Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91844 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Help


  • This topic is locked This topic is locked
31 replies to this topic

#16 pjbipirate

pjbipirate

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 30 June 2008 - 12:05 PM

Hello, I am almost done with the scan. I just had a mysterious encounter with my computer today. I had bought a wireless router earlier this weekend and when i tried to connect onto the internet, it got a message box in the bottom left hand corner saying that the connection was very loose. So i disconnected the router and connected my normal modem. Then the connection was fine but when i used mozilla the page would not load, as in it gave a message like you might have typed the wrong address, a firewall might be preventing you from accessing the internet and like your connection might be loose. Then i did the system restore (to a day before a put the wireless router, so basically 2 days before.) and i got a funny message before the computer shut down something about active com server or something like that. Then when the computer started, my internet worked perfect without the router and with the router. Anything fishy here? Thanks

    Advertisements

Register to Remove


#17 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 30 June 2008 - 07:34 PM

That sure sounds fishy but it doesn't sound malware-related. Did the message box actually say that the connection was "loose"? I couldn't tell you what the cause might have been, although the Tech Team who help in the general troubleshooting forums might know. This is exactly the kind of situation where System Restore is useful and I'm glad that it seems to have done the trick.

Edited by silver, 30 June 2008 - 07:34 PM.

ASAP & UNITE Member

#18 pjbipirate

pjbipirate

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 01 July 2008 - 09:20 PM

Sorry I took so long. BTW, the run-time error box still pops up everytime I start my computer. I followed all the instructions you gave me.

Here is the blacklight report:

06/30/08 22:33:59 [Info]: BlackLight Engine 1.0.70 initialized
06/30/08 22:33:59 [Info]: OS: 5.1 build 2600 (Service Pack 2)
06/30/08 22:33:59 [Note]: 7019 4
06/30/08 22:33:59 [Note]: 7005 0
06/30/08 22:34:04 [Note]: 7006 0
06/30/08 22:34:04 [Note]: 7011 344
06/30/08 22:34:05 [Note]: 7035 0
06/30/08 22:34:05 [Note]: 7026 0
06/30/08 22:34:05 [Note]: 7026 0
06/30/08 22:34:12 [Note]: FSRAW library version 1.7.1024
06/30/08 22:47:06 [Note]: 2000 1012
06/30/08 22:51:05 [Note]: 7007 0

Here is the results.txt:

The operation completed successfully

The operation completed successfully

Here is the new Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 8:20:25 PM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Hard Drive Inspector\HDInspector.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Lozdodge] C:\Program Files\LozWare\Lozdodge\LDG_Manager.exe HIDE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: IcStarter.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers...eminfo/MSC3.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://www.sonypictu...aderControl.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/...rp.cab56961.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe

#19 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 01 July 2008 - 09:49 PM

Hi pjbipirate,

Download Autoruns from here
  • Unzip/extract it to a folder on your desktop
  • Double click on autoruns.exe to start the program
  • Wait for it to finish scanning
  • Click File > Export As...
  • Save it to the desktop as autoruns.txt
  • Post the contents of autoruns.txt in your next response

ASAP & UNITE Member

#20 pjbipirate

pjbipirate

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 02 July 2008 - 08:19 PM

Hello, I am almost done with the new scan you asked me to do. Latest by tomm. I should have it posted. Something weird happened to my yahoo e-mail account today. The e-mail works fine but when i open a message in my inbox, it loads then as soon as it is done loading i am automatically directed to a different website. I was luckily able to get the website name as on the bottom left hand corner of my firefox browser, it said something like transfering data from... Anyways, the website was something like js.worthathousandwords or something like that. Would you know how I could fix that? Thanks

#21 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 02 July 2008 - 09:27 PM

Here is some information on the problem, let me know if it helps:
http://forums.mozill...h...38&t=716145
ASAP & UNITE Member

#22 pjbipirate

pjbipirate

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 03 July 2008 - 11:58 PM

Hello, The link to that forum definitely helped. Thanks a lot!!! I added ad-blocker plus or something, as instructed by that forum and now i do not get that error anymore. Anyways, in terms of the error box, it still appears everytime i reboot. Sorry for being so slow and thanks for bearing up with me. Thanks a ton!!! Here is the autoruns.txt: HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms + rdpclip RDP Clip Monitor Microsoft Corporation c:\windows\system32\rdpclip.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit + C:\WINDOWS\system32\userinit.exe Userinit Logon Application Microsoft Corporation c:\windows\system32\userinit.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell + Explorer.exe Windows Explorer Microsoft Corporation c:\windows\explorer.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + Adobe Reader Speed Launcher Adobe Acrobat SpeedLauncher Adobe Systems Incorporated c:\program files\adobe\reader 8.0\reader\reader_sl.exe + ATIPTA ATI Desktop Control Panel ATI Technologies, Inc. c:\program files\ati technologies\ati control panel\atiptaxx.exe + AVG8_TRAY AVG Tray Monitor AVG Technologies CZ, s.r.o. c:\program files\avg\avg8\avgtray.exe + ehTray Media Center Tray Applet Microsoft Corporation c:\windows\ehome\ehtray.exe + HDInspector.exe Hard Drive Inspector Professional Altrixsoft c:\program files\hard drive inspector\hdinspector.exe + HPBootOp HP Boot Optimizer Hewlett-Packard Company c:\program files\hewlett-packard\hp boot optimizer\hpbootop.exe + HPHmon06 HPHmon06 Hewlett-Packard c:\windows\system32\hphmon06.exe + iTunesHelper iTunesHelper Module Apple Inc. c:\program files\itunes\ituneshelper.exe + Lozdodge File not found: C:\Program Files\LozWare\Lozdodge\LDG_Manager.exe HIDE + LSBWatcher LightScribe Burn Watcher Hewlett-Packard Company c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe + NeroFilterCheck NeroCheck Nero AG c:\program files\common files\ahead\lib\nerocheck.exe + QuickTime Task QuickTime Task Apple Inc. c:\program files\quicktime\qttask.exe + SunJavaUpdateSched Java™ Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre6\bin\jusched.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup + Google Updater.lnk Google Updater Google c:\program files\google\google updater\googleupdater.exe + HP Digital Imaging Monitor.lnk HP Digital Imaging Monitor Hewlett-Packard Co. c:\program files\hp\digital imaging\bin\hpqtra08.exe + HP Image Zone Fast Start.lnk HP Image Zone Hewlett-Packard Co. c:\program files\hp\digital imaging\bin\hpqthb08.exe + SpySubtract.lnk SpySubtract Launcher InterMute, Inc. c:\program files\intermute\spysubtract\sslaunch.exe + Updates from HP.lnk Hewlett-Packard c:\program files\updates from hp\309731\program\updates from hp.exe C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup + Adobe Gamma.lnk Adobe Gamma Loader Adobe Systems, Inc. c:\program files\common files\adobe\calibration\adobe gamma loader.exe + IcStarter.exe AF c:\documents and settings\hp_administrator\start menu\programs\startup\icstarter.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Run + BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} Nero Home Nero AG c:\program files\common files\ahead\lib\nmbgmonitor.exe + ctfmon.exe CTF Loader Microsoft Corporation c:\windows\system32\ctfmon.exe + MSMSGS Windows Messenger Microsoft Corporation c:\program files\messenger\msmsgs.exe HKLM\SOFTWARE\Classes\Protocols\Filter + application/octet-stream Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscoree.dll + application/x-complus Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscoree.dll + application/x-msdownload Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscoree.dll + Class Install Handler OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + deflate OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + gzip OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + lzdhtml OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + text/webviewhtml Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + text/xml Microsoft Office XML MIME Filter Microsoft Corporation c:\program files\common files\microsoft shared\office11\msoxmlmf.dll HKLM\SOFTWARE\Classes\Protocols\Handler + about Microsoft ® HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll + cdl OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + dvd ActiveX control for streaming video Microsoft Corporation c:\windows\system32\msvidctl.dll + file OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + ftp OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + gopher OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + http OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + https OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + its Microsoft® InfoTech Storage System Library Microsoft Corporation c:\windows\system32\itss.dll + javascript Microsoft ® HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll + linkscanner Safe Search pluggable protocol AVG Technologies CZ, s.r.o. c:\program files\avg\avg8\avgpp.dll + local OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + mailto Microsoft ® HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll + mhtml Microsoft Internet Messaging API Microsoft Corporation c:\windows\system32\inetcomm.dll + mk OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + ms-its Microsoft® InfoTech Storage System Library Microsoft Corporation c:\windows\system32\itss.dll + ms-itss Microsoft® InfoTech Storage System Library Microsoft Corporation c:\program files\common files\microsoft shared\information retrieval\msitss.dll + mso-offdap11 Microsoft Office Web Components 2003 Microsoft Corporation c:\program files\common files\microsoft shared\web components\11\owc11.dll + res Microsoft ® HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll + sysimage Microsoft ® HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll + tv ActiveX control for streaming video Microsoft Corporation c:\windows\system32\msvidctl.dll + vbscript Microsoft ® HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll + wia WIA Scripting Layer Microsoft Corporation c:\windows\system32\wiascr.dll HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components + 0 File not found: About:Home HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components + Address Book 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe + Browser Customizations IEAK branding Microsoft Corporation c:\windows\system32\iedkcs32.dll + Fax ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll + IE7 Uninstall Stub IE Per User Active Setup Uninstall Utility Microsoft Corporation c:\windows\system32\ieudinit.exe + Internet Explorer IE Per-User Initialization Utility Microsoft Corporation c:\windows\system32\ie4uinit.exe + Internet Explorer IE Per-User Initialization Utility Microsoft Corporation c:\windows\system32\ie4uinit.exe + KB910393 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll + Media Center Windows Setup API Microsoft Corporation c:\windows\system32\setupapi.dll + Microsoft Outlook Express 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe + Microsoft Windows Media Player Microsoft Windows Media Player Setup Utility Microsoft Corporation c:\windows\inf\unregmp2.exe + Microsoft Windows Media Player ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll + n/a Microsoft .NET IE SECURITY REGISTRATION Microsoft Corporation c:\windows\system32\mscories.dll + NetMeeting 3.01 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll + Outlook Express Windows NT User Data Migration Tool Microsoft Corporation c:\windows\system32\shmgrate.exe + Themes Setup Microsoft© Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe + Windows Desktop Update Microsoft© Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe + Windows Messenger 4.7 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler + Browseui preloader Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Component Categories cache daemon Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad + CDBurn Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + PostBootReminder Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + SysTray Systray shell service object Microsoft Corporation c:\windows\system32\stobject.dll + WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll + WPDShServiceObj Windows Portable Device Shell Service Object Microsoft Corporation c:\windows\system32\wpdshserviceobj.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks + URL Exec Hook Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers + AVG8 Shell Extension AVG Shell Extension AVG Technologies CZ, s.r.o. c:\program files\avg\avg8\avgse.dll + BriefcaseMenu Windows Briefcase Microsoft Corporation c:\windows\system32\syncui.dll + IZArcCM c:\program files\izarc\izarccm.dll + NBShellHook Class Nero BackItUp Nero AG c:\program files\nero\nero 7\nero backitup\nbshell.dll + Offline Files Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll + Open With Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + Open With EncryptionMenu Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + Start Menu Pin Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers + Send To Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers + AVG8 Shell Extension AVG Shell Extension AVG Technologies CZ, s.r.o. c:\program files\avg\avg8\avgse.dll + BriefcaseMenu Windows Briefcase Microsoft Corporation c:\windows\system32\syncui.dll + NBShellHook Class Nero BackItUp Nero AG c:\program files\nero\nero 7\nero backitup\nbshell.dll HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers + EncryptionMenu Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + IZArcCM c:\program files\izarc\izarccm.dll + Offline Files Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll + Sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers + New Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll HKLM\Software\Classes\Folder\Shellex\ColumnHandlers + NeroDigitalColumnHandler Class Nero Digital Shell Extension Nero AG c:\program files\common files\ahead\lib\nerodigitalext.dll + PDF Shell Extension PDF Shell Extension Adobe Systems, Inc. c:\program files\common files\adobe\acrobat\activex\pdfshell.dll + {0D2E74C4-3C34-11d2-A27E-00C04FC30871} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + {24F14F01-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + {24F14F02-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + {66742402-F9B9-11D1-A202-0000F81FEDEE} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers + Offline Files Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved + Auto Update Property Sheet Extension Automatic Updates Control Panel Microsoft Corporation c:\windows\system32\wuaucpl.cpl + AVG8 Shell Extension AVG Shell Extension AVG Technologies CZ, s.r.o. c:\program files\avg\avg8\avgse.dll + Crypto PKO Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll + Crypto Sign Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll + GDI+ file thumbnail extractor Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll + HTML Thumbnail Extractor Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll + iTunes iTunes Mini Player DLL Apple Inc. c:\program files\itunes\itunesminiplayer.dll + Shell Image Data Factory Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll + Shell Image Property Handler Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll + Shell Image Verbs Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll + Summary Info Thumbnail handler (DOCFILES) Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll + Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll + Windows Media Player Burn Audio CD Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll + Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects + Adobe PDF Reader Link Helper Adobe PDF Helper for Internet Explorer Adobe Systems Incorporated c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll + AVG Safe Search Safe Search for Internet Explorer AVG Technologies CZ, s.r.o. c:\program files\avg\avg8\avgssie.dll + AVG Security Toolbar AVG Security Toolbar AVG, Technologies CZ, s.r.o c:\program files\avg\avg8\avgtoolbar.dll + Google Toolbar Notifier BHO GoogleToolbarNotifier Google Inc. c:\program files\google\googletoolbarnotifier\2.1.1119.1736\swg.dll + Java™ Plug-In 2 SSV Helper Java™ Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre6\bin\jp2ssv.dll + Java™ Plug-In SSV Helper Java™ Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre6\bin\ssv.dll + JQSIEStartDetectorImpl Class Java™ Quick Starter binary Sun Microsystems, Inc. c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll + Spybot-S&D IE Protection SBSD IE Protection Safer Networking Limited c:\program files\spybot - search & destroy\sdhelper.dll HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks + Microsoft Url Search Hook Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll HKLM\Software\Microsoft\Internet Explorer\Toolbar + HP view hp view toolbar Hewlett-Packard Company c:\program files\hp\digital imaging\bin\hpdtlk02.dll HKCU\Software\Microsoft\Internet Explorer\Extensions + Connection Help c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm HKLM\Software\Microsoft\Internet Explorer\Extensions + AIM AOL Instant Messenger America Online, Inc. c:\program files\aim\aim.exe + Connection Help c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm + Diagnose Connection Problems... Network Diagnostic for Windows XP Microsoft Corporation c:\windows\network diagnostic\xpnetdiag.exe + Windows Messenger Windows Messenger Microsoft Corporation c:\program files\messenger\msmsgs.exe Task Scheduler + AppleSoftwareUpdate.job Apple Software Update Apple Inc. c:\program files\apple software update\softwareupdate.exe HKLM\System\CurrentControlSet\Services + Apple Mobile Device Provides the interface to Apple mobile devices. Apple, Inc. c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe + Ati HotKey Poller ATI External Event Utility EXE Module ATI Technologies Inc. c:\windows\system32\ati2evxx.exe + ATI Smart ATI Smart c:\windows\system32\ati2sgag.exe + AudioSrv Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\audiosrv.dll + avg8wd AVG Watchdog Service AVG Technologies CZ, s.r.o. c:\program files\avg\avg8\avgwdsvc.exe + BITS Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. Microsoft Corporation c:\windows\system32\qmgr.dll + Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\browser.dll + CryptSvc Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\cryptsvc.dll + DcomLaunch Provides launch functionality for DCOM services. Microsoft Corporation c:\windows\system32\rpcss.dll + Dhcp Manages network configuration by registering and updating IP addresses and DNS names. Microsoft Corporation c:\windows\system32\dhcpcsvc.dll + dmserver Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corp. c:\windows\system32\dmserver.dll + Dnscache Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\dnsrslvr.dll + ehRecvr Media Center Service for TV and FM broadcast reception Microsoft Corporation c:\windows\ehome\ehrecvr.exe + ehSched Media Center Scheduler Service Microsoft Corporation c:\windows\ehome\ehsched.exe + ERSvc Allows error reporting for services and applictions running in non-standard environments. Microsoft Corporation c:\windows\system32\ersvc.dll + Eventlog Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. Microsoft Corporation c:\windows\system32\services.exe + gusvc gusvc Google c:\program files\google\common\google updater\googleupdaterservice.exe + HDDSvc Provides low-level hard disk access for Hard Drive Inspector. If this service is disabled, Hard Drive Inspector will not be able to monitor your hard disks. AltrixSoft (http://www.altrixsoft.com/) c:\windows\system32\hddsvc.exe + helpsvc Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\pchealth\helpctr\binaries\pchsvc.dll + JavaQuickStarterService Prefetches JRE files for faster startup of Java applets and applications Sun Microsystems, Inc. c:\program files\java\jre6\bin\jqs.exe + lanmanserver Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\srvsvc.dll + lanmanworkstation Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\wkssvc.dll + LightScribeService Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work. Hewlett-Packard Company c:\program files\common files\lightscribe\lssrvc.exe + LmHosts Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. Microsoft Corporation c:\windows\system32\lmhsvc.dll + LxrSII1s c:\windows\system32\lxrsii1s.exe + McrdSvc MCRD Device Service Microsoft Corporation c:\windows\ehome\mcrdsvc.exe + MDM Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly. Microsoft Corporation c:\program files\common files\microsoft shared\vs7debug\mdm.exe + PlugPlay Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Microsoft Corporation c:\windows\system32\services.exe + Pml Driver HPZ12 PML Driver HP c:\windows\system32\hpzipm12.exe + PolicyAgent Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. Microsoft Corporation c:\windows\system32\lsass.exe + ProtectedStorage Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Microsoft Corporation c:\windows\system32\lsass.exe + RemoteRegistry Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\regsvc.dll + RpcSs Provides the endpoint mapper and other miscellaneous RPC services. Microsoft Corporation c:\windows\system32\rpcss.dll + SamSs Stores security information for local user accounts. Microsoft Corporation c:\windows\system32\lsass.exe + Schedule Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\schedsvc.dll + seclogon Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\seclogon.dll + SENS Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. Microsoft Corporation c:\windows\system32\sens.dll + SharedAccess Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Microsoft Corporation c:\windows\system32\ipnathlp.dll + ShellHWDetection Provides notifications for AutoPlay hardware events. Microsoft Corporation c:\windows\system32\shsvcs.dll + Spooler Loads files to memory for later printing. Microsoft Corporation c:\windows\system32\spoolsv.exe + srservice Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties Microsoft Corporation c:\windows\system32\srsvc.dll + SSDPSRV Enables discovery of UPnP devices on your home network. Microsoft Corporation c:\windows\system32\ssdpsrv.dll + stisvc Provides image acquisition services for scanners and cameras. Microsoft Corporation c:\windows\system32\wiaservc.dll + Themes Provides user experience theme management. Microsoft Corporation c:\windows\system32\shsvcs.dll + TrkWks Maintains links between NTFS files within a computer or across computers in a network domain. Microsoft Corporation c:\windows\system32\trkwks.dll + W32Time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\w32time.dll + WebClient Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\webclnt.dll + WebFilter Provides Internet filtering services for your PC. c:\program files\blue coat k9 web protection\k9filter.exe + winmgmt Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\wbem\wmisvc.dll + wscsvc Monitors system security settings and configurations. Microsoft Corporation c:\windows\system32\wscsvc.dll + wuauserv Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. Microsoft Corporation c:\windows\system32\wuauserv.dll + WZCSVC Provides automatic configuration for the 802.11 adapters Microsoft Corporation c:\windows\system32\wzcsvc.dll HKLM\System\CurrentControlSet\Services + ACPI ACPI Driver for NT Microsoft Corporation c:\windows\system32\drivers\acpi.sys + aec Microsoft Acoustic Echo Canceller Microsoft Corporation c:\windows\system32\drivers\aec.sys + AFD AFD Networking Support Environment Microsoft Corporation c:\windows\system32\drivers\afd.sys + AgereSoftModem SoftModem Device Driver Agere Systems c:\windows\system32\drivers\agrsm.sys + ALCXWDM Realtek AC'97 Audio Driver (WDM) Realtek Semiconductor Corp. c:\windows\system32\drivers\alcxwdm.sys + AmdK8 AMD Processor Driver Advanced Micro Devices c:\windows\system32\drivers\amdk8.sys + Arp1394 1394 ARP Client Protocol Microsoft Corporation c:\windows\system32\drivers\arp1394.sys + ASPI ASPI for WIN32 Kernel Driver Adaptec c:\windows\system32\drivers\aspi32.sys + AsyncMac RAS Asynchronous Media Driver Microsoft Corporation c:\windows\system32\drivers\asyncmac.sys + atapi IDE/ATAPI Port Driver Microsoft Corporation c:\windows\system32\drivers\atapi.sys + ati2mtag ATI Radeon WindowsNT Miniport Driver ATI Technologies Inc. c:\windows\system32\drivers\ati2mtag.sys + Atmarpc ATM ARP Client Protocol Microsoft Corporation c:\windows\system32\drivers\atmarpc.sys + audstub AudStub Driver Microsoft Corporation c:\windows\system32\drivers\audstub.sys + AvgLdx86 AVG AVI Loader Driver AVG Technologies CZ, s.r.o. c:\windows\system32\drivers\avgldx86.sys + AvgMfx86 AVG Resident Shield Minifilter Driver GRISOFT, s.r.o. c:\windows\system32\drivers\avgmfx86.sys + Beep BEEP Driver Microsoft Corporation c:\windows\system32\drivers\beep.sys + catchme File not found: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys + Cdaudio CD-ROM Audio Filter Driver Microsoft Corporation c:\windows\system32\drivers\cdaudio.sys + Cdrom SCSI CD-ROM Driver Microsoft Corporation c:\windows\system32\drivers\cdrom.sys + Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys + cwmtdi c:\windows\system32\drivers\cwmtdi.sys + Disk PnP Disk Driver Microsoft Corporation c:\windows\system32\drivers\disk.sys + dmio NT Disk Manager I/O Driver Microsoft Corp., Veritas Software c:\windows\system32\drivers\dmio.sys + dmload NT Disk Manager Startup Driver Microsoft Corp., Veritas Software. c:\windows\system32\drivers\dmload.sys + DMusic Microsoft Kernel DLS Synthesizer Microsoft Corporation c:\windows\system32\drivers\dmusic.sys + drmkaud Microsoft Kernel DRM Audio Descrambler Filter Microsoft Corporation c:\windows\system32\drivers\drmkaud.sys + ENTECH EnTech Taiwan c:\windows\system32\drivers\entech.sys + fasttx2k Promise FastTrak Series Driver for WindowsXP Promise Technology, Inc. c:\windows\system32\drivers\fasttx2k.sys + Fdc Floppy Disk Controller Driver Microsoft Corporation c:\windows\system32\drivers\fdc.sys + Fips FIPS Crypto Driver Microsoft Corporation c:\windows\system32\drivers\fips.sys + Flpydisk Floppy Driver Microsoft Corporation c:\windows\system32\drivers\flpydisk.sys + FltMgr File System Filter Manager Driver Microsoft Corporation c:\windows\system32\drivers\fltmgr.sys + Ftdisk FT Disk Driver Microsoft Corporation c:\windows\system32\drivers\ftdisk.sys + GEARAspiWDM CD/DVD Class Filter Driver GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys + Gpc Generic Packet Classifier Microsoft Corporation c:\windows\system32\drivers\msgpc.sys + HPZid412 IEEE-1284.4-1999 Driver (Windows 2000) HP c:\windows\system32\drivers\hpzid412.sys + HPZipr12 IEEE-1284.4-1999 Print Class Driver HP c:\windows\system32\drivers\hpzipr12.sys + HPZius12 1284.4<->Usb Datalink Driver (Windows 2000) HP c:\windows\system32\drivers\hpzius12.sys + HTTP This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\drivers\http.sys + i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys + i8042prt i8042 Port Driver Microsoft Corporation c:\windows\system32\drivers\i8042prt.sys + Imapi IMAPI Kernel Driver Microsoft Corporation c:\windows\system32\drivers\imapi.sys + Ip6Fw Provides intrusion prevention service for a home or small office network. Microsoft Corporation c:\windows\system32\drivers\ip6fw.sys + IpFilterDriver IP Traffic Filter Driver Microsoft Corporation c:\windows\system32\drivers\ipfltdrv.sys + IpInIp IP in IP Tunnel Driver Microsoft Corporation c:\windows\system32\drivers\ipinip.sys + IpNat IP Network Address Translator Microsoft Corporation c:\windows\system32\drivers\ipnat.sys + IPSec IPSEC driver Microsoft Corporation c:\windows\system32\drivers\ipsec.sys + IRENUM Infra-Red Bus Enumerator Microsoft Corporation c:\windows\system32\drivers\irenum.sys + isapnp PNP ISA Bus Driver Microsoft Corporation c:\windows\system32\drivers\isapnp.sys + Kbdclass Keyboard Class Driver Microsoft Corporation c:\windows\system32\drivers\kbdclass.sys + kmixer Kernel Mode Audio Mixer Microsoft Corporation c:\windows\system32\drivers\kmixer.sys + KSecDD Kernel Security Support Provider Interface Microsoft Corporation c:\windows\system32\drivers\ksecdd.sys + lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys + LxrSII1d c:\windows\system32\drivers\lxrsii1d.sys + MHNDRV Multimedia Home Network component driver Microsoft Corporation c:\windows\system32\drivers\mhndrv.sys + mnmdd Frame buffer simulator Microsoft Corporation c:\windows\system32\drivers\mnmdd.sys + Modem Modem Device Driver Microsoft Corporation c:\windows\system32\drivers\modem.sys + Mouclass Mouse Class Driver Microsoft Corporation c:\windows\system32\drivers\mouclass.sys + MountMgr Mount Manager Microsoft Corporation c:\windows\system32\drivers\mountmgr.sys + MRxDAV WebDav Client Redirector Microsoft Corporation c:\windows\system32\drivers\mrxdav.sys + MRxSmb MRXSMB Microsoft Corporation c:\windows\system32\drivers\mrxsmb.sys + Msfs Mailslot driver Microsoft Corporation c:\windows\system32\drivers\msfs.sys + MSKSSRV MS KS Server Microsoft Corporation c:\windows\system32\drivers\mskssrv.sys + MSPCLOCK MS Proxy Clock Microsoft Corporation c:\windows\system32\drivers\mspclock.sys + MSPQM MS Proxy Quality Manager Microsoft Corporation c:\windows\system32\drivers\mspqm.sys + mssmbios System Management BIOS Driver Microsoft Corporation c:\windows\system32\drivers\mssmbios.sys + Mup Multiple UNC Provider driver Microsoft Corporation c:\windows\system32\drivers\mup.sys + NDIS NDIS 5.1 wrapper driver Microsoft Corporation c:\windows\system32\drivers\ndis.sys + NdisTapi Remote Access NDIS TAPI Driver Microsoft Corporation c:\windows\system32\drivers\ndistapi.sys + Ndisuio NDIS Usermode I/O Protocol Microsoft Corporation c:\windows\system32\drivers\ndisuio.sys + NdisWan Remote Access NDIS WAN Driver Microsoft Corporation c:\windows\system32\drivers\ndiswan.sys + NDProxy NDIS Proxy Microsoft Corporation c:\windows\system32\drivers\ndproxy.sys + NetBIOS NetBIOS Interface Microsoft Corporation c:\windows\system32\drivers\netbios.sys + NetBT NetBios over Tcpip Microsoft Corporation c:\windows\system32\drivers\netbt.sys + NIC1394 IEEE1394 Ndis Miniport and Call Manager Microsoft Corporation c:\windows\system32\drivers\nic1394.sys + Npfs NPFS Driver Microsoft Corporation c:\windows\system32\drivers\npfs.sys + Null NULL Driver Microsoft Corporation c:\windows\system32\drivers\null.sys + NwlnkFlt IPX Traffic Filter Driver Microsoft Corporation c:\windows\system32\drivers\nwlnkflt.sys + NwlnkFwd IPX Traffic Forwarder Driver Microsoft Corporation c:\windows\system32\drivers\nwlnkfwd.sys + ohci1394 1394 OpenHCI Port Driver Microsoft Corporation c:\windows\system32\drivers\ohci1394.sys + Parport Parallel Port Driver Microsoft Corporation c:\windows\system32\drivers\parport.sys + PartMgr Partition Manager Microsoft Corporation c:\windows\system32\drivers\partmgr.sys + PcdrNdisuio PCDRNDISUIO Usermode I/O Protocol Windows ® 2000 DDK provider c:\windows\system32\drivers\pcdrndisuio.sys + PCI NT Plug and Play PCI Enumerator Microsoft Corporation c:\windows\system32\drivers\pci.sys + PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys + PCIIde Generic PCI IDE Bus Driver Microsoft Corporation c:\windows\system32\drivers\pciide.sys + PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys + PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys + PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys + PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys + pfc Padus® ASPI Shell Padus, Inc. c:\windows\system32\drivers\pfc.sys + PptpMiniport WAN Miniport (PPTP) Microsoft Corporation c:\windows\system32\drivers\raspptp.sys + Processor Processor Device Driver Microsoft Corporation c:\windows\system32\drivers\processr.sys + Ps2 PS2 SYS Hewlett-Packard Company c:\windows\system32\drivers\ps2.sys + PSched QoS Packet Scheduler Microsoft Corporation c:\windows\system32\drivers\psched.sys + Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys + PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys + RasAcd Remote Access Auto Connection Driver Microsoft Corporation c:\windows\system32\drivers\rasacd.sys + Rasl2tp WAN Miniport (L2TP) Microsoft Corporation c:\windows\system32\drivers\rasl2tp.sys + RasPppoe Remote Access PPPOE Driver Microsoft Corporation c:\windows\system32\drivers\raspppoe.sys + Raspti Direct Parallel Microsoft Corporation c:\windows\system32\drivers\raspti.sys + Rdbss Rdbss Microsoft Corporation c:\windows\system32\drivers\rdbss.sys + RDPCDD RDP Miniport Microsoft Corporation c:\windows\system32\drivers\rdpcdd.sys + rdpdr Microsoft RDP Device redirector Microsoft Corporation c:\windows\system32\drivers\rdpdr.sys + RDPWD RDP Terminal Stack Driver (US/Canada Only, Not for Export) Microsoft Corporation c:\windows\system32\drivers\rdpwd.sys + redbook Redbook Audio Filter Driver Microsoft Corporation c:\windows\system32\drivers\redbook.sys + RTL8023xp Realtek 10/100/1000 NDIS 5.1 Driver Realtek Semiconductor Corporation c:\windows\system32\drivers\rtlnicxp.sys + rtl8139 Realtek RTL8139 NDIS 5.0 Driver Realtek Semiconductor Corporation c:\windows\system32\drivers\rtl8139.sys + Secdrv SafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys + Serial Serial Device Driver Microsoft Corporation c:\windows\system32\drivers\serial.sys + Sfloppy SCSI Floppy Driver Microsoft Corporation c:\windows\system32\drivers\sfloppy.sys + splitter Microsoft Kernel Audio Splitter Microsoft Corporation c:\windows\system32\drivers\splitter.sys + sptd c:\windows\system32\drivers\sptd.sys + sr System Restore Filesystem Filter Driver Microsoft Corporation c:\windows\system32\drivers\sr.sys + Srv Srv Microsoft Corporation c:\windows\system32\drivers\srv.sys + swenum Plug and Play Software Device Enumerator Microsoft Corporation c:\windows\system32\drivers\swenum.sys + swmidi Microsoft GS Wavetable Synthesizer Microsoft Corporation c:\windows\system32\drivers\swmidi.sys + sysaudio System Audio WDM Filter Microsoft Corporation c:\windows\system32\drivers\sysaudio.sys + Tcpip TCP/IP Protocol Driver Microsoft Corporation c:\windows\system32\drivers\tcpip.sys + TDPIPE Named Pipe Transport Driver Microsoft Corporation c:\windows\system32\drivers\tdpipe.sys + TDTCP TCP Transport Driver Microsoft Corporation c:\windows\system32\drivers\tdtcp.sys + TermDD Terminal Server Driver Microsoft Corporation c:\windows\system32\drivers\termdd.sys + Update Update Driver Microsoft Corporation c:\windows\system32\drivers\update.sys + usbccgp USB Common Class Generic Parent Driver Microsoft Corporation c:\windows\system32\drivers\usbccgp.sys + usbehci EHCI eUSB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbehci.sys + usbhub Default Hub Driver for USB Microsoft Corporation c:\windows\system32\drivers\usbhub.sys + usbohci OHCI USB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbohci.sys + usbprint USB Printer driver Microsoft Corporation c:\windows\system32\drivers\usbprint.sys + usbscan USB Scanner Driver Microsoft Corporation c:\windows\system32\drivers\usbscan.sys + USBSTOR USB Mass Storage Class Driver Microsoft Corporation c:\windows\system32\drivers\usbstor.sys + usbuhci UHCI USB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbuhci.sys + VgaSave VGA/Super VGA Video Driver Microsoft Corporation c:\windows\system32\drivers\vga.sys + VolSnap Volume Shadow Copy Driver Microsoft Corporation c:\windows\system32\drivers\volsnap.sys + Wanarp Remote Access IP ARP Driver Microsoft Corporation c:\windows\system32\drivers\wanarp.sys + WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys + wdmaud MMSYSTEM Wave/Midi API mapper Microsoft Corporation c:\windows\system32\drivers\wdmaud.sys + WudfPf Provide communciation services for UMDF components. Microsoft Corporation c:\windows\system32\drivers\wudfpf.sys HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute + autocheck autochk * Auto Check Utility Microsoft Corporation c:\windows\system32\autochk.exe HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options + Your Image File Name Here without a path Symbolic Debugger for Windows 2000 Microsoft Corporation c:\windows\system32\ntsd.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls + avgrsstx.dll AVG Resident Shield Starter AVG Technologies CZ, s.r.o. c:\windows\system32\avgrsstx.dll HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls + advapi32 Advanced Windows 32 Base API Microsoft Corporation c:\windows\system32\advapi32.dll + comdlg32 Common Dialogs DLL Microsoft Corporation c:\windows\system32\comdlg32.dll + gdi32 GDI Client DLL Microsoft Corporation c:\windows\system32\gdi32.dll + imagehlp Windows NT Image Helper Microsoft Corporation c:\windows\system32\imagehlp.dll + kernel32 Windows NT BASE API Client DLL Microsoft Corporation c:\windows\system32\kernel32.dll + lz32 LZ Expand/Compress API DLL Microsoft Corporation c:\windows\system32\lz32.dll + ole32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\ole32.dll + oleaut32 Microsoft Corporation c:\windows\system32\oleaut32.dll + olecli32 Object Linking and Embedding Client Library Microsoft Corporation c:\windows\system32\olecli32.dll + olecnv32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olecnv32.dll + olesvr32 Object Linking and Embedding Server Library Microsoft Corporation c:\windows\system32\olesvr32.dll + olethk32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olethk32.dll + rpcrt4 Remote Procedure Call Runtime Microsoft Corporation c:\windows\system32\rpcrt4.dll + shell32 Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + url Internet Shortcut Shell Extension DLL Microsoft Corporation c:\windows\system32\url.dll + urlmon OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + user32 Windows XP USER API Client DLL Microsoft Corporation c:\windows\system32\user32.dll + version Version Checking and File Installation Libraries Microsoft Corporation c:\windows\system32\version.dll + wininet Internet Extensions for Win32 Microsoft Corporation c:\windows\system32\wininet.dll + wldap32 Win32 LDAP API DLL Microsoft Corporation c:\windows\system32\wldap32.dll HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost + logonui.exe Windows Logon UI Microsoft Corporation c:\windows\system32\logonui.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify + AtiExtEvent ATI External Event Utility DLL Module ATI Technologies Inc. c:\windows\system32\ati2evxx.dll + crypt32chain Crypto API32 Microsoft Corporation c:\windows\system32\crypt32.dll + cryptnet Crypto Network Related API Microsoft Corporation c:\windows\system32\cryptnet.dll + cscdll Offline Network Agent Microsoft Corporation c:\windows\system32\cscdll.dll + ScCertProp Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll + Schedule Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll + sclgntfy Secondary Logon Service Notification DLL Microsoft Corporation c:\windows\system32\sclgntfy.dll + SensLogn Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll + termsrv Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll + WgaLogon Windows Genuine Advantage Notification Microsoft Corporation c:\windows\system32\wgalogon.dll + wlballoon Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries + 000000000001 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + 000000000002 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + 000000000003 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + 000000000004 Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll + 000000000005 Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll + 000000000006 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + 000000000007 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + 000000000008 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + 000000000009 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + 000000000010 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + 000000000011 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + 000000000012 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + 000000000013 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries + Network Location Awareness (NLA) Namespace Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + NTDS LDAP RnR Provider DLL Microsoft Corporation c:\windows\system32\winrnr.dll + Tcpip Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors + BJ Language Monitor Langage Monitor for Canon Bubble-Jet Printer Microsoft Corporation c:\windows\system32\cnbjmon.dll + Local Port Local Spooler DLL Microsoft Corporation c:\windows\system32\localspl.dll + Microsoft Document Imaging Writer Monitor Microsoft® Document Imaging Microsoft Corporation c:\windows\system32\mdimon.dll + Microsoft Shared Fax Monitor Microsoft Fax Print Monitor Microsoft Corporation c:\windows\system32\fxsmon.dll + PCL Language Monitor LanguageMonitor Hewlett-Packard Company c:\windows\system32\hpz3l3xu.dll + PJL Language Monitor PJL Language monitor Microsoft Corporation c:\windows\system32\pjlmon.dll + Standard TCP/IP Port Standard TCP/IP Port Monitor DLL Microsoft Corporation c:\windows\system32\tcpmon.dll + USB Monitor Standard Dynamic Printing Port Monitor DLL Microsoft Corporation c:\windows\system32\usbmon.dll HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders + digest.dll Digest SSPI Authentication Package Microsoft Corporation c:\windows\system32\digest.dll + msapsspc.dll DPA Client for 32 bit platforms Microsoft Corporation c:\windows\system32\msapsspc.dll + msnsspc.dll MSN Internet Access Microsoft Corporation c:\windows\system32\msnsspc.dll + schannel.dll TLS / SSL Security Provider Microsoft Corporation c:\windows\system32\schannel.dll HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages + msv1_0 Microsoft Authentication Package v1.0 Microsoft Corporation c:\windows\system32\msv1_0.dll HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages + scecli Windows Security Configuration Editor Client Engine Microsoft Corporation c:\windows\system32\scecli.dll HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages + kerberos Kerberos Security Package Microsoft Corporation c:\windows\system32\kerberos.dll + msv1_0 Microsoft Authentication Package v1.0 Microsoft Corporation c:\windows\system32\msv1_0.dll + schannel TLS / SSL Security Provider Microsoft Corporation c:\windows\system32\schannel.dll + wdigest Microsoft Digest Access Microsoft Corporation c:\windows\system32\wdigest.dll HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order + LanmanWorkstation Microsoft Windows Network Microsoft Corporation c:\windows\system32\ntlanman.dll + RDPNP Microsoft Terminal Services Microsoft Corporation c:\windows\system32\drprov.dll + WebClient Web Client Network Microsoft Corporation c:\windows\system32\davclnt.dll

#23 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 04 July 2008 - 01:29 AM

Hi pjbipirate,

Please try this and let me know how you get on:

Download Process Explorer from here:
http://download.sysi...essExplorer.zip

Unzip the files into a folder on your desktop, then reboot your machine

When the error occurs on boot, do NOT press OK - leave it on the screen.
Open the Process Explorer folder and double-click procexp.exe to start the program.
After agreeing to the EULA, the main program window will appear - this contains a list of processes active on your system.
Find the button on the Process Explorer toolbar that looks like a target, click it and hold down the mouse button - the Process Explorer window will disappear.
Now move the mouse to the error dialog box so it is selected and release the mouse button.
The process on the list which is now highlighted is the process responsible for the error box - please write down the name of it and post the results in your next response.
ASAP & UNITE Member

#24 pjbipirate

pjbipirate

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 05 July 2008 - 12:45 PM

I was a bit confused by your instructions. I am not sure if I did this correctly or not because when I would click down the mouse button or hold it but the process explorer window would not disappear. So what I did instead was that I clicked on the bulls eye or target button in the process explorer window which said find window's process (drag over window) and I had the run time error box open close by. After I clicked that button and made sure that the run time error box was highlighted around the corners, a specific process was highlighted in the process explorer. Also, this process had the same icon as the run time box. Anyways, this is what was in that specific process from the process explorer: The name is IcStarter.exe and the company name is AF, while there is no description. Two collapsable tabs under the names of explorer.exe and hpqtra08.exe both have the negative sign next to them or are opened up in order to show this process. Also, if i point my mouse at the name of the process, it shows where in the computer that this process is located, which is: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup This file/folder contained two items. The IcStarter.exe and an Adobe Gamma shortcut.

#25 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 05 July 2008 - 07:12 PM

Hi pjbipirate,

I'm sorry if the instructions weren't straightforward enough - but it looks like you did it exactly right!
It looks like IcStarter.exe may be the cause of the problem, so let's find out.

We will move this file to another directory so it is not automatically started:
Press Start->Run, copy/paste the following command (it's one long command) into the box and press OK:

cmd /c move "C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\IcStarter.exe" "C:\Documents and Settings\HP_Administrator\"

Then navigate to the folder in question and make sure IcStarter.exe is no longer present:
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup

If it's been successfully moved, then reboot and see if the problem has been resolved.
ASAP & UNITE Member

    Advertisements

Register to Remove


#26 pjbipirate

pjbipirate

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 06 July 2008 - 12:02 PM

MISSION ACCOMPLISHED!!!!!!!!!!!!! Thanks for all the help. When I reboot the computer, that error message never pops up again. Before we close this thread, you were saying that you would tell me more about how to protect my computer from further threats etc. Can you tell me what i need to do. Also do i need to download any firewall or anything. So in short, what do I need to do to protect my computer? Thanks

#27 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 06 July 2008 - 07:05 PM

You're most welcome pjbipirate, here are some important final steps:

Please now delete cureit.exe from your Desktop, also delete this folder:

C:\SmitRem


Download OTCleanIt to your Desktop
Double-click it to run the program, and press the CleanUp! button.
When prompted, allow your computer to be rebooted.

Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm

Re-enable Spybot's TeaTimer
  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • Check the box labeled Resident TeaTimer and OK any prompts.
  • Use File, Exit to terminate Spybot.
  • Reboot your machine for the changes to take effect.

------------------------------------------------------------------------

If the above went well, I think your machine is clean of malware :) here are some tips to help you keep it that way:

You have a good antivirus program installed, however I recommend you install antispyware software with real-time capabilities - this means it protects you from system changes and spyware while you are working, not just removing malware after it has been installed. There are a range of paid-for and free packages available, a free one I can recommend is Windows Defender, available here:
http://www.microsoft...re/default.mspx

You should consider installing a Personal Firewall program. Even if you are behind a NAT router, I recommend you use firewall software as it will improve the security of your computer by monitoring and controlling outbound connections to the internet as well as inbound. There are various free packages available, one I can recommend is Online Armor
A tutorial on firewalls to help you get started:
http://www.bleepingc...tutorial60.html

I recommend you install a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
Also: subscribe to the mailing list to get update notifications.

Please take care when downloading programs. One of the easiest ways to be infected is to download freeware/shareware programs which come laden with malware - this includes allowing websites to install browser plug-ins or ActiveX controls. Before downloading, it is crucial to check whether the source is reputable.
One way to check is to use McAfee SiteAdvisor. Copy the domain name into the space provided and SiteAdvisor will give you a report on the website which can help you decide if it is safe. They also have a toolbar for IE and Firefox which adds this functionality to your browser.

Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

Find out more about how to prevent infection in the future
http://users.telenet...prevention.html

Please post back to let me know that you have read this, and if there are any further issues.
ASAP & UNITE Member

#28 pjbipirate

pjbipirate

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 07 July 2008 - 11:53 PM

Hello, I just started a new internship, so please bear with me as it might be a couple of days before i post a reply to all those instructions; Once again, thanks for all the help and please bear with me just for a bit longer. Thanks

#29 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 07 July 2008 - 11:58 PM

No problem, thanks for letting me know :)
ASAP & UNITE Member

#30 pjbipirate

pjbipirate

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 12 July 2008 - 12:21 AM

Hello, I know i am pathetic in speed, but sorry I have been too busy. I just got about halfway done, i knoe its pathetic. lol. Anyways, i should be done soon. Thanks for holding up.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users