Report of CESAM: Anti-Malware v1.0.0.6866 http://www.cesam-antimalware.com/ Saved at 11:37:23 on 07.07.2008 OS: Microsoft Windows XP Professional Service Pack 2 (Build 2600) Default Browser: Apple Inc. Safari Web Browser 3.0.3 (522.15.5) Scanner Settings [x] Rootkits detection (twice-scan) [x] Retrieve files information [x] Check Microsoft signatures [x] Disable records using driver Filters [x] Trusted records [x] Empty records [x] Hidden registry records (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [x] Non-startable services [x] Non-startable drivers [x] Active records [x] Disabled records [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "Microsoft Corporation" - C:\WINDOWS\System32\autochk.exe (File signed by Microsoft) [Common] -----( %SystemRoot% )----- -----( HKCU\SOFTWARE\Classes\exefile\shell\open\command )----- -----( HKCU\SOFTWARE\Microsoft\Command Processor )----- -----( HKCU\SOFTWARE\Mirabilis\ICQ\Agent\Apps )----- -----( HKLM\SOFTWARE\Classes\exefile\shell\open\command )----- "{Default}" - ? - "%1" %* (System default value) -----( HKLM\SOFTWARE\Microsoft\Command Processor )----- -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options )----- -----( HKLM\SOFTWARE\Microsoft\Windows Script Host\Locations )----- -----( HKLM\SOFTWARE\Microsoft\Windows Scripting Host\Locations )----- "CScript" - "Microsoft Corporation" - C:\WINDOWS\System32\cscript.exe (File signed by Microsoft) "WScript" - "Microsoft Corporation" - C:\WINDOWS\System32\wscript.exe (File signed by Microsoft) -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls )----- [Control Panel Objects] -----( %SystemRoot%\system32 )----- "access.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\access.cpl (File signed by Microsoft) "appwiz.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl (File signed by Microsoft) "desk.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\desk.cpl (File signed by Microsoft) "hdwwiz.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\hdwwiz.cpl (File signed by Microsoft) "inetcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\inetcpl.cpl (File signed by Microsoft) "intl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\intl.cpl (File signed by Microsoft) "joy.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\joy.cpl (File signed by Microsoft) "main.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\main.cpl (File signed by Microsoft) "mmsys.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\mmsys.cpl (File signed by Microsoft) "ncpa.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\ncpa.cpl (File signed by Microsoft) "nusrmgr.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\nusrmgr.cpl (File signed by Microsoft) "odbccp32.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\odbccp32.cpl (File signed by Microsoft) "powercfg.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\powercfg.cpl (File signed by Microsoft) "sysdm.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\sysdm.cpl (File signed by Microsoft) "telephon.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\telephon.cpl (File signed by Microsoft) "timedate.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\timedate.cpl (File signed by Microsoft) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Computer, Inc." - J:\Program Files\QuickTime\QTSystem\QuickTime.cpl "VMCPL" - "VMware, Inc." - C:\Program Files\VMware\VMware Tools\VMControlPanel.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ACPIEC" (ACPIEC) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\ACPIEC.sys (File signed by Microsoft) "AFD Networking Support Environment" (AFD) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\afd.sys (File signed by Microsoft) "AMD K7 Processor Driver" (AmdK7) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\amdk7.sys (File signed by Microsoft) "AMD PCNET Compatable Adapter Driver" (PCnet) - "AMD Inc." - C:\WINDOWS\System32\DRIVERS\pcntpci5.sys (File signed by Microsoft) "ATM ARP Client Protocol" (Atmarpc) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\atmarpc.sys (File signed by Microsoft) "Abiosdsk" (Abiosdsk) - ? - C:\WINDOWS\system32\drivers\Abiosdsk.sys (File not found) "Aha154x" (Aha154x) - ? - C:\WINDOWS\system32\drivers\Aha154x.sys (File not found) "AliIde" (AliIde) - ? - C:\WINDOWS\system32\drivers\AliIde.sys (File not found) "Atdisk" (Atdisk) - ? - C:\WINDOWS\system32\drivers\Atdisk.sys (File not found) "Audio Stub Driver" (audstub) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\audstub.sys (File signed by Microsoft) "BCFTDI" (bcftdi) - "Jetico, Inc." - C:\WINDOWS\system32\drivers\bcftdi.sys "BC_Engine" (bc_ngn) - "Jetico, Inc." - C:\WINDOWS\system32\drivers\bc_ngn.sys "BC_Filter" (bc_filter) - "Jetico, Inc." - C:\WINDOWS\system32\drivers\bc_filter.sys "BC_IP_Filter" (bc_ip_f) - "Jetico, Inc." - C:\WINDOWS\system32\drivers\bc_ip_f.sys "BC_PAT_Filter" (bc_pat_f) - "Jetico, Inc." - C:\WINDOWS\system32\drivers\bc_pat_f.sys "BC_Protocol_Filter" (bc_prt_f) - "Jetico, Inc." - C:\WINDOWS\system32\drivers\bc_prt_f.sys "BC_TDI_Filter" (bc_tdi_f) - "Jetico, Inc." - C:\WINDOWS\system32\drivers\bc_tdi_f.sys "Beep" (Beep) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Beep.sys (File signed by Microsoft) "CD-Burning Filter Driver" (Imapi) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\imapi.sys (File signed by Microsoft) "CD-ROM Driver" (Cdrom) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\cdrom.sys (File signed by Microsoft) "Cdaudio" (Cdaudio) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Cdaudio.sys (File signed by Microsoft) "Cdfs" (Cdfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Cdfs.sys (File signed by Microsoft) "CmdIde" (CmdIde) - ? - C:\WINDOWS\system32\drivers\CmdIde.sys (File not found) "Cpqarray" (Cpqarray) - ? - C:\WINDOWS\system32\drivers\Cpqarray.sys (File not found) "Digital CD Audio Playback Filter Driver" (redbook) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\redbook.sys (File signed by Microsoft) "Direct Parallel" (Raspti) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\raspti.sys (File signed by Microsoft) "Direct Parallel Link Driver" (Ptilink) - "Parallel Technologies, Inc." - C:\WINDOWS\System32\DRIVERS\ptilink.sys (File signed by Microsoft) "Disk Driver" (Disk) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\disk.sys (File signed by Microsoft) "Fastfat" (Fastfat) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Fastfat.sys (File signed by Microsoft) "Fips" (Fips) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Fips.sys (File signed by Microsoft) "Floppy Disk Controller Driver" (Fdc) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fdc.sys (File signed by Microsoft) "Floppy Disk Driver" (Flpydisk) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\flpydisk.sys (File signed by Microsoft) "Fs_Rec" (Fs_Rec) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Fs_Rec.sys (File signed by Microsoft) "GEARAspiWDM" (GEARAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys "Generic Packet Classifier" (Gpc) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\msgpc.sys (File signed by Microsoft) "IP Network Address Translator" (IpNat) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipnat.sys (File signed by Microsoft) "IP Traffic Filter Driver" (IpFilterDriver) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys (File signed by Microsoft) "IP in IP Tunnel Driver" (IpInIp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipinip.sys (File signed by Microsoft) "IPSEC driver" (IPSec) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipsec.sys (File signed by Microsoft) "IPX Traffic Filter Driver" (NwlnkFlt) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys (File signed by Microsoft) "IPX Traffic Forwarder Driver" (NwlnkFwd) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys (File signed by Microsoft) "IR Enumerator Service" (IRENUM) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\irenum.sys (File signed by Microsoft) "Intel AGP Bus Filter" (agp440) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\agp440.sys (File signed by Microsoft) "IntelIde" (IntelIde) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\intelide.sys (File signed by Microsoft) "KSecDD" (KSecDD) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\KSecDD.sys (File signed by Microsoft) "Keyboard Class Driver" (Kbdclass) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\kbdclass.sys (File signed by Microsoft) "MRXSMB" (MRxSmb) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mrxsmb.sys (File signed by Microsoft) "Microcode Update Driver" (Update) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\update.sys (File signed by Microsoft) "Microsoft AC Adapter Driver" (CmBatt) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\CmBatt.sys (File signed by Microsoft) "Microsoft ACPI Driver" (ACPI) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ACPI.sys (File signed by Microsoft) "Microsoft Composite Battery Driver" (Compbatt) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\compbatt.sys (File signed by Microsoft) "Modem" (Modem) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Modem.sys (File signed by Microsoft) "MountMgr" (MountMgr) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\MountMgr.sys (File signed by Microsoft) "Mouse Class Driver" (Mouclass) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mouclass.sys (File signed by Microsoft) "Msfs" (Msfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Msfs.sys (File signed by Microsoft) "Mup" (Mup) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Mup.sys (File signed by Microsoft) "NDIS System Driver" (NDIS) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\NDIS.sys (File signed by Microsoft) "NDIS Usermode I/O Protocol" (Ndisuio) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ndisuio.sys (File signed by Microsoft) "NDProxy" (NDProxy) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\NDProxy.sys (File signed by Microsoft) "NetBIOS Interface" (NetBIOS) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\netbios.sys (File signed by Microsoft) "NetBios over Tcpip" (NetBT) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\netbt.sys (File signed by Microsoft) "Npfs" (Npfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Npfs.sys (File signed by Microsoft) "Ntfs" (Ntfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Ntfs.sys (File signed by Microsoft) "Null" (Null) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Null.sys (File signed by Microsoft) "OSPD Kernel (c) Online Solutions" (ASKernel) - "Online Solutions" - C:\WINDOWS\system32\drivers\ASKernel.sys "PCI Bus Driver" (PCI) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\pci.sys (File signed by Microsoft) "PCIIde" (PCIIde) - ? - C:\WINDOWS\system32\drivers\PCIIde.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "ParVdm" (ParVdm) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\ParVdm.sys (File signed by Microsoft) "Parallel port driver" (Parport) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\parport.sys (File signed by Microsoft) "PartMgr" (PartMgr) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\PartMgr.sys (File signed by Microsoft) "Pcmcia" (Pcmcia) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Pcmcia.sys (File signed by Microsoft) "PnP ISA/EISA Bus Driver" (isapnp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\isapnp.sys (File signed by Microsoft) "Processor Driver" (Processor) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\processr.sys (File signed by Microsoft) "Ql10wnt" (Ql10wnt) - ? - C:\WINDOWS\system32\drivers\Ql10wnt.sys (File not found) "Ql10wntcn" (Ql10wntcn) - ? - C:\WINDOWS\system32\drivers\Ql10wntcn.sys (Hidden registry record, rootkit activity | File not found) "QoS Packet Scheduler" (PSched) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\psched.sys (File signed by Microsoft) "RAS Asynchronous Media Driver" (AsyncMac) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\asyncmac.sys (File signed by Microsoft) "RDPCDD" (RDPCDD) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys (File signed by Microsoft) "RDPWD" (RDPWD) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\RDPWD.sys (File signed by Microsoft) "Rdbss" (Rdbss) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rdbss.sys (File signed by Microsoft) "Remote Access Auto Connection Driver" (RasAcd) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rasacd.sys (File signed by Microsoft) "Remote Access IP ARP Driver" (Wanarp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\wanarp.sys (File signed by Microsoft) "Remote Access NDIS TAPI Driver" (NdisTapi) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ndistapi.sys (File signed by Microsoft) "Remote Access NDIS WAN Driver" (NdisWan) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ndiswan.sys (File signed by Microsoft) "Remote Access PPPOE Driver" (RasPppoe) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\raspppoe.sys (File signed by Microsoft) "Secdrv" (Secdrv) - ? - C:\WINDOWS\System32\DRIVERS\secdrv.sys (File found, but can't get any details | File signed by Microsoft) "Serenum Filter Driver" (serenum) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\serenum.sys (File signed by Microsoft) "Serial port driver" (Serial) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\serial.sys (File signed by Microsoft) "Sfloppy" (Sfloppy) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Sfloppy.sys (File signed by Microsoft) "Simbad" (Simbad) - ? - C:\WINDOWS\system32\drivers\Simbad.sys (File not found) "Software Bus Driver" (swenum) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\swenum.sys (File signed by Microsoft) "Sparrow" (Sparrow) - ? - C:\WINDOWS\system32\drivers\Sparrow.sys (File not found) "Srv" (Srv) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\srv.sys (File signed by Microsoft) "Standard IDE/ESDI Hard Disk Controller" (atapi) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\atapi.sys (File signed by Microsoft) "System Restore Filter Driver" (sr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\sr.sys (File signed by Microsoft) "TCP/IP Protocol Driver" (Tcpip) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\tcpip.sys (File signed by Microsoft) "TDPIPE" (TDPIPE) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\TDPIPE.sys (File signed by Microsoft) "TDTCP" (TDTCP) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\TDTCP.sys (File signed by Microsoft) "Terminal Device Driver" (TermDD) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\termdd.sys (File signed by Microsoft) "TosIde" (TosIde) - ? - C:\WINDOWS\system32\drivers\TosIde.sys (File not found) "Udfs" (Udfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Udfs.sys (File signed by Microsoft) "UnlockerDriver5" (UnlockerDriver5) - ? - j:\Program Files\Unlocker\UnlockerDriver5.sys (File found, but can't get any details) "VMware Ethernet Adapter Driver" (vmxnet) - "VMware, Inc." - C:\WINDOWS\System32\DRIVERS\vmxnet.sys (File signed by Microsoft) "VMware Pointing Device" (vmmouse) - "VMware, Inc." - C:\WINDOWS\System32\DRIVERS\vmmouse.sys (File signed by Microsoft) "VMware server memory controller" (VMMEMCTL) - "VMware, Inc." - C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys "VgaSave" (VgaSave) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\vga.sys (File signed by Microsoft) "ViaIde" (ViaIde) - ? - C:\WINDOWS\system32\drivers\ViaIde.sys (File not found) "VolSnap" (VolSnap) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\VolSnap.sys (File signed by Microsoft) "Volume Manager Driver" (Ftdisk) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ftdisk.sys (File signed by Microsoft) "WAN Miniport (L2TP)" (Rasl2tp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rasl2tp.sys (File signed by Microsoft) "WAN Miniport (PPTP)" (PptpMiniport) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\raspptp.sys (File signed by Microsoft) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WebDav Client Redirector" (MRxDAV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mrxdav.sys (File signed by Microsoft) "Windows Socket 2.0 Non-IFS Service Provider Support Environment" (WS2IFSL) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\ws2ifsl.sys (File signed by Microsoft) "abp480n5" (abp480n5) - ? - C:\WINDOWS\system32\drivers\abp480n5.sys (File not found) "adpu160m" (adpu160m) - ? - C:\WINDOWS\system32\drivers\adpu160m.sys (File not found) "aic78u2" (aic78u2) - ? - C:\WINDOWS\system32\drivers\aic78u2.sys (File not found) "aic78xx" (aic78xx) - ? - C:\WINDOWS\system32\drivers\aic78xx.sys (File not found) "amsint" (amsint) - ? - C:\WINDOWS\system32\drivers\amsint.sys (File not found) "apf1n66v" (apf1n66v) - ? - C:\WINDOWS\system32\drivers\apf1n66v.sys (Hidden registry record, rootkit activity | File not found) "asc" (asc) - ? - C:\WINDOWS\system32\drivers\asc.sys (File not found) "asc3350p" (asc3350p) - ? - C:\WINDOWS\system32\drivers\asc3350p.sys (File not found) "asc3550" (asc3550) - ? - C:\WINDOWS\system32\drivers\asc3550.sys (File not found) "cbidf2k" (cbidf2k) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\cbidf2k.sys (File signed by Microsoft) "cd20xrnt" (cd20xrnt) - ? - C:\WINDOWS\system32\drivers\cd20xrnt.sys (File not found) "d344bus" (d344bus) - " " - C:\WINDOWS\System32\DRIVERS\d344bus.sys "d344prt" (d344prt) - " " - C:\WINDOWS\System32\Drivers\d344prt.sys "dac2w2k" (dac2w2k) - ? - C:\WINDOWS\system32\drivers\dac2w2k.sys (File not found) "dac960nt" (dac960nt) - ? - C:\WINDOWS\system32\drivers\dac960nt.sys (File not found) "dmboot" (dmboot) - "Microsoft Corp., Veritas Software" - C:\WINDOWS\System32\drivers\dmboot.sys (File signed by Microsoft) "dmio" (dmio) - "Microsoft Corp., Veritas Software" - C:\WINDOWS\System32\drivers\dmio.sys (File signed by Microsoft) "dmload" (dmload) - "Microsoft Corp., Veritas Software." - C:\WINDOWS\System32\drivers\dmload.sys (File signed by Microsoft) "dpti2o" (dpti2o) - ? - C:\WINDOWS\system32\drivers\dpti2o.sys (File not found) "fsflt" (fsflt) - ? - C:\WINDOWS\System32\drivers\fsflt.sys (File not found) "hgfs" (hgfs) - "VMware, Inc." - C:\WINDOWS\System32\DRIVERS\hgfs.sys "hpn" (hpn) - ? - C:\WINDOWS\system32\drivers\hpn.sys (File not found) "i2omp" (i2omp) - ? - C:\WINDOWS\system32\drivers\i2omp.sys (File not found) "i8042 Keyboard and PS/2 Mouse Port Driver" (i8042prt) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\i8042prt.sys (File signed by Microsoft) "ini910u" (ini910u) - ? - C:\WINDOWS\system32\drivers\ini910u.sys (File not found) "mnmdd" (mnmdd) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\mnmdd.sys (File signed by Microsoft) "mraid35x" (mraid35x) - ? - C:\WINDOWS\system32\drivers\mraid35x.sys (File not found) "perc2" (perc2) - ? - C:\WINDOWS\system32\drivers\perc2.sys (File not found) "perc2hib" (perc2hib) - ? - C:\WINDOWS\system32\drivers\perc2hib.sys (File not found) "ql1080" (ql1080) - ? - C:\WINDOWS\system32\drivers\ql1080.sys (File not found) "ql12160" (ql12160) - ? - C:\WINDOWS\system32\drivers\ql12160.sys (File not found) "ql1240" (ql1240) - ? - C:\WINDOWS\system32\drivers\ql1240.sys (File not found) "ql1280" (ql1280) - ? - C:\WINDOWS\system32\drivers\ql1280.sys (File not found) "runXP" (runXP) - ? - C:\WINDOWS\system32\drivers\runXP.sys (Hidden registry record, rootkit activity | File not found) "sptd" (sptd) - ? - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "sym_hi" (sym_hi) - ? - C:\WINDOWS\system32\drivers\sym_hi.sys (File not found) "sym_u3" (sym_u3) - ? - C:\WINDOWS\system32\drivers\sym_u3.sys (File not found) "symavc32" (symavc32) - ? - C:\WINDOWS\system32\drivers\symavc32.sys (Hidden registry record, rootkit activity | File not found) "symc810" (symc810) - ? - C:\WINDOWS\system32\drivers\symc810.sys (File not found) "symc8xx" (symc8xx) - ? - C:\WINDOWS\system32\drivers\symc8xx.sys (File not found) "ultra" (ultra) - ? - C:\WINDOWS\system32\drivers\ultra.sys (File not found) "vmscsi" (vmscsi) - "VMware, Inc." - C:\WINDOWS\System32\DRIVERS\vmscsi.sys (File signed by Microsoft) "vmx_svga" (vmx_svga) - "VMware, Inc." - C:\WINDOWS\System32\DRIVERS\vmx_svga.sys (File signed by Microsoft) (Disabled) "HackerDefenderDrv100" (HackerDefenderDrv100) - ? - C:\hxdefdrv.sys (Hidden registry record, rootkit activity | File found, but can't get any details) [Explorer] -----( HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components )----- -----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )----- -----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )----- "(0) My Current Home Page" - ? - About:Home (System default value) -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- -----( HKCU\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- Installed Components "Address Book 6" - "Microsoft Corporation" - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install (File signed by Microsoft) Installed Components "Browser Customizations" - "Microsoft Corporation" - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (File signed by Microsoft) Installed Components "Internet Explorer" - "Microsoft Corporation" - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE (File signed by Microsoft) Installed Components "Internet Explorer 6" - "Microsoft Corporation" - %SystemRoot%\system32\ie4uinit.exe (File signed by Microsoft) Installed Components "Microsoft Outlook Express 6" - "Microsoft Corporation" - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install (File signed by Microsoft) Installed Components "Microsoft Windows Media Player" - "Microsoft Corporation" - C:\WINDOWS\inf\unregmp2.exe /ShowWMP (File signed by Microsoft) Installed Components "Microsoft Windows Media Player 6.4" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT (File signed by Microsoft) Installed Components "Microsoft Windows Media Player 8" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub (File signed by Microsoft) Installed Components "NetMeeting 3.01" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT (File signed by Microsoft) Installed Components "Outlook Express" - "Microsoft Corporation" - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE (File signed by Microsoft) Installed Components "StubPath" - "Microsoft Corporation" - "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser (File signed by Microsoft) Installed Components "StubPath" - "Microsoft Corporation" - C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install Installed Components "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll (File signed by Microsoft) Installed Components "Windows Desktop Update" - "Microsoft Corporation" - regsvr32.exe /s /n /i:U shell32.dll (File signed by Microsoft) Installed Components "Windows Messenger" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser (File signed by Microsoft) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {0D2E74C4-3C34-11d2-A27E-00C04FC30871} "{0D2E74C4-3C34-11d2-A27E-00C04FC30871}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll (File signed by Microsoft) {24F14F01-7B1C-11d1-838f-0000F80461CF} "{24F14F01-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll (File signed by Microsoft) {24F14F02-7B1C-11d1-838f-0000F80461CF} "{24F14F02-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll (File signed by Microsoft) {66742402-F9B9-11D1-A202-0000F81FEDEE} "{66742402-F9B9-11D1-A202-0000F81FEDEE}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll (File signed by Microsoft) -----( HKLM\Software\Classes\Protocols\Filter )----- {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} "AP Class Install Handler filter" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) {8f6b0360-b80d-11d0-a9b3-006097942311} "AP lzdhtml encoding/decoding Filter" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) {8f6b0360-b80d-11d0-a9b3-006097942311} "AP lzdhtml encoding/decoding Filter" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) {8f6b0360-b80d-11d0-a9b3-006097942311} "AP lzdhtml encoding/decoding Filter" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\System32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\System32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\System32\mscoree.dll {733AC4CB-F1A4-11d0-B951-00A0C90312E1} "WebView MIME Filter" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll (File signed by Microsoft) {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} "AsyncPProt Class" - "Microsoft Corporation" - C:\WINDOWS\System32\msdxm.ocx (File signed by Microsoft) {3dd53d40-7b8b-11D0-b013-00aa0059ce02} "CDL: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) {12D51199-0DB5-46FE-A120-47A3D7D937CC} "DVD: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\System32\msvidctl.dll (File signed by Microsoft) {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {05300401-BCBC-11d0-85E3-00C04FD85AB4} "MHTML Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\inetcomm.dll (File signed by Microsoft) {03B7A5D4-96B0-4316-95F8-072D326A58F1} "MLFPHandler Class" - ? - ielpview.dll (File not found) {3050F406-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML About Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\System32\mshtml.dll (File signed by Microsoft) {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\System32\mshtml.dll (File signed by Microsoft) {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\System32\mshtml.dll (File signed by Microsoft) {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Mailto Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\System32\mshtml.dll (File signed by Microsoft) {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Resource Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\System32\mshtml.dll (File signed by Microsoft) {76E67A63-06E9-11D2-A840-006008059382} "Microsoft HTML Resource Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\System32\mshtml.dll (File signed by Microsoft) {9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - C:\WINDOWS\System32\itss.dll (File signed by Microsoft) {9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - C:\WINDOWS\System32\itss.dll (File signed by Microsoft) {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "TV: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\System32\msvidctl.dll (File signed by Microsoft) {E4CB5121-E242-11D4-8ED6-00010219EB22} "VFSP Class" - ? - VFSProtocol.dll (File not found) {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} "WiaProtocol Class" - "Microsoft Corporation" - C:\WINDOWS\System32\wiascr.dll (File signed by Microsoft) {79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) {79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) {79eac9e3-baf9-11ce-8c82-00aa004ba90b} "ftp: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) {79eac9e4-baf9-11ce-8c82-00aa004ba90b} "gopher: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) {79eac9e2-baf9-11ce-8c82-00aa004ba90b} "http: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) {79eac9e5-baf9-11ce-8c82-00aa004ba90b} "https: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) {79eac9e6-baf9-11ce-8c82-00aa004ba90b} "mk: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )----- {438755C2-A8BA-11D1-B96B-00A0C90312E1} "Browseui preloader" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {8C7461EF-2B13-11d2-BE35-3078302C2030} "Component Categories cache daemon" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {A5949E07-8536-4625-A3D0-2DD83F559990} "ShHook Class" - "Mercury Interactive Corp." - C:\WINDOWS\System32\ShellHook.dll {AEB6717E-7E19-11d0-97EE-00C04FD91972} "URL Exec Hook" - "Microsoft Corporation" - C:\WINDOWS\System32\shell32.dll (File signed by Microsoft) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {01E04581-4EEE-11d0-BFE9-00AA005B4383} "&Address" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {7e653215-fa25-46bd-a339-34a2790f3cb7} "Accessible" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {88C6C381-2E85-11D0-94DE-444553540000} "ActiveX Cache Folder" - "Microsoft Corporation" - C:\WINDOWS\System32\occache.dll (File signed by Microsoft) {E0E11A09-5CB8-4B6C-8332-E00720A168F2} "Address Bar Parser" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {A08C11D2-A228-11d0-825B-00AA005B4383} "Address EditBox" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {D20EA4E1-3957-11d2-A40B-0C5020524153} "Administrative Tools" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (File signed by Microsoft) {875CB1A1-0F29-45de-A1AE-CFB4950D0B78} "Audio Media Properties Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\shmedia.dll (File signed by Microsoft) {91EA3F8B-C99B-11d0-9815-00C04FD91972} "Augmented Shell Folder" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {6413BA2C-B461-11d1-A18A-080036B11A03} "Augmented Shell Folder 2" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - "Microsoft Corporation" - C:\WINDOWS\System32\wuaueng.dll (File signed by Microsoft) {87D62D94-71B3-4b9a-9489-5FE6850DC73E} "Avi Properties Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\shmedia.dll (File signed by Microsoft) {F61FFEC1-754F-11d0-80CA-00AA005B4383} "BandProxy" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {85BBD920-42A0-1069-A2E4-08002B30309D} "Briefcase" - "Microsoft Corporation" - C:\WINDOWS\System32\syncui.dll (File signed by Microsoft) {67EA19A0-CCEF-11d0-8024-00C04FD75D13} "CDF Extension Copy Hook" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {0CD7A5C0-9F37-11CE-AE65-08002B2E1262} "Cabinet File" - "Microsoft Corporation" - C:\WINDOWS\System32\cabview.dll (File signed by Microsoft) {f39a0dc0-9cc8-11d0-a599-00c04fd64433} "Channel" - "Microsoft Corporation" - C:\WINDOWS\System32\cdfview.dll (File signed by Microsoft) {f3ba0dc0-9cc8-11d0-a599-00c04fd64435} "Channel Handler Object" - "Microsoft Corporation" - C:\WINDOWS\System32\cdfview.dll (File signed by Microsoft) {f3da0dc0-9cc8-11d0-a599-00c04fd64437} "Channel Menu Handler Object" - "Microsoft Corporation" - C:\WINDOWS\System32\cdfview.dll (File signed by Microsoft) {f3aa0dc0-9cc8-11d0-a599-00c04fd64434} "Channel Shortcut" - "Microsoft Corporation" - C:\WINDOWS\System32\cdfview.dll (File signed by Microsoft) {f3ea0dc0-9cc8-11d0-a599-00c04fd64438} "Channel Shortcut Property Pages" - "Microsoft Corporation" - C:\WINDOWS\System32\cdfview.dll (File signed by Microsoft) {7D559C10-9FE9-11d0-93F7-00AA0059CE02} "Code Download Agent" - "Microsoft Corporation" - C:\WINDOWS\System32\webcheck.dll (File signed by Microsoft) {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} "Compatibility Page" - "Microsoft Corporation" - C:\WINDOWS\System32\SlayerXP.dll (File signed by Microsoft) {BD472F60-27FA-11cf-B8B4-444553540000} "Compressed (zipped) Folder Right Drag Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\zipfldr.dll (File signed by Microsoft) {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} "Compressed (zipped) Folder SendTo Target" - "Microsoft Corporation" - C:\WINDOWS\System32\zipfldr.dll (File signed by Microsoft) {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} "CompressedFolder" - "Microsoft Corporation" - C:\WINDOWS\System32\zipfldr.dll (File signed by Microsoft) {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} "ConnectionAgent" - "Microsoft Corporation" - C:\WINDOWS\System32\webcheck.dll (File signed by Microsoft) {7444C717-39BF-11D1-8CD9-00C04FC29D45} "CryptPKO Class" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptext.dll (File signed by Microsoft) {7444C719-39BF-11D1-8CD9-00C04FC29D45} "CryptSig Class" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptext.dll (File signed by Microsoft) {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} "Custom MRU AutoCompleted List" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {CFCCC7A0-A282-11D1-9082-006008059382} "Darwin App Publisher" - "Microsoft Corporation" - C:\WINDOWS\System32\appwiz.cpl (File signed by Microsoft) {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} "DfsShell Class" - "Microsoft Corporation" - C:\WINDOWS\System32\dfsshlex.dll (File signed by Microsoft) {11359F4A-B191-42D7-905A-594F8CF0387B} "Dictionary.com" - "www.typeless.com" - C:\WINDOWS\Downloaded Program Files\lexbar.dll {62AE1F9A-126A-11D0-A14B-0800361B1103} "Directory Context Menu Verbs" - "Microsoft Corporation" - C:\WINDOWS\System32\dsuiext.dll (File signed by Microsoft) {163FDC20-2ABC-11d0-88F0-00A024AB2DBB} "Directory Object Find" - "Microsoft Corporation" - C:\WINDOWS\System32\dsquery.dll (File signed by Microsoft) {0D45D530-764B-11d0-A1CA-00AA00C16E65} "Directory Property UI" - "Microsoft Corporation" - C:\WINDOWS\System32\dsuiext.dll (File signed by Microsoft) {8A23E65E-31C2-11d0-891C-00A024AB2DBB} "Directory Query UI" - "Microsoft Corporation" - C:\WINDOWS\System32\dsquery.dll (File signed by Microsoft) {F020E586-5264-11d1-A532-0000F8757D7E} "Directory Start/Search Find" - "Microsoft Corporation" - C:\WINDOWS\System32\dsquery.dll (File signed by Microsoft) {59099400-57FF-11CE-BD94-0020AF85B590} "Disk Copy Extension" - "Microsoft Corporation" - C:\WINDOWS\System32\diskcopy.dll (File signed by Microsoft) {42071712-76d4-11d1-8b24-00a0c9068ff3} "Display Adapter CPL Extension" - "Microsoft Corporation" - C:\WINDOWS\System32\deskadp.dll (File signed by Microsoft) {42071713-76d4-11d1-8b24-00a0c9068ff3} "Display Monitor CPL Extension" - "Microsoft Corporation" - C:\WINDOWS\System32\deskmon.dll (File signed by Microsoft) {f92e8c40-3d33-11d2-b1aa-080036a75b03} "Display TroubleShoot CPL Extension" - "Microsoft Corporation" - C:\WINDOWS\System32\deskperf.dll (File signed by Microsoft) {22BF0C20-6DA7-11D0-B373-00A0C9034938} "Download Status" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {60fd46de-f830-4894-a628-6fa81bc0190d} "DropTarget Object for Photo Printing Wizard" - "Microsoft Corporation" - C:\WINDOWS\System32\photowiz.dll (File signed by Microsoft) {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} "E-mail" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (File signed by Microsoft) {DFA0CC7F-D36B-47D1-8EF5-415C1DA53F57} "EmEditor" - ? - C:\Program Files\EmEditor\emedshl.dll (File found, but can't get any details) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Encryption Context Menu" - ? - (COM-object registry key not found) {EFA24E64-B078-11d0-89E4-00C04FC9E26E} "Explorer Band" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {7A80E4A8-8005-11D2-BCF8-00C04F72C717} "ExtractIcon Class" - "Microsoft Corporation" - C:\WINDOWS\System32\mmcshext.dll (File signed by Microsoft) {EFA24E61-B078-11d0-89E4-00C04FC9E26E} "Favorites Band" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {BD84B380-8CA2-1069-AB1D-08000948F534} "Fonts" - "Microsoft Corporation" - C:\WINDOWS\System32\fontext.dll (File signed by Microsoft) {D20EA4E1-3957-11d2-A40B-0C5020524152} "Fonts" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (File signed by Microsoft) {32714800-2E5F-11d0-8B85-00AA0044F941} "For &People..." - "Microsoft Corporation" - C:\Program Files\Outlook Express\wabfind.dll (File signed by Microsoft) {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {3F30C968-480A-4C6C-862D-EFC0897BB84B} "GDI+ file thumbnail extractor" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll (File signed by Microsoft) {58f1f272-9240-4f51-b6d4-fd63d1618591} "Get a Passport Wizard" - "Microsoft Corporation" - C:\WINDOWS\System32\netplwiz.dll (File signed by Microsoft) {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "Global Folder Settings" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {EAB841A0-9550-11cf-8C16-00805F1408F3} "HTML Thumbnail Extractor" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll (File signed by Microsoft) {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} "Help and Support" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (File signed by Microsoft) {FF393560-C2A7-11CF-BFF4-444553540000} "History" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {88895560-9AA2-1069-930E-00AA0030EBC8} "HyperTerminal Icon Ext" - "Hilgraeve, Inc." - C:\WINDOWS\System32\hticons.dll (File signed by Microsoft) {DBCE2480-C732-101B-BE72-BA78E9AD5B27} "ICC Profile" - "Microsoft Corporation" - C:\WINDOWS\system32\icmui.dll (File signed by Microsoft) {5DB2625A-54DF-11D0-B6C4-0800091AA605} "ICM Monitor Management" - "Microsoft Corporation" - C:\WINDOWS\System32\icmui.dll (File signed by Microsoft) {675F097E-4C4D-11D0-B6C1-0800091AA605} "ICM Printer Management" - "Microsoft Corporation" - C:\WINDOWS\system32\icmui.dll (File signed by Microsoft) {176d6597-26d3-11d1-b350-080036a75b03} "ICM Scanner Management" - "Microsoft Corporation" - C:\WINDOWS\System32\icmui.dll (File signed by Microsoft) {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} "IE4 Suite Splash Screen" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {131A6951-7F78-11D0-A979-00C04FD705A2} "ISFBand OC" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {169A0691-8DF9-11d1-A1C4-00C04FD75D13} "In-pane search" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {0B124F8F-91F0-11D1-B8B5-006008059382} "Installed Apps Enumerator" - "Microsoft Corporation" - C:\WINDOWS\System32\appwiz.cpl (File signed by Microsoft) {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} "Internet" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (File signed by Microsoft) {871C5380-42A0-1069-A2EA-08002B30309D} "Internet Name Space" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {FBF23B40-E3F0-101B-8488-00AA003E56F8} "Internet Shortcut" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {6756A641-DE71-11d0-831B-00AA005B4383} "MRU AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {143A62C8-C33B-11D1-84FE-00C04FA34A14} "Microsoft Agent Character Property Sheet Handler" - "Microsoft Corporation" - C:\WINDOWS\msagent\agentpsh.dll (File signed by Microsoft) {00BB2763-6A77-11D0-A535-00C04FD7D062} "Microsoft AutoComplete" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} "Microsoft Browser Architecture" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {7BA4C742-9E81-11CF-99D3-00AA004AE837} "Microsoft BrowserBand" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {7988B573-EC89-11cf-9C00-00AA00A14F56} "Microsoft Disk Quota UI" - "Microsoft Corporation" - C:\WINDOWS\System32\dskquoui.dll (File signed by Microsoft) {6A205B57-2567-4A2C-B881-F787FAB579A3} "Microsoft DocProp Inplace Calendar Control" - "Microsoft Corporation" - C:\WINDOWS\System32\docprop2.dll (File signed by Microsoft) {0EEA25CC-4362-4A12-850B-86EE61B0D3EB} "Microsoft DocProp Inplace Droplist Combo Control" - "Microsoft Corporation" - C:\WINDOWS\System32\docprop2.dll (File signed by Microsoft) {A9CF0EAE-901A-4739-A481-E35B73E47F6D} "Microsoft DocProp Inplace Edit Box Control" - "Microsoft Corporation" - C:\WINDOWS\System32\docprop2.dll (File signed by Microsoft) {8EE97210-FD1F-4B19-91DA-67914005F020} "Microsoft DocProp Inplace ML Edit Box Control" - "Microsoft Corporation" - C:\WINDOWS\System32\docprop2.dll (File signed by Microsoft) {28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} "Microsoft DocProp Inplace Time Control" - "Microsoft Corporation" - C:\WINDOWS\System32\docprop2.dll (File signed by Microsoft) {883373C3-BF89-11D1-BE35-080036B11A03} "Microsoft DocProp Shell Ext" - "Microsoft Corporation" - C:\WINDOWS\System32\docprop2.dll (File signed by Microsoft) {63da6ec0-2e98-11cf-8d82-444553540000} "Microsoft FTP Folder" - "Microsoft Corporation" - C:\WINDOWS\System32\msieftp.dll (File signed by Microsoft) {00BB2764-6A77-11D0-A535-00C04FD7D062} "Microsoft History AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {5E6AB780-7743-11CF-A12B-00AA004AE837} "Microsoft Internet Toolbar" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {00BB2765-6A77-11D0-A535-00C04FD7D062} "Microsoft Multiple AutoComplete List Container" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {2206CDB2-19C1-11D1-89E0-00C04FD7A829} "Microsoft OLE DB Service Component Data Links" - "Microsoft Corporation" - C:\Program Files\Common Files\System\Ole DB\oledb32.dll (File signed by Microsoft) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {03C036F1-A186-11D0-824A-00AA005B4383} "Microsoft Shell Folder AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {3C374A40-BAE4-11CF-BF7D-00AA006946EE} "Microsoft Url History Service" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {CFBFAE00-17A6-11D0-99CB-00C04FD64497} "Microsoft Url Search Hook" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {A6FD9E45-6E44-43f9-8644-08598F5A74D9} "Midi Properties Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\shmedia.dll (File signed by Microsoft) {00022613-0000-0000-C000-000000000046} "Multimedia File Property Sheet" - "Microsoft Corporation" - C:\WINDOWS\System32\mmsys.cpl (File signed by Microsoft) {764BF0E1-F219-11ce-972D-00AA00A14F56} "Multimedia File Property Sheet" - ? - (COM-object registry key not found) {ECF03A33-103D-11d2-854D-006008059367} "MyDocs Copy Hook" - "Microsoft Corporation" - C:\WINDOWS\System32\mydocs.dll (File signed by Microsoft) {ECF03A32-103D-11d2-854D-006008059367} "MyDocs Drop Target" - "Microsoft Corporation" - C:\WINDOWS\System32\mydocs.dll (File signed by Microsoft) {4a7ded0a-ad25-11d0-98a8-0800361b1103} "MyDocs menu and properties" - "Microsoft Corporation" - C:\WINDOWS\System32\mydocs.dll (File signed by Microsoft) {7007ACC7-3202-11D1-AAD2-00805FC1270E} "Network Connections" - "Microsoft Corporation" - C:\WINDOWS\system32\NETSHELL.dll (File signed by Microsoft) {992CFFA0-F557-101A-88EC-00DD010CCC48} "Network Connections" - "Microsoft Corporation" - C:\WINDOWS\system32\NETSHELL.dll (File signed by Microsoft) {3EA48300-8CF6-101B-84FB-666CCB9BCD32} "OLE Docfile Property Page" - "Microsoft Corporation" - C:\WINDOWS\System32\docprop.dll (File signed by Microsoft) {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} "Offline Files Folder" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll (File signed by Microsoft) {10CFC467-4392-11d2-8DB4-00C04FA31A66} "Offline Files Folder Options" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll (File signed by Microsoft) {750fdf0e-2a26-11d1-a3ea-080036587f03} "Offline Files Menu" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll (File signed by Microsoft) {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {41E300E0-78B6-11ce-849B-444553540000} "PlusPack CPL Extension" - "Microsoft Corporation" - C:\WINDOWS\System32\themeui.dll (File signed by Microsoft) {D8BD2030-6FC9-11D0-864F-00AA006809D9} "PostAgent" - "Microsoft Corporation" - C:\WINDOWS\System32\webcheck.dll (File signed by Microsoft) {add36aa8-751a-4579-a266-d66f5202ccbb} "Print Ordering via the Web" - "Microsoft Corporation" - C:\WINDOWS\System32\netplwiz.dll (File signed by Microsoft) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - J:\Program Files\Real\RealPlayer\rpshell.dll {AF4F6510-F982-11d0-8595-00AA004CD6D8} "Registry Tree Options Utility" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {F0152790-D56E-4445-850E-4F3117DB740C} "Remote Sessions CPL Extension" - "Microsoft Corporation" - C:\WINDOWS\System32\remotepg.dll (File signed by Microsoft) {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} "Run..." - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (File signed by Microsoft) {3F953603-1008-4f6e-A73A-04AAC7A992F1} "Scanners & Cameras" - "Microsoft Corporation" - C:\WINDOWS\System32\wiashext.dll (File signed by Microsoft) {83bbcbf3-b28a-4919-a5aa-73027445d672} "Scanners & Cameras" - "Microsoft Corporation" - C:\WINDOWS\System32\wiashext.dll (File signed by Microsoft) {905667aa-acd6-11d2-8080-00805f6596d2} "Scanners & Cameras" - "Microsoft Corporation" - C:\WINDOWS\System32\wiashext.dll (File signed by Microsoft) {E211B736-43FD-11D1-9EFB-0000F8757FCD} "Scanners & Cameras" - "Microsoft Corporation" - C:\WINDOWS\System32\wiashext.dll (File signed by Microsoft) {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} "Scanners & Cameras" - "Microsoft Corporation" - C:\WINDOWS\System32\wiashext.dll (File signed by Microsoft) {D6277990-4C6A-11CF-8D87-00AA0060F5BF} "Scheduled Tasks" - "Microsoft Corporation" - C:\WINDOWS\System32\mstask.dll (File signed by Microsoft) {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} "Scheduling UI icon handler" - "Microsoft Corporation" - C:\WINDOWS\System32\mstask.dll (File signed by Microsoft) {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} "Scheduling UI property sheet handler" - "Microsoft Corporation" - C:\WINDOWS\System32\mstask.dll (File signed by Microsoft) {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} "Search" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (File signed by Microsoft) {9461b922-3c5a-11d2-bf8b-00c04fb93661} "Search Assistant OC" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {30D02401-6A81-11d0-8274-00C04FD5AE38} "Search Band" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {1F2E5C40-9550-11CE-99D2-00AA006E086C} "Security Shell Extension" - "Microsoft Corporation" - C:\WINDOWS\System32\rshx32.dll (File signed by Microsoft) {4E40F770-369C-11d0-8922-00A024AB2DBB} "Security Shell Extension" - "Microsoft Corporation" - C:\WINDOWS\System32\dssec.dll (File signed by Microsoft) {F37C5810-4D3F-11d0-B4BF-00AA00BBB723} "Security Shell Extension" - "Microsoft Corporation" - C:\WINDOWS\System32\rshx32.dll (File signed by Microsoft) {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - C:\WINDOWS\System32\sendmail.dll (File signed by Microsoft) {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - C:\WINDOWS\System32\sendmail.dll (File signed by Microsoft) {352EC2B7-8B9A-11D1-B8AE-006008059382} "Shell Application Manager" - "Microsoft Corporation" - C:\WINDOWS\System32\appwiz.cpl (File signed by Microsoft) {0A89A860-D7B1-11CE-8350-444553540000} "Shell Automation Inproc Service" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {ECD4FC4E-521C-11D0-B792-00A0C90312E1} "Shell Band Site Menu" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {ECD4FC4C-521C-11D0-B792-00A0C90312E1} "Shell DeskBar" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} "Shell DeskBarApp" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {E7E4BC40-E76A-11CE-A9BB-00AA004AE837} "Shell DocObject Viewer" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {60254CA5-953B-11CF-8C96-00AA00B8708C} "Shell Extension For Windows Script Host" - "Microsoft Corporation" - C:\WINDOWS\System32\wshext.dll (File signed by Microsoft) {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} "Shell Image Data Factory" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll (File signed by Microsoft) {eb9b1153-3b57-4e68-959a-a3266bc3d7fe} "Shell Image Property Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll (File signed by Microsoft) {e84fda7c-1d6a-45f6-b725-cb260c236066} "Shell Image Verbs" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll (File signed by Microsoft) {6b33163c-76a5-4b6c-bf21-45de9cd503a1} "Shell Publishing Wizard Object" - "Microsoft Corporation" - C:\WINDOWS\System32\netplwiz.dll (File signed by Microsoft) {ECD4FC4D-521C-11D0-B792-00A0C90312E1} "Shell Rebar BandSite" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {56117100-C0CD-101B-81E2-00AA004AE837} "Shell Scrap DataHandler" - "Microsoft Corporation" - C:\WINDOWS\System32\shscrap.dll (File signed by Microsoft) {59be4990-f85c-11ce-aff7-00aa003ca9f6} "Shell extensions for Microsoft Windows Network objects" - "Microsoft Corporation" - C:\WINDOWS\System32\ntlanui2.dll (File signed by Microsoft) {40dd6e20-7c17-11ce-a804-00aa003ca9f6} "Shell extensions for sharing" - "Microsoft Corporation" - C:\WINDOWS\System32\ntshrui.dll (File signed by Microsoft) {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} "Shell extensions for sharing" - "Microsoft Corporation" - C:\WINDOWS\System32\ntshrui.dll (File signed by Microsoft) {9E51E0D0-6E0F-11d2-9601-00C04FA31A86} "Shell properties for a DS object" - "Microsoft Corporation" - C:\WINDOWS\System32\dsquery.dll (File signed by Microsoft) {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} "SnagIt" - "TechSmith Corporation" - J:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll {CF74B903-3389-469c-B3B6-0204D204FCBD} "SnagItShellExt Class" - "TechSmith Corporation" - J:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll {F5175861-2688-11d0-9C5E-00AA00A45957} "Subscription Folder" - "Microsoft Corporation" - C:\WINDOWS\System32\webcheck.dll (File signed by Microsoft) {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} "Subscription Mgr" - "Microsoft Corporation" - C:\WINDOWS\System32\webcheck.dll (File signed by Microsoft) {9DBD2C50-62AD-11d0-B806-00C04FD706EC} "Summary Info Thumbnail handler (DOCFILES)" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll (File signed by Microsoft) {0DF44EAA-FF21-4412-828E-260A8728E7F1} "Taskbar and Start Menu" - "Microsoft Corporation" - C:\WINDOWS\System32\shell32.dll (File signed by Microsoft) {7BD29E00-76C1-11CF-9DD0-00A0C9034933} "Temporary Internet Files" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {7BD29E01-76C1-11CF-9DD0-00A0C9034933} "Temporary Internet Files" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {3DC7A020-0ACD-11CF-A9BB-00AA004AE837} "The Internet" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {acf35015-526e-4230-9596-becbe19f0ac9} "Track Popup Bar" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} "TrayAgent" - "Microsoft Corporation" - C:\WINDOWS\System32\webcheck.dll (File signed by Microsoft) {7376D660-C583-11d0-A3A5-00C04FD706EC} "TridentImageExtractor" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - j:\Program Files\Unlocker\UnlockerCOM.dll (File found, but can't get any details) {7A9D77BD-5403-11d2-8785-2E0420524153} "User Accounts" - "Microsoft Corporation" - C:\WINDOWS\System32\netplwiz.dll (File signed by Microsoft) {DD313E04-FEFF-11d1-8ECD-0000F87A470C} "User Assist" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {40C3D757-D6E4-4b49-BB41-0E5BBEA28817} "Video Media Properties Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\shmedia.dll (File signed by Microsoft) {c5a40261-cd64-4ccf-84cb-c394da41d590} "Video Thumbnail Extractor" - "Microsoft Corporation" - C:\WINDOWS\System32\shmedia.dll (File signed by Microsoft) {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\System32\wmpshell.dll (File signed by Microsoft) {8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" - "Microsoft Corporation" - C:\WINDOWS\System32\wmpshell.dll (File signed by Microsoft) {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\System32\wmpshell.dll (File signed by Microsoft) {E4B29F9D-D390-480b-92FD-7DDB47101D71} "Wav Properties Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\shmedia.dll (File signed by Microsoft) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {77597368-7b15-11d0-a0c2-080036af3f03} "Web Printer Shell Extension" - "Microsoft Corporation" - C:\WINDOWS\System32\printui.dll (File signed by Microsoft) {CC6EEFFB-43F6-46c5-9619-51D571967F7D} "Web Publishing Wizard" - "Microsoft Corporation" - C:\WINDOWS\System32\netplwiz.dll (File signed by Microsoft) {07798131-AF23-11d1-9111-00A0C98BA67D} "Web Search" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - C:\WINDOWS\System32\webcheck.dll (File signed by Microsoft) {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} "WebCheck SyncMgr Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\webcheck.dll (File signed by Microsoft) {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} "WebCheckChannelAgent" - "Microsoft Corporation" - C:\WINDOWS\System32\webcheck.dll (File signed by Microsoft) {08165EA0-E946-11CF-9C87-00AA005127ED} "WebCheckWebCrawler" - "Microsoft Corporation" - C:\WINDOWS\System32\webcheck.dll (File signed by Microsoft) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but can't get any details) {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} "Windows Security" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (File signed by Microsoft) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Computer, Inc." - J:\Program Files\iTunes\iTunesMiniPlayer.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {7849596a-48ea-486e-8937-a2a3009f31a9} "PostBootReminder object" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll (File signed by Microsoft) {fbeb8a05-beee-4442-804e-409d6c4515e9} "ShellFolder for CD Burning" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll (File signed by Microsoft) {35CEC8A3-2BE6-11D2-8773-92E220524153} "SysTray" - "Microsoft Corporation" - C:\WINDOWS\System32\stobject.dll (File signed by Microsoft) {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - C:\WINDOWS\System32\webcheck.dll (File signed by Microsoft) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {4D5C8C25-D075-11D0-B416-00C04FB90376} "&Tip of the Day" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {EFA24E61-B078-11D0-89E4-00C04FC9E26E} "Favorites Band" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} "File Search Explorer Band" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll (File signed by Microsoft) {EFA24E62-B078-11D0-89E4-00C04FC9E26E} "History Band" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {32683183-48A0-441B-A342-7C2A440A9478} "Media Band" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {30D02401-6A81-11D0-8274-00C04FD5AE38} "Search Band" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- "&Address" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) "&Google" - "Google Inc." - c:\program files\google\googletoolbar1.dll "&Links" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll (File signed by Microsoft) "ITBar7Layout" - ? - (COM-object registry key not found) "ITBarLayout" - ? - (COM-object registry key not found) "My Web Search" - "MyWebSearch.com" - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL "QuickSearch SearchBar" - ? - C:\Program Files\QuickSearch\QuickSearchBar3_30.dll "{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" - ? - (COM-object registry key not found) "Спутник@Mail.Ru" - "@Mail.Ru" - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {CFBFAE00-17A6-11D0-99CB-00C04FD64497} "Microsoft Url Search Hook" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {00A6FAF6-072E-44cf-8957-5838F569A31D} "{00A6FAF6-072E-44cf-8957-5838F569A31D}" - "MyWebSearch.com" - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL {09900DE8-1DCA-443F-9243-26FF581438AF} "Спутник@Mail.Ru" - "@Mail.Ru" - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {0470E62C-C97E-4317-81E5-0774D8CBF7B7} "EndPointScan Class" - "GFI Software Ltd." - C:\WINDOWS\Downloaded Program Files\EPS.dll / http://www.endpointscan.com/EndPointScan.cab {90C9629E-CD32-11D3-BBFB-00105A1F0D68} "InstallShield International Setup Player" - "InstallShield Software Corporation" - c:\windows\DOWNLO~1\isetup.dll / http://www.lizardtech.com/download/files/win/expressview/webinstall/isetup.cab Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? - (COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab {644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\rufsi.dll / http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} "{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}" - ? - (COM-object registry key not found) / http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyWebSearchInitialSetup1.0.0.15-3.cab (Disabled) {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (COM-object registry key not found) / http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "Mail.Ru Агент" - "Mail.Ru" - C:\Program Files\Mail.Ru\Agent\magent.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension )----- -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- "&Google" - "Google Inc." - c:\program files\google\googletoolbar1.dll {07B18EA9-A523-4961-B6BB-170DE4475CCA} "My Web Search" - "MyWebSearch.com" - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL "QuickSearch SearchBar" - ? - C:\Program Files\QuickSearch\QuickSearchBar3_30.dll {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} "SnagIt" - "TechSmith Corporation" - J:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll {09900DE8-1DCA-443F-9243-26FF581438AF} "Спутник@Mail.Ru" - "@Mail.Ru" - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {474264BC-9571-47C1-85B9-780F756DC9CE} "BHOManager Class" - "Mercury Interactive Corp." - C:\WINDOWS\System32\BHOManager.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - c:\program files\google\googletoolbar1.dll {00C6482D-C502-44C8-8409-FCE54AD9C208} "HelperObject Class" - "TechSmith Corporation" - J:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll {8984B388-A5BB-4DF7-B274-77B879E179DB} "MailRuBHO Class" - "@Mail.Ru" - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll {00A6FAF1-072E-44cf-8957-5838F569A31D} "MyWebSearch Search Assistant BHO" - "MyWebSearch.com" - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL {82315A18-6CFB-44a7-BDFD-90E36537C252} "QuickSearch SearchBar" - ? - C:\Program Files\QuickSearch\QuickSearchBar3_30.dll {07B18EA1-A523-4961-B6BB-170DE4475CCA} "mwsBar BHO" - "MyWebSearch.com" - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [Known DLLs] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )----- "advapi32" - "Microsoft Corporation" - C:\WINDOWS\system32\advapi32.dll (File signed by Microsoft) "comdlg32" - "Microsoft Corporation" - C:\WINDOWS\system32\comdlg32.dll (File signed by Microsoft) "gdi32" - "Microsoft Corporation" - C:\WINDOWS\system32\gdi32.dll (File signed by Microsoft) "imagehlp" - "Microsoft Corporation" - C:\WINDOWS\system32\imagehlp.dll (File signed by Microsoft) "kernel32" - "Microsoft Corporation" - C:\WINDOWS\system32\kernel32.dll (File signed by Microsoft) "lz32" - "Microsoft Corporation" - C:\WINDOWS\system32\lz32.dll (File signed by Microsoft) "ole32" - "Microsoft Corporation" - C:\WINDOWS\system32\ole32.dll (File signed by Microsoft) "olecli32" - "Microsoft Corporation" - C:\WINDOWS\system32\olecli32.dll (File signed by Microsoft) "olecnv32" - "Microsoft Corporation" - C:\WINDOWS\system32\olecnv32.dll (File signed by Microsoft) "olesvr32" - "Microsoft Corporation" - C:\WINDOWS\system32\olesvr32.dll (File signed by Microsoft) "olethk32" - "Microsoft Corporation" - C:\WINDOWS\system32\olethk32.dll (File signed by Microsoft) "rpcrt4" - "Microsoft Corporation" - C:\WINDOWS\system32\rpcrt4.dll (File signed by Microsoft) "shell32" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll (File signed by Microsoft) "url" - "Microsoft Corporation" - C:\WINDOWS\system32\url.dll (File signed by Microsoft) "urlmon" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) "user32" - "Microsoft Corporation" - C:\WINDOWS\system32\user32.dll (File signed by Microsoft) "version" - "Microsoft Corporation" - C:\WINDOWS\system32\version.dll (File signed by Microsoft) "wininet" - "Microsoft Corporation" - C:\WINDOWS\system32\wininet.dll (File signed by Microsoft) "wldap32" - "Microsoft Corporation" - C:\WINDOWS\system32\wldap32.dll (File signed by Microsoft) [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Authentication packages" - "Microsoft Corporation" - C:\WINDOWS\System32\msv1_0.dll (File signed by Microsoft) "Notification packages" - "Microsoft Corporation" - C:\WINDOWS\System32\scecli.dll (File signed by Microsoft) "Security Packages" - "Microsoft Corporation" - C:\WINDOWS\System32\kerberos.dll (File signed by Microsoft) "Security Packages" - "Microsoft Corporation" - C:\WINDOWS\System32\msv1_0.dll (File signed by Microsoft) "Security Packages" - "Microsoft Corporation" - C:\WINDOWS\System32\schannel.dll (File signed by Microsoft) "Security Packages" - "Microsoft Corporation" - C:\WINDOWS\System32\wdigest.dll (File signed by Microsoft) -----( HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders )----- "SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\System32\msapsspc.dll (File signed by Microsoft) "SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\System32\schannel.dll (File signed by Microsoft) "SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\System32\digest.dll (File signed by Microsoft) "SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\System32\msnsspc.dll (File signed by Microsoft) [Logon] -----( %AllUsersProfile%\Start Menu\Programs\Startup )----- "Adobe Reader Speed Launch.lnk" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Shortcut exists | File exists) "Adobe Reader Synchronizer.lnk" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe (Shortcut exists | File exists) "HyperSnap-DX 5" - "Hyperionics Technology LLC" - J:\HyperSnap-DX\HyperSnap-DX\HyperSnap-DX\HprSnap5.exe (Shortcut exists | File exists) "SnagIt 8.lnk" - "TechSmith Corporation" - J:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe (Shortcut exists | File exists) -----( %UserProfile%\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Documents and Settings\test\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run )----- -----( HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce )----- -----( HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx )----- -----( HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows )----- -----( HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run )----- -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System )----- -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "MSMSGS" - "Microsoft Corporation" - "C:\Program Files\Messenger\msmsgs.exe" /background (File signed by Microsoft) "MyWebSearch Email Plugin" - "MyWebSearch.com" - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe "MyWebSearch Plugin" - "MyWebSearch.com" - rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF "ctfmon.exe" - "Microsoft Corporation" - C:\WINDOWS\System32\ctfmon.exe (File signed by Microsoft) "swg" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )----- -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices )----- -----( HKCU\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Logoff )----- -----( HKCU\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Logon )----- -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run )----- -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce )----- -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx )----- -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "Shell" - "Microsoft Corporation" - C:\WINDOWS\Explorer.exe (File signed by Microsoft) "Userinit" - "Microsoft Corporation" - C:\WINDOWS\SYSTEM32\Userinit.exe (File signed by Microsoft) -----( HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run )----- -----( HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System )----- -----( HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown )----- -----( HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup )----- -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - "Microsoft Corporation" - C:\WINDOWS\System32\rdpclip.exe (File signed by Microsoft) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Status" - "VMware, Inc." - C:\Program Files\VMware\VMware Tools\VMwareTray.exe "DAEMON Tools-1033" - "DAEMON'S HOME" - "C:\Program Files\D-Tools\daemon.exe" -lang 1033 "JeticoPFStartup" - "Jetico, Inc." - "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe" "KernelFaultCheck" - "Microsoft Corporation" - %systemroot%\system32\dumprep 0 -k (File signed by Microsoft) "MAgent" - "Mail.Ru" - C:\Program Files\Mail.Ru\Agent\MAgent.exe -LM "My Web Search Bar" - "MyWebSearch.com" - rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S "QuickTime Task" - "Apple Computer, Inc." - "J:\Program Files\QuickTime\qttask.exe" -atboottime "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "UnlockerAssistant" - ? - "J:\Program Files\Unlocker\UnlockerAssistant.exe" (File found, but can't get any details) "VMware Tools" - "VMware, Inc." - C:\Program Files\VMware\VMware Tools\VMwareTray.exe "VMware User Process" - "VMware, Inc." - C:\Program Files\VMware\VMware Tools\VMwareUser.exe "iTunesHelper" - "Apple Computer, Inc." - "J:\Program Files\iTunes\iTunesHelper.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )----- -----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx )----- -----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices )----- -----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce )----- [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Microsoft Terminal Services" - "Microsoft Corporation" - C:\WINDOWS\System32\drprov.dll (File signed by Microsoft) "Microsoft Windows Network" - "Microsoft Corporation" - C:\WINDOWS\System32\ntlanman.dll (File signed by Microsoft) "VMware Shared Folders" - "VMware, Inc." - C:\WINDOWS\System32\hgfs.dll "Web Client Network" - "Microsoft Corporation" - C:\WINDOWS\System32\davclnt.dll (File signed by Microsoft) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe "Application Layer Gateway Service" (ALG) - "Microsoft Corporation" - C:\WINDOWS\System32\alg.exe (File signed by Microsoft) "Automatic Updates" (wuauserv) - "Microsoft Corporation" - C:\WINDOWS\System32\wuauserv.dll (File signed by Microsoft) "Background Intelligent Transfer Service" (BITS) - "Microsoft Corporation" - C:\WINDOWS\System32\qmgr.dll (File signed by Microsoft) "Bonjour Service" (Bonjour Service) - "Apple Computer, Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "COM+ Event System" (EventSystem) - "Microsoft Corporation" - C:\WINDOWS\System32\es.dll (File signed by Microsoft) "COM+ System Application" (COMSysApp) - "Microsoft Corporation" - C:\WINDOWS\System32\dllhost.exe (File signed by Microsoft) "ClipBook" (ClipSrv) - "Microsoft Corporation" - C:\WINDOWS\system32\clipsrv.exe (File signed by Microsoft) "Computer Browser" (Browser) - "Microsoft Corporation" - C:\WINDOWS\System32\browser.dll (File signed by Microsoft) "Cryptographic Services" (CryptSvc) - "Microsoft Corporation" - C:\WINDOWS\System32\cryptsvc.dll (File signed by Microsoft) "DHCP Client" (Dhcp) - "Microsoft Corporation" - C:\WINDOWS\System32\dhcpcsvc.dll (File signed by Microsoft) "DNS Client" (Dnscache) - "Microsoft Corporation" - C:\WINDOWS\System32\dnsrslvr.dll (File signed by Microsoft) "Distributed Link Tracking Client" (TrkWks) - "Microsoft Corporation" - C:\WINDOWS\system32\trkwks.dll (File signed by Microsoft) "Distributed Transaction Coordinator" (MSDTC) - "Microsoft Corporation" - C:\WINDOWS\System32\msdtc.exe (File signed by Microsoft) "Error Reporting Service" (ERSvc) - "Microsoft Corporation" - C:\WINDOWS\System32\ersvc.dll (File signed by Microsoft) "Event Log" (Eventlog) - "Microsoft Corporation" - C:\WINDOWS\system32\services.exe (File signed by Microsoft) "Fast User Switching Compatibility" (FastUserSwitchingCompatibility) - "Microsoft Corporation" - C:\WINDOWS\System32\shsvcs.dll (File signed by Microsoft) "Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "GoogleDesktopManager" (GoogleDesktopManager) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "HXD Service 100" (HackerDefender100) - ? - C:\hxdef100.exe (Hidden registry record, rootkit activity | File found, but can't get any details) "Help and Support" (helpsvc) - "Microsoft Corporation" - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (File signed by Microsoft) "IMAPI CD-Burning COM Service" (ImapiService) - "Microsoft Corporation" - C:\WINDOWS\System32\imapi.exe (File signed by Microsoft) "IPSEC Services" (PolicyAgent) - "Microsoft Corporation" - C:\WINDOWS\System32\lsass.exe (File signed by Microsoft) "Indexing Service" (CiSvc) - "Microsoft Corporation" - C:\WINDOWS\system32\cisvc.exe (File signed by Microsoft) "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)" (SharedAccess) - "Microsoft Corporation" - C:\WINDOWS\System32\ipnathlp.dll (File signed by Microsoft) "Logical Disk Manager" (dmserver) - "Microsoft Corp." - C:\WINDOWS\System32\dmserver.dll (File signed by Microsoft) "Logical Disk Manager Administrative Service" (dmadmin) - "Microsoft Corp., Veritas Software" - C:\WINDOWS\System32\dmadmin.exe (File signed by Microsoft) "MS Software Shadow Copy Provider" (SwPrv) - "Microsoft Corporation" - C:\WINDOWS\System32\dllhost.exe (File signed by Microsoft) "Messenger" (Messenger) - "Microsoft Corporation" - C:\WINDOWS\System32\msgsvc.dll (File signed by Microsoft) "My Web Search Service" (MyWebSearchService) - "MyWebSearch.com" - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe "NT LM Security Support Provider" (NtLmSsp) - "Microsoft Corporation" - C:\WINDOWS\System32\lsass.exe (File signed by Microsoft) "Net Logon" (Netlogon) - "Microsoft Corporation" - C:\WINDOWS\System32\lsass.exe (File signed by Microsoft) "NetMeeting Remote Desktop Sharing" (mnmsrvc) - "Microsoft Corporation" - C:\WINDOWS\System32\mnmsrvc.exe (File signed by Microsoft) "Network Connections" (Netman) - "Microsoft Corporation" - C:\WINDOWS\System32\netman.dll (File signed by Microsoft) "Network DDE" (NetDDE) - "Microsoft Corporation" - C:\WINDOWS\system32\netdde.exe (File signed by Microsoft) "Network DDE DSDM" (NetDDEdsdm) - "Microsoft Corporation" - C:\WINDOWS\system32\netdde.exe (File signed by Microsoft) "Network Location Awareness (NLA)" (Nla) - "Microsoft Corporation" - C:\WINDOWS\System32\mswsock.dll (File signed by Microsoft) "OSPD Service" (ASService) - "Online Solutions" - C:\OSPD\ASService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Performance Logs and Alerts" (SysmonLog) - "Microsoft Corporation" - C:\WINDOWS\system32\smlogsvc.exe (File signed by Microsoft) "Plug and Play" (PlugPlay) - "Microsoft Corporation" - C:\WINDOWS\system32\services.exe (File signed by Microsoft) "Portable Media Serial Number" (WmdmPmSp) - "Microsoft Corporation" - C:\WINDOWS\System32\mspmspsv.dll (File signed by Microsoft) "Print Spooler" (Spooler) - "Microsoft Corporation" - C:\WINDOWS\system32\spoolsv.exe (File signed by Microsoft) "Protected Storage" (ProtectedStorage) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe (File signed by Microsoft) "QoS RSVP" (RSVP) - "Microsoft Corporation" - C:\WINDOWS\System32\rsvp.exe (File signed by Microsoft) "Remote Access Auto Connection Manager" (RasAuto) - "Microsoft Corporation" - C:\WINDOWS\System32\rasauto.dll (File signed by Microsoft) "Remote Access Connection Manager" (RasMan) - "Microsoft Corporation" - C:\WINDOWS\System32\rasmans.dll (File signed by Microsoft) "Remote Desktop Help Session Manager" (RDSessMgr) - "Microsoft Corporation" - C:\WINDOWS\system32\sessmgr.exe (File signed by Microsoft) "Remote Procedure Call (RPC)" (RpcSs) - "Microsoft Corporation" - C:\WINDOWS\system32\rpcss.dll (File signed by Microsoft) "Remote Procedure Call (RPC) Locator" (RpcLocator) - "Microsoft Corporation" - C:\WINDOWS\System32\locator.exe (File signed by Microsoft) "Removable Storage" (NtmsSvc) - "Microsoft Corporation" - C:\WINDOWS\system32\ntmssvc.dll (File signed by Microsoft) "Routing and Remote Access" (RemoteAccess) - "Microsoft Corporation" - C:\WINDOWS\System32\mprdim.dll (File signed by Microsoft) "SSDP Discovery Service" (SSDPSRV) - "Microsoft Corporation" - C:\WINDOWS\System32\ssdpsrv.dll (File signed by Microsoft) "Secondary Logon" (seclogon) - "Microsoft Corporation" - C:\WINDOWS\System32\seclogon.dll (File signed by Microsoft) "Security Accounts Manager" (SamSs) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe (File signed by Microsoft) "Server" (lanmanserver) - "Microsoft Corporation" - C:\WINDOWS\System32\srvsvc.dll (File signed by Microsoft) "Shell Hardware Detection" (ShellHWDetection) - "Microsoft Corporation" - C:\WINDOWS\System32\shsvcs.dll (File signed by Microsoft) "Smart Card" (SCardSvr) - "Microsoft Corporation" - C:\WINDOWS\System32\SCardSvr.exe (File signed by Microsoft) "Smart Card Helper" (SCardDrv) - "Microsoft Corporation" - C:\WINDOWS\System32\SCardSvr.exe (File signed by Microsoft) "System Event Notification" (SENS) - "Microsoft Corporation" - C:\WINDOWS\system32\sens.dll (File signed by Microsoft) "System Restore Service" (srservice) - "Microsoft Corporation" - C:\WINDOWS\System32\srsvc.dll (File signed by Microsoft) "TCP/IP NetBIOS Helper" (LmHosts) - "Microsoft Corporation" - C:\WINDOWS\System32\lmhsvc.dll (File signed by Microsoft) "TP AutoConnect Service" (TPAutoConnSvc) - "ThinPrint GmbH" - C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe "Task Scheduler" (Schedule) - "Microsoft Corporation" - C:\WINDOWS\system32\schedsvc.dll (File signed by Microsoft) "Telephony" (TapiSrv) - "Microsoft Corporation" - C:\WINDOWS\System32\tapisrv.dll (File signed by Microsoft) "Terminal Services" (TermService) - "Microsoft Corporation" - C:\WINDOWS\System32\termsrv.dll (File signed by Microsoft) "Themes" (Themes) - "Microsoft Corporation" - C:\WINDOWS\System32\shsvcs.dll (File signed by Microsoft) "Uninterruptible Power Supply" (UPS) - "Microsoft Corporation" - C:\WINDOWS\System32\ups.exe (File signed by Microsoft) "Universal Plug and Play Device Host" (upnphost) - "Microsoft Corporation" - C:\WINDOWS\System32\upnphost.dll (File signed by Microsoft) "Upload Manager" (uploadmgr) - "Microsoft Corporation" - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (File signed by Microsoft) "VMware Tools Service" (VMTools) - "VMware, Inc." - C:\Program Files\VMware\VMware Tools\VMwareService.exe "Volume Shadow Copy" (VSS) - "Microsoft Corporation" - C:\WINDOWS\System32\vssvc.exe (File signed by Microsoft) "WMI Performance Adapter" (WmiApSrv) - "Microsoft Corporation" - C:\WINDOWS\System32\wbem\wmiapsrv.exe (File signed by Microsoft) "WebClient" (WebClient) - "Microsoft Corporation" - C:\WINDOWS\System32\webclnt.dll (File signed by Microsoft) "Windows Audio" (AudioSrv) - "Microsoft Corporation" - C:\WINDOWS\System32\audiosrv.dll (File signed by Microsoft) "Windows Image Acquisition (WIA)" (stisvc) - "Microsoft Corporation" - C:\WINDOWS\system32\wiaservc.dll (File signed by Microsoft) "Windows Installer" (MSIServer) - "Microsoft Corporation" - C:\WINDOWS\System32\msiexec.exe (File signed by Microsoft) "Windows Management Instrumentation" (winmgmt) - "Microsoft Corporation" - C:\WINDOWS\system32\wbem\WMIsvc.dll (File signed by Microsoft) "Windows Time" (W32Time) - "Microsoft Corporation" - C:\WINDOWS\System32\w32time.dll (File signed by Microsoft) "Wireless Zero Configuration" (WZCSVC) - "Microsoft Corporation" - C:\WINDOWS\System32\wzcsvc.dll (File signed by Microsoft) "Workstation" (lanmanworkstation) - "Microsoft Corporation" - C:\WINDOWS\System32\wkssvc.dll (File signed by Microsoft) "iPodService" (iPodService) - "Apple Computer, Inc." - C:\Program Files\iPod\bin\iPodService.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - "Microsoft Corporation" - C:\WINDOWS\System32\logon.scr (File signed by Microsoft) -----( HKCU\Control Panel\IOProcs )----- -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "UIHost" - "Microsoft Corporation" - C:\WINDOWS\System32\logonui.exe (File signed by Microsoft) "VmApplet" - "Microsoft Corporation" - C:\WINDOWS\System32\sysdm.cpl (File signed by Microsoft) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- GPExtensions "EFS recovery" - "Microsoft Corporation" - C:\WINDOWS\System32\scecli.dll (File signed by Microsoft) GPExtensions "Internet Explorer Branding" - "Microsoft Corporation" - C:\WINDOWS\System32\iedkcs32.dll (File signed by Microsoft) GPExtensions "Microsoft Disk Quota" - "Microsoft Corporation" - C:\WINDOWS\System32\dskquota.dll (File signed by Microsoft) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "SensLogn" - "Microsoft Corporation" - C:\WINDOWS\System32\WlNotify.dll (File signed by Microsoft) "TPSvc" - "ThinPrint GmbH" - C:\WINDOWS\System32\TPSvc.dll "crypt32chain" - "Microsoft Corporation" - C:\WINDOWS\System32\crypt32.dll (File signed by Microsoft) "cryptnet" - "Microsoft Corporation" - C:\WINDOWS\System32\cryptnet.dll (File signed by Microsoft) "cscdll" - "Microsoft Corporation" - C:\WINDOWS\System32\cscdll.dll (File signed by Microsoft) "sclgntfy" - "Microsoft Corporation" - C:\WINDOWS\System32\sclgntfy.dll (File signed by Microsoft) "termsrv" - "Microsoft Corporation" - C:\WINDOWS\System32\wlnotify.dll (File signed by Microsoft) "wlballoon" - "Microsoft Corporation" - C:\WINDOWS\System32\wlnotify.dll (File signed by Microsoft) -----( HKLM\System\CurrentControlSet\Control\BootVerificationProgram )----- [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "NTDS" - "Microsoft Corporation" - C:\WINDOWS\System32\winrnr.dll (File signed by Microsoft) "Network Location Awareness (NLA) Namespace" - "Microsoft Corporation" - C:\WINDOWS\System32\mswsock.dll (File signed by Microsoft) "Tcpip" - "Microsoft Corporation" - C:\WINDOWS\System32\mswsock.dll (File signed by Microsoft) "mdnsNSP" - "Apple Computer, Inc." - C:\Program Files\Bonjour\mdnsNSP.dll -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "MSAFD NetBIOS [\Device\NetBT_Tcpip_{0363346A-D22C-4472-9603-2D6FCD3E48E9}] DATAGRAM 3" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{0363346A-D22C-4472-9603-2D6FCD3E48E9}] SEQPACKET 3" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{1D70D70E-F0E8-40A9-A3FB-21BC0132A6EA}] DATAGRAM 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{1D70D70E-F0E8-40A9-A3FB-21BC0132A6EA}] SEQPACKET 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{2E2C5E79-EFC4-4BEF-9819-CF0F9B113F38}] DATAGRAM 0" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{2E2C5E79-EFC4-4BEF-9819-CF0F9B113F38}] SEQPACKET 0" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{3D2FB305-D71A-48B5-B40F-FCE33AFDEA94}] DATAGRAM 2" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{3D2FB305-D71A-48B5-B40F-FCE33AFDEA94}] SEQPACKET 2" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{D7B85B5C-CDEF-466A-9588-E02430F14D55}] DATAGRAM 4" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{D7B85B5C-CDEF-466A-9588-E02430F14D55}] SEQPACKET 4" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD Tcpip [RAW/IP]" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD Tcpip [TCP/IP]" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD Tcpip [UDP/IP]" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "RSVP TCP Service Provider" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "RSVP UDP Service Provider" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit http://forum.online-solutions.ru