RfComm [Bluetooth] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [RAW/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [RAW/IPv6] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [TCP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [TCP/IPv6] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [UDP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [UDP/IPv6] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ RSVP TCP Service Provider Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ RSVP TCPv6 Service Provider Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ RSVP UDP Service Provider Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ RSVP UDPv6 Service Provider Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
+ credssp.dll TS Single Sign On Security Package Microsoft Corporation c:\windows\system32\credssp.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
+ msv1_0 Microsoft Authentication Package v1.0 Microsoft Corporation c:\windows\system32\msv1_0.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
+ scecli Windows Security Configuration Editor Client Engine Microsoft Corporation c:\windows\system32\scecli.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
+ kerberos Kerberos Security Package Microsoft Corporation c:\windows\system32\kerberos.dll
+ msv1_0 Microsoft Authentication Package v1.0 Microsoft Corporation c:\windows\system32\msv1_0.dll
+ schannel TLS / SSL Security Provider Microsoft Corporation c:\windows\system32\schannel.dll
+ tspkg Web Service Security Package Microsoft Corporation c:\windows\system32\tspkg.dll
+ wdigest Microsoft Digest Access Microsoft Corporation c:\windows\system32\wdigest.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
+ GenericProvider Windows Authentication UI Microsoft Corporation c:\windows\system32\authui.dll
+ NPProvider Windows Authentication UI Microsoft Corporation c:\windows\system32\authui.dll
+ PasswordProvider Windows Authentication UI Microsoft Corporation c:\windows\system32\authui.dll
+ Smartcard Credential Provider Windows Smartcard Credential Provider Microsoft Corporation c:\windows\system32\smartcardcredentialprovider.dll
+ Smartcard Pin Provider Windows Smartcard Credential Provider Microsoft Corporation c:\windows\system32\smartcardcredentialprovider.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters
+ GenericFilter Windows Authentication UI Microsoft Corporation c:\windows\system32\authui.dll
+ RemoteLogonFilter Windows Authentication UI Microsoft Corporation c:\windows\system32\authui.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers
+ CRasProvider RAS PLAP Credential Provider Microsoft Corporation c:\windows\system32\rasplap.dll
  • bbgrh
  • Novice
  • Novice
  • bbgrh
  • Posts: 20

Post 3+ Months Ago

i keep formatting my laptop and getting new viruses. i think its a rootkit or something else like that, which i know nothing about, but am willing to learn.
im missing something here.
any advice would be appreciated, even if it is f disc..... :)


DDS (Ver_09-09-29.01) - NTFSx86
Run by Administrator at 13:09:57.41 on Sun 10/04/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3006.2066 [GMT -7:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\software\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp:// (references google)
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 1 (0x1)
mPolicies-system: DisableCAD = 1 (0x1)

================= FIREFOX ===================

FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\dybjcqwg.default\
FF - prefs.js: browser.startup.homepage - http:// (references google)
FF - plugin: c:\program files\ditunes\mozilla plugins\npitunes.dll
FF - HiddenExtension: (*references microsoftdotnet) Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\*microsoftdotnet\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-1 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-30 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-30 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-9-30 53328]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-10-1 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-8-28 3664384]
S4 gearsec;gearsec;c:\windows\system32\gearsec.exe [2003-12-1 53248]

=============== Created Last 30 ================

2009-10-04 12:44 <DIR> --d----- c:\windows\system32\FxsTmp
2009-10-04 12:44 <DIR> --d----- c:\windows\addins
2009-10-04 12:44 <DIR> --d----- c:\program files\Windows Collaboration
2009-10-04 09:21 <DIR> --d----- c:\windows\ShellNew
2009-10-04 09:21 <DIR> --d----- c:\program files\BitLocker
2009-10-04 09:21 <DIR> --d----- c:\program files\Windows Journal
2009-10-04 04:21 <DIR> --d----- c:\windows\system32\RTCOM
2009-10-04 04:16 211 a------- C:\CD Drive - Shortcut.lnk
2009-10-04 04:16 129 a------- C:\CD Drive - Shortcut (2).lnk
2009-10-03 19:44 553 a------- c:\windows\USetup.iss
2009-10-03 19:43 <DIR> --d----- c:\program files\Realtek
2009-10-02 22:56 252,106,940 a------- c:\windows\MEMORY.DMP
2009-10-02 22:32 4,096 a------- c:\windows\d3dx.dat
2009-10-02 22:12 <DIR> --d----- c:\program files\HP
2009-10-02 09:49 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-10-01 22:31 <DIR> --d----- c:\programdata\Sony
2009-10-01 22:31 <DIR> --d----- c:\program files\Sony
2009-10-01 22:25 608,448 a------- c:\windows\system32\comctl32.ocx
2009-10-01 22:25 <DIR> --d----- c:\program files\Total Video Converter
2009-10-01 13:25 <DIR> --d----- c:\users\administrator\transfer
2009-10-01 11:39 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-10-01 11:39 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-01 11:38 <DIR> --d----- c:\program files\iPod
2009-10-01 11:38 <DIR> --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-01 11:38 <DIR> --d----- c:\program files\diTunes
2009-10-01 11:38 <DIR> --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-01 11:38 <DIR> --d----- c:\program files\Bonjour
2009-10-01 11:33 <DIR> --d----- c:\programdata\Apple
2009-10-01 11:08 <DIR> --d----- c:\users\admini~1\appdata\roaming\Shareaza
2009-10-01 11:08 <DIR> --d----- c:\program files\Shareaza
2009-10-01 11:04 <DIR> --d----- c:\program files\uTorrent
2009-10-01 11:03 <DIR> --d----- c:\users\admini~1\appdata\roaming\uTorrent
2009-10-01 11:02 <DIR> --d----- c:\users\admini~1\appdata\roaming\mIRC
2009-10-01 11:02 <DIR> --d----- c:\program files\mIRC
2009-10-01 10:21 54,156 a---h--- c:\windows\QTFont.qfn
2009-10-01 10:21 1,409 a------- c:\windows\QTFont.for
2009-10-01 10:20 <DIR> --d----- c:\programdata\Apple Computer
2009-10-01 10:01 <DIR> --d----- c:\program files\Alcohol Soft
2009-10-01 09:49 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-10-01 09:33 <DIR> --d----- c:\program files\plasq
2009-10-01 09:32 <DIR> --d----- c:\program files\MagicISO
2009-10-01 09:30 <DIR> --d----- c:\program files\MixMeister Pro 6
2009-10-01 09:29 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-10-01 08:28 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-10-01 08:28 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-10-01 08:28 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-10-01 07:47 <DIR> --d----- c:\programdata\Temp
2009-10-01 07:36 0 a--shr-- c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv6700 Notebook PC_Y5335KV_0U_QCNF8285701_EU_4A_I30CF_SQuanta_V85.26_F.32_T090303_WV1-2_L409_M3007_J500_7AMD_8F82_92.00_#091001_N168C001C;10DE054C_(FE653UA#ABA)_XMOBILE_CN10_Z_2Rev 1.MRK
2009-10-01 07:06 <DIR> --d----- c:\users\admini~1\appdata\roaming\hpqLog
2009-10-01 07:05 12 a------- c:\windows\bthservsdp.dat
2009-10-01 06:29 <DIR> --d----- c:\windows\system32\appmgmt
2009-10-01 06:23 <DIR> --d----- c:\windows\Downloaded Installations
2009-10-01 06:16 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-10-01 06:15 <DIR> -cd-h--- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-10-01 06:15 <DIR> -cd-h--- c:\progra~2\{EF63305C-BAD7-4144-9208-D65528260864}
2009-10-01 06:15 <DIR> --d----- c:\programdata\Lavasoft
2009-10-01 06:15 <DIR> --d----- c:\program files\Lavasoft
2009-10-01 06:07 <DIR> --d----- c:\program files\DivX
2009-10-01 06:07 <DIR> --d----- c:\program files\common files\DivX Shared
2009-10-01 06:04 819,200 a------- c:\windows\system32\xvidcore.dll
2009-10-01 06:04 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-10-01 06:04 77,824 a------- c:\windows\system32\xvid.ax
2009-10-01 06:04 <DIR> --d----- c:\program files\Xvid
2009-10-01 06:01 <DIR> --d----- c:\program files\Trend Micro
2009-10-01 05:31 42,807 a------- c:\programdata\nvModes.dat
2009-10-01 05:31 42,807 a------- c:\progra~2\nvModes.dat
2009-10-01 04:41 <DIR> --d----- C:\swsetup
2009-10-01 00:19 <DIR> --d----- c:\programdata\NVIDIA
2009-10-01 00:19 <DIR> --d----- c:\users\Administrator
2009-09-30 23:18 1,079,840 a------- c:\windows\system32\nvcpluir.dll
2009-09-30 23:18 768,544 a------- c:\windows\system32\nvcplui.exe
2009-09-30 23:18 420,384 a------- c:\windows\system32\nvcpl.cpl
2009-09-30 23:18 313,888 a------- c:\windows\system32\nvexpbar.dll
2009-09-30 23:06 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-09-30 23:06 499,712 a------- c:\windows\system32\MSVCP71.dll
2009-09-30 23:06 348,160 a------- c:\windows\system32\MSVCR71.dll
2009-09-30 23:06 53,328 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-09-30 21:51 <DIR> --d----- c:\windows\pss
2009-09-30 21:41 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-09-30 21:41 <DIR> --d----- c:\program files\Synaptics
2009-09-30 21:38 90,112 a------- c:\windows\system32\snymsico.dll
2009-09-30 21:38 42,496 a------- c:\windows\system32\drivers\rimsptsk.sys
2009-09-30 21:38 39,936 a------- c:\windows\system32\drivers\rimmptsk.sys
2009-09-30 21:38 37,376 a------- c:\windows\system32\drivers\rixdptsk.sys
2009-09-30 21:38 16,480 a------- c:\windows\system32\rixdicon.dll
2009-09-30 21:34 <DIR> --d----- c:\program files\CONEXANT
2009-09-30 21:30 4,984 a------- c:\windows\system32\drivers\nvphy.bin
2009-09-30 21:30 356,352 a------- c:\windows\system32\nvusmu.exe
2009-09-30 21:30 528 a------- c:\windows\system32\nvsmu.nvu
2009-09-30 21:29 356,352 a------- c:\windows\system32\nvusmb.exe
2009-09-30 21:29 1,864 a------- c:\windows\system32\nvsmb.nvu
2009-09-30 21:28 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-09-30 21:13 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-09-30 20:31 873,310 a------- c:\windows\system32\oem4.inf
2009-09-30 20:00 <DIR> --d----- c:\windows\system32\no-NO
2009-09-30 20:00 87,280 a------- c:\windows\system32\bcmwlcoi.dll
2009-09-30 20:00 6,656 a------- c:\windows\system32\bcmwlrc.dll
2009-09-30 20:00 3,809,280 a------- c:\windows\system32\bcmihvsrv.dll
2009-09-30 20:00 3,502,080 a------- c:\windows\system32\bcmihvui.dll
2009-09-30 20:00 1,331,192 a------- c:\windows\system32\drivers\BCMWL6.SYS
2009-09-30 20:00 <DIR> --d----- c:\program files\Broadcom
2009-09-30 20:00 43,988 a------- c:\windows\bcmwl.log.2
2009-09-30 20:00 32,573 a------- c:\windows\bcmwl.log.1
2009-09-30 19:50 909,824 a------- c:\windows\system32\drivers\athr.sys
2009-09-30 19:50 393,216 a------- c:\windows\system32\athihvs.dll
2009-09-30 19:50 376,832 a------- c:\windows\system32\S64CPA.exe
2009-09-30 19:50 53,248 a------- c:\windows\system32\athihvui.dll
2009-09-30 19:50 <DIR> --d----- c:\windows\system32\nn-NO
2009-09-30 19:49 <DIR> --d----- c:\program files\Cisco
2009-09-30 19:49 <DIR> --d----- c:\program files\Atheros
2009-09-30 19:49 <DIR> --d----- c:\programdata\Atheros
2009-09-30 19:49 <DIR> --d----- c:\progra~2\Atheros
2009-09-30 15:33 8,192 a--s-r-- C:\BOOTSECT.BAK
2009-09-30 15:33 333,257 a--shr-- C:\bootmgr
2009-09-30 15:33 <DIR> --dsh--- C:\Boot
2009-09-30 15:02 <DIR> --d----- C:\software
2009-09-30 14:47 171,136 a--shr-- C:\LHLDR
2009-09-30 14:44 <DIR> --dsh--- c:\programdata\Documents
2009-09-30 14:44 <DIR> --dsh--- C:\Documents and Settings
2009-09-08 10:47 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-08 10:47 513,536 a------- c:\windows\system32\wlansvc.dll
2009-09-08 10:47 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-08 10:47 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-08 10:47 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-08 10:47 65,024 a------- c:\windows\system32\wlanapi.dll
2009-09-08 10:47 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-08 10:46 904,776 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-08 10:46 105,984 a------- c:\windows\system32\netiohlp.dll
2009-09-08 10:46 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-08 10:46 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-08 10:46 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-08 10:46 17,920 a------- c:\windows\system32\netevent.dll
2009-09-08 10:46 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-08 10:46 10,240 a------- c:\windows\system32\finger.exe
2009-09-08 10:46 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-08 10:46 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-08 10:46 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys
2009-09-05 21:32 <DIR> --d----- c:\windows\Panther
2009-09-05 16:34 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-09-05 16:34 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-09-05 16:34 43,520 a------- c:\windows\system32\msdxm.tlb
2009-09-05 16:34 18,432 a------- c:\windows\system32\amcompat.tlb
2009-09-05 16:34 7,680 a------- c:\windows\system32\spwmp.dll
2009-09-05 16:34 4,096 a------- c:\windows\system32\msdxm.ocx
2009-09-05 16:34 4,096 a------- c:\windows\system32\dxmasf.dll
2009-09-05 16:33 71,680 a------- c:\windows\system32\atl.dll
2009-09-05 16:33 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-05 16:33 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-05 16:33 160,256 a------- c:\windows\system32\wkssvc.dll
2009-09-05 16:33 91,136 a------- c:\windows\system32\avifil32.dll
2009-09-05 16:32 2,048 a------- c:\windows\system32\tzres.dll
2009-09-05 16:32 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-09-05 16:32 2,034,688 a------- c:\windows\system32\win32k.sys
2009-09-05 16:32 499,712 a------- c:\windows\system32\kerberos.dll
2009-09-05 16:32 218,624 a------- c:\windows\system32\msv1_0.dll
2009-09-05 16:32 175,104 a------- c:\windows\system32\wdigest.dll
2009-09-05 16:32 1,259,008 a------- c:\windows\system32\lsasrv.dll
2009-09-05 16:32 439,864 a------- c:\windows\system32\drivers\ksecdd.sys
2009-09-05 16:32 270,848 a------- c:\windows\system32\schannel.dll
2009-09-05 16:32 72,704 a------- c:\windows\system32\secur32.dll
2009-09-05 16:32 9,728 a------- c:\windows\system32\lsass.exe
2009-09-05 16:31 623,616 a------- c:\windows\system32\localspl.dll
2009-09-05 16:31 289,792 a------- c:\windows\system32\atmfd.dll
2009-09-05 16:31 156,672 a------- c:\windows\system32\t2embed.dll
2009-09-05 16:31 23,552 a------- c:\windows\system32\lpk.dll
2009-09-05 16:31 72,704 a------- c:\windows\system32\fontsub.dll
2009-09-05 16:31 10,240 a------- c:\windows\system32\dciman32.dll
2009-09-05 16:31 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-09-05 11:50 72,704 a------- c:\windows\system32\admparse.dll
2009-09-05 11:47 1,171,848 a------- c:\windows\system32\SecureKeyBackupCPL.dll
2009-09-05 11:47 711 a------- c:\windows\system32\CPSOKBTasks.xml
2009-09-05 11:45 <DIR> --dsh--- c:\windows\Installer
2009-09-05 11:40 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-09-05 11:40 83,456 a------- c:\windows\system32\wudriver.dll
2009-09-05 11:40 162,064 a------- c:\windows\system32\wuwebv.dll
2009-09-05 11:40 31,232 a------- c:\windows\system32\wuapp.exe
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-10-04 05:06 143,360 a------- c:\windows\inf\infstrng.dat
2009-10-04 05:06 51,200 a------- c:\windows\inf\infpub.dat
2009-10-04 04:41 86,016 a------- c:\windows\inf\infstor.dat
2009-10-03 21:45 319,456 a------- c:\windows\DIFxAPI.dll
2009-10-03 19:43 315,392 a------- c:\windows\HideWin.exe
2009-09-05 16:33 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-09-05 16:33 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-09-05 16:33 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-09-05 16:33 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-07-21 14:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 14:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 14:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 13:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-14 12:04 344,064 a------- c:\windows\system32\msvcr70.dll
2009-07-14 12:04 808,440 a------- c:\windows\system32\CDDBUI.dll
2009-07-14 12:04 796,152 a------- c:\windows\system32\CDDBControl.dll
2009-07-14 12:04 108,024 a------- c:\windows\system32\CddbLangIT.dll
2009-07-14 12:04 103,928 a------- c:\windows\system32\CddbLangNL.dll
2009-07-14 12:04 103,928 a------- c:\windows\system32\CddbLangFR.dll
2009-07-14 12:04 103,928 a------- c:\windows\system32\CddbLangES.dll
2009-07-14 12:04 103,928 a------- c:\windows\system32\CddbLangDE.dll
2009-07-14 12:04 83,448 a------- c:\windows\system32\CddbLangJA.dll
2009-04-11 06:23 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 19:41 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:11:04.39 ===============

Post Information

  • Total Posts in this topic: 17 posts
  • Users browsing this forum: No registered users and 51 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.