Stupid trusted Zone Problem. STILL pxhping.exe

eviltone · 2004/11/17

I have the trusted zone problem, and have deleted the files listed previously.

i also know where it came from. it was in some sort of java infection i believe.

NOD32 Log
------------------
Time Module Object Name Virus Action User Info
11/16/2004 22:40:07 PM IMON file http://www.fastsearchweb.com/counter/winxp/java2/BlackBox.class Java/ClassLoader.E trojan connection terminated EVILLAPTOP1\evilotne
11/16/2004 22:40:00 PM IMON file http://www.fastsearchweb.com/counter/winxp/GetAccess.class Java/Exploit.Bytverify.F trojan quarantined - connection terminated EVILLAPTOP1\evilotne
11/16/2004 22:39:53 PM IMON archive http://www.fastsearchweb.com/counter/winxp/java2/demo.jar multiple infiltrations quarantined - connection terminated EVILLAPTOP1\evilotne
11/16/2004 22:39:43 PM IMON archive http://www.fastsearchweb.com/counter/winxp/classload.jar multiple infiltrations quarantined - connection terminated EVILLAPTOP1\evilotne
11/16/2004 22:39:35 PM IMON file http://www.fastsearchweb.com//counter//winxp//EXPLOIT.CHM VBS/TrojanDownloader.Psyme.Q trojan quarantined - connection terminated EVILLAPTOP1\evilotne
----------------

i thought NOD had stopped an infection, but it looks like it did not.

so here is my Hijack this log
---------------------------------
Logfile of HijackThis v1.98.2
Scan saved at 09:17:52 PM, on 11/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NETGEAR\WAG511 Configuration Utility\wlancfg3.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\pxhping.exe
C:\fixme\hijackthis\HijackThis.exe

O1 - Hosts: connect.online-dialer.com 127.0.0.1
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe "
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: NETGEAR WAG511 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: http://*.63.219.181.7
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} -

-------------------------------
pv - explorer dll's
Module information for 'Explorer.EXE'
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1015808 C:\WINDOWS\Explorer.EXE 6.00.2800.1106 (xpsp1.020828-1920) Windows Explorer
ntdll.dll 77f50000 684032 C:\WINDOWS\System32\ntdll.dll 5.1.2600.1106 (xpsp1.020828-1920) NT Layer DLL
kernel32.dll 77e60000 942080 C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT BASE API Client DLL
msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL
ADVAPI32.dll 77dd0000 577536 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Advanced Windows 32 Base API
RPCRT4.dll 78000000 552960 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1361 (xpsp2.040109-1800) Remote Procedure Call Runtime
GDI32.dll 7e090000 266240 C:\WINDOWS\system32\GDI32.dll 5.1.2600.1346 (xpsp2.040109-1800) GDI Client DLL
USER32.dll 77d40000 573440 C:\WINDOWS\system32\USER32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows XP USER API Client DLL
SHLWAPI.dll 70a70000 409600 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Light-weight Utility Library
SHELL32.dll 773d0000 8351744 C:\WINDOWS\system32\SHELL32.dll 6.00.2800.1106 (xpsp1.020828-1920) Windows Shell Common Dll
ole32.dll 771b0000 1196032 C:\WINDOWS\system32\ole32.dll 5.1.2600.1362 (xpsp2.040109-1800) Microsoft OLE for Windows
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems
BROWSEUI.dll 75f80000 1032192 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser UI Library
SHDOCVW.dll 769c0000 1351680 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Doc Object and Control Library
UxTheme.dll 5ad70000 212992 C:\WINDOWS\System32\UxTheme.dll 6.00.2800.1106 (xpsp1.020828-1920) Microsoft UxTheme Library
comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library
comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp1.020828-1920) Common Controls Library
appHelp.dll 75f40000 126976 C:\WINDOWS\system32\appHelp.dll 5.1.2600.1106 (xpsp1.020828-1920) Application Compatibility Client Library
CLBCATQ.DLL 7c890000 528384 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.53
COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries
cscui.dll 76620000 319488 C:\WINDOWS\System32\cscui.dll 5.1.2600.1106 (xpsp1.020828-1920) Client Side Caching UI
CSCDLL.dll 76600000 110592 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-1148) Offline Network Agent
themeui.dll 559e0000 462848 C:\WINDOWS\System32\themeui.dll 6.00.2800.1106 (xpsp1.020828-1920) Windows Theme API
Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface
MSIMG32.dll 76380000 20480 C:\WINDOWS\System32\MSIMG32.dll 5.1.2600.1106 (xpsp1.020828-1920) GDIEXT Client DLL
USERENV.dll 75a70000 675840 C:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 (xpsp1.020828-1920) Userenv
netapi32.dll 71c20000 319488 C:\WINDOWS\System32\netapi32.dll 5.1.2600.1343 (xpsp2.040109-1800) Net Win32 API DLL
LINKINFO.dll 76980000 28672 C:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-1148) Windows Volume Tracking
ntshrui.dll 76990000 147456 C:\WINDOWS\System32\ntshrui.dll 5.1.2600.1106 (xpsp1.020828-1920) Shell extensions for sharing
ATL.DLL 76b20000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)
SETUPAPI.dll 76670000 946176 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Setup API
urlmon.dll 760f0000 499712 C:\WINDOWS\system32\urlmon.dll 6.00.2800.1106 (xpsp1.020828-1920) OLE32 Extensions for Win32
msi.dll 14a0000 2101248 C:\WINDOWS\System32\msi.dll 2.0.2600.1106 Windows Installer
NETSHELL.dll 75cf0000 1642496 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.1106 (xpsp1.020828-1920) Network Connections Shell
credui.dll 76c00000 184320 C:\WINDOWS\system32\credui.dll 5.1.2600.1106 (xpsp1.020828-1920) Credential Manager User Interface
WS2_32.dll 71ab0000 86016 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 Helper for Windows NT
iphlpapi.dll 76d60000 94208 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2 (xpsp1.020828-1920) IP Helper API
WINTRUST.dll 76c30000 176128 C:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 (xpclient.010817-1148) Microsoft Trust Verification APIs
CRYPT32.dll 762c0000 569344 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1106 (xpsp1.020828-1920) Crypto API32
MSASN1.dll 762a0000 65536 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.1362 (xpsp2.040109-1800) ASN.1 Runtime APIs
IMAGEHLP.dll 76c90000 139264 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT Image Helper
rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll 5.1.2600.1029 (xpsp1.020426-1800) Microsoft Base Cryptographic Provider
WINSTA.dll 76360000 61440 C:\WINDOWS\System32\WINSTA.dll 5.1.2600.1106 (xpsp1.020828-1920) Winstation Library
webcheck.dll 74b30000 266240 C:\WINDOWS\System32\webcheck.dll 6.00.2800.1106 (xpsp1.020828-1920) Web Site Monitor
MSCTF.dll 74720000 278528 C:\WINDOWS\System32\MSCTF.dll 5.1.2600.1106 (xpsp1.020828-1920) MSCTF Server DLL
stobject.dll 74b00000 131072 C:\WINDOWS\System32\stobject.dll 5.1.2600.1106 (xpsp1.020828-1920) Systray shell service object
BatMeter.dll 74af0000 36864 C:\WINDOWS\System32\BatMeter.dll 6.00.2600.0000 (xpclient.010817-1148) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 28672 C:\WINDOWS\System32\POWRPROF.dll 6.00.2600.0000 (xpclient.010817-1148) Power Profile Helper DLL
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\System32\WTSAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Terminal Server SDK APIs
WINMM.dll 76b40000 180224 C:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 (xpsp1.020828-1920) MCI API DLL
wdmaud.drv 72d20000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
MSACM32.dll 77be0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft ACM Audio Filter
midimap.dll 77bd0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI Mapper
mslbui.dll 605d0000 32768 C:\WINDOWS\System32\mslbui.dll 5.1.2600.1106 (xpsp1.020828-1920) LangageBar Add In
printui.dll 74b80000 532480 C:\WINDOWS\System32\printui.dll 5.1.2600.1106 (xpsp1.020828-1920) Print UI DLL
WINSPOOL.DRV 73000000 143360 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.1106 (xpsp1.020828-1920) Windows Spooler Driver
ACTIVEDS.dll 76e40000 192512 C:\WINDOWS\System32\ACTIVEDS.dll 5.1.2600.0 (xpclient.010817-1148) ADs Router Layer DLL
adsldpc.dll 76e10000 151552 C:\WINDOWS\System32\adsldpc.dll 5.1.2600.1106 (xpsp1.020828-1920) ADs LDAP Provider C DLL
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) Win32 LDAP API DLL
CFGMGR32.dll 74ae0000 28672 C:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 (xpclient.010817-1148) Configuration Manager Forwarder DLL
MPR.dll 71b20000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) Multiple Provider Router DLL
drprov.dll 75f60000 24576 C:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 53248 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Lan Manager
NETUI0.dll 71cd0000 90112 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 245760 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 24576 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-1148) Net Remote Admin Protocol DLL
SAMLIB.dll 71bf0000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 (xpsp1.020828-1920) SAM Library DLL
davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-1148) Web DAV Client DLL
SXS.DLL 75e90000 684032 C:\WINDOWS\System32\SXS.DLL 5.1.2600.1106 (xpsp1.020828-1920) Fusion 2.5
browselc.dll 72430000 73728 C:\WINDOWS\System32\browselc.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser UI Library
WININET.dll 76200000 622592 C:\WINDOWS\system32\WININET.dll 6.00.2800.1106 (xpsp1.020828-1920) Internet Extensions for Win32
msacmx.dll 10000000 937984 C:\WINDOWS\System32\msacmx.dll
DUSER.dll 6c1b0000 278528 C:\WINDOWS\System32\DUSER.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows DirectUser Engine
MSGINA.dll 75970000 991232 C:\WINDOWS\System32\MSGINA.dll 5.1.2600.1343 (xpsp2.040109-1800) Windows NT Logon GINA DLL
ODBC32.dll 1f7b0000 200704 C:\WINDOWS\System32\ODBC32.dll 3.520.9030.0 Microsoft Data Access - ODBC Driver Manager
comdlg32.dll 763b0000 282624 C:\WINDOWS\system32\comdlg32.dll 6.00.2800.1106 (xpsp1.020828-1920) Common Dialogs DLL
odbcint.dll 1f850000 90112 C:\WINDOWS\System32\odbcint.dll 3.520.7713.0 Microsoft Data Access - ODBC Resources
shdoclc.dll 76170000 557056 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Doc Object and Control Library
msohev.dll 325c0000 73728 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 11.0.5510 Microsoft Office 2003 component
asfsipc.dll 70eb0000 28672 C:\WINDOWS\System32\asfsipc.dll 1.1.00.3917 ASFSipc Object
MSISIP.DLL 605f0000 53248 C:\WINDOWS\System32\MSISIP.DLL 2.0.2600.0 MSI Signature SIP Provider
wshext.dll 74ea0000 65536 C:\WINDOWS\System32\wshext.dll 5.6.0.6626 Microsoft (r) Shell Extension for Windows Script Host
MCPS.DLL 36d30000 102400 C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL 11.0.5510 Media Catalog Proxy/Stub
-----------------------------------------------------------

To be continued........................

eviltone · 2004/11/17

internet explorer pv log
------------

Module information for 'iexplore.exe'
MODULE BASE SIZE PATH
iexplore.exe 400000 102400 C:\Program Files\Internet Explorer\iexplore.exe 6.00.2800.1106 (xpsp1.020828-1920) Internet Explorer
ntdll.dll 77f50000 684032 C:\WINDOWS\System32\ntdll.dll 5.1.2600.1106 (xpsp1.020828-1920) NT Layer DLL
kernel32.dll 77e60000 942080 C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT BASE API Client DLL
msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL
USER32.dll 77d40000 573440 C:\WINDOWS\system32\USER32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows XP USER API Client DLL
GDI32.dll 7e090000 266240 C:\WINDOWS\system32\GDI32.dll 5.1.2600.1346 (xpsp2.040109-1800) GDI Client DLL
ADVAPI32.dll 77dd0000 577536 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Advanced Windows 32 Base API
RPCRT4.dll 78000000 552960 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1361 (xpsp2.040109-1800) Remote Procedure Call Runtime
SHLWAPI.dll 70a70000 409600 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Light-weight Utility Library
SHDOCVW.dll 769c0000 1351680 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Doc Object and Control Library
comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library
SHELL32.dll 773d0000 8351744 C:\WINDOWS\system32\SHELL32.dll 6.00.2800.1106 (xpsp1.020828-1920) Windows Shell Common Dll
comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp1.020828-1920) Common Controls Library
ole32.dll 771b0000 1196032 C:\WINDOWS\system32\ole32.dll 5.1.2600.1362 (xpsp2.040109-1800) Microsoft OLE for Windows
uxtheme.dll 5ad70000 212992 C:\WINDOWS\System32\uxtheme.dll 6.00.2800.1106 (xpsp1.020828-1920) Microsoft UxTheme Library
MSCTF.dll 74720000 278528 C:\WINDOWS\System32\MSCTF.dll 5.1.2600.1106 (xpsp1.020828-1920) MSCTF Server DLL
BROWSEUI.dll 75f80000 1032192 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser UI Library
browselc.dll 72430000 73728 C:\WINDOWS\System32\browselc.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser UI Library
appHelp.dll 75f40000 126976 C:\WINDOWS\system32\appHelp.dll 5.1.2600.1106 (xpsp1.020828-1920) Application Compatibility Client Library
CLBCATQ.DLL 7c890000 528384 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.53
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems
COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries
WININET.dll 76200000 622592 C:\WINDOWS\system32\WININET.dll 6.00.2800.1106 (xpsp1.020828-1920) Internet Extensions for Win32
CRYPT32.dll 762c0000 569344 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1106 (xpsp1.020828-1920) Crypto API32
MSASN1.dll 762a0000 65536 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.1362 (xpsp2.040109-1800) ASN.1 Runtime APIs
Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface
SETUPAPI.dll 76670000 946176 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Setup API
cscui.dll 76620000 319488 C:\WINDOWS\System32\cscui.dll 5.1.2600.1106 (xpsp1.020828-1920) Client Side Caching UI
CSCDLL.dll 76600000 110592 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-1148) Offline Network Agent
msacmx.dll 10000000 937984 C:\WINDOWS\System32\msacmx.dll
urlmon.dll 760f0000 499712 C:\WINDOWS\system32\urlmon.dll 6.00.2800.1106 (xpsp1.020828-1920) OLE32 Extensions for Win32
shdoclc.dll 76170000 557056 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Doc Object and Control Library
mlang.dll 74770000 585728 C:\WINDOWS\System32\mlang.dll 6.00.2600.0000 (xpclient.010817-1148) Multi Language Support DLL
wsock32.dll 71ad0000 32768 C:\WINDOWS\System32\wsock32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 32-Bit DLL
WS2_32.dll 71ab0000 86016 C:\WINDOWS\System32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\System32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 Helper for Windows NT
RASAPI32.DLL 76ee0000 225280 C:\WINDOWS\System32\RASAPI32.DLL 5.1.2600.1106 (xpsp1.020828-1920) Remote Access API
rasman.dll 76e90000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access Connection Manager
NETAPI32.dll 71c20000 319488 C:\WINDOWS\System32\NETAPI32.dll 5.1.2600.1343 (xpsp2.040109-1800) Net Win32 API DLL
TAPI32.dll 76eb0000 176128 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Windows(TM) Telephony API Client DLL
rtutils.dll 76e80000 53248 C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities
WINMM.dll 76b40000 180224 C:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 (xpsp1.020828-1920) MCI API DLL
imon.dll 20b00000 258048 C:\WINDOWS\System32\imon.dll
NTMARTA.DLL 76ce0000 126976 C:\WINDOWS\System32\NTMARTA.DLL 5.1.2600.1106 (xpsp1.020828-1920) Windows NT MARTA provider
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) Win32 LDAP API DLL
SAMLIB.dll 71bf0000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 (xpsp1.020828-1920) SAM Library DLL
mswsock.dll 71a50000 241664 C:\WINDOWS\system32\mswsock.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Windows Sockets 2.0 Service Provider
rsvpsp.dll 73080000 114688 C:\WINDOWS\system32\rsvpsp.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Windows Rsvp 1.0 Service Provider
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.0 (xpclient.010817-1148) Windows Sockets Helper DLL
sensapi.dll 722b0000 20480 C:\WINDOWS\System32\sensapi.dll 5.1.2600.1106 (xpsp1.020828-1920) SENS Connectivity API DLL
SXS.DLL 75e90000 684032 C:\WINDOWS\System32\SXS.DLL 5.1.2600.1106 (xpsp1.020828-1920) Fusion 2.5
USERENV.dll 75a70000 675840 C:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 (xpsp1.020828-1920) Userenv
mslbui.dll 605d0000 32768 C:\WINDOWS\System32\mslbui.dll 5.1.2600.1106 (xpsp1.020828-1920) LangageBar Add In
DNSAPI.dll 76f20000 151552 C:\WINDOWS\System32\DNSAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) DNS Client API DLL
winrnr.dll 76fb0000 28672 C:\WINDOWS\System32\winrnr.dll 5.1.2600.0 (xpclient.010817-1148) LDAP RnR Provider DLL
rasadhlp.dll 76fc0000 20480 C:\WINDOWS\System32\rasadhlp.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access AutoDial Helper
winsrv32.dll 2610000 921600 C:\WINDOWS\System32\winsrv32.dll
mshtml.dll 74810000 2846720 C:\WINDOWS\System32\mshtml.dll 6.00.2800.1106 (xpsp1.020828-1920) Microsoft (R) HTML Viewer
d3dxov.dll 2d20000 888832 C:\WINDOWS\System32\d3dxov.dll
msimtf.dll 746f0000 155648 C:\WINDOWS\System32\msimtf.dll 5.1.2600.1106 (xpsp1.020828-1920) Active IMM Server DLL
sptip.dll 5c2c0000 245760 C:\WINDOWS\ime\sptip.dll 5.1.2600.1106 (xpsp1.020828-1920) SAPI5.0/CTF layer DLL
OLEACC.dll 74c80000 180224 C:\WINDOWS\System32\OLEACC.dll 4.2.5406.0 (xpclient.010817-1148) Active Accessibility Core Component
MSVCP60.dll 55900000 397312 C:\WINDOWS\System32\MSVCP60.dll 6.00.8972.0 Microsoft (R) C++ Runtime Library
SPGRMR.DLL 2f00000 69632 C:\WINDOWS\IME\SPGRMR.DLL 5.1.2600.1106 (xpsp1.020828-1920) SPTIP Grammar DLL
msi.dll 2f20000 2101248 C:\WINDOWS\System32\msi.dll 2.0.2600.1106 Windows Installer
SKCHUI.DLL 3140000 372736 C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL 1.0.1038.0 Draw Pen Tip
msohev.dll 325c0000 73728 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 11.0.5510 Microsoft Office 2003 component
jscript.dll 75c50000 593920 C:\WINDOWS\System32\jscript.dll 5.6.0.6626 Microsoft (r) JScript
iepeers.dll 66e50000 241664 C:\WINDOWS\System32\iepeers.dll 6.00.2800.1106 (xpsp1.020828-1920) Internet Explorer Peer Objects
WINSPOOL.DRV 73000000 143360 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.1106 (xpsp1.020828-1920) Windows Spooler Driver
MSLS31.DLL 746c0000 159744 C:\WINDOWS\System32\MSLS31.DLL 3.10.349.0 Microsoft Line Services library file
mshtmled.dll 74cb0000 454656 C:\WINDOWS\System32\mshtmled.dll 6.00.2800.1106 (xpsp1.020828-1920) Microsoft (R) HTML Editing Component
wdmaud.drv 72d20000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
MSACM32.dll 77be0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft ACM Audio Filter
midimap.dll 77bd0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI Mapper
dxtrans.dll 6bdd0000 208896 C:\WINDOWS\System32\dxtrans.dll 6.00.2800.1106 (xpsp1.020828-1920) DirectX Media -- DirectX Transform Core
ATL.DLL 76b20000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)
ddrawex.dll 6d430000 36864 C:\WINDOWS\System32\ddrawex.dll 5.1.2600.0 (xpclient.010817-1148) Direct Draw Ex
DDRAW.dll 73760000 278528 C:\WINDOWS\System32\DDRAW.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft DirectDraw
DCIMAN32.dll 73bc0000 24576 C:\WINDOWS\System32\DCIMAN32.dll 5.1.2600.0 (xpclient.010817-1148) DCI Manager
dxtmsft.dll 6be10000 348160 C:\WINDOWS\System32\dxtmsft.dll 6.00.2800.1106 (xpsp1.020828-1920) DirectX Media -- Image DirectX Transforms
imgutil.dll 66880000 40960 C:\WINDOWS\System32\imgutil.dll 6.00.2800.1106 (xpsp1.020828-1920) IE plugin image decoder support DLL
actxprxy.dll 71d40000 110592 C:\WINDOWS\System32\actxprxy.dll 6.00.2600.0000 (XPClient.010817-1148) ActiveX Interface Marshaling Library
MSRATING.DLL 5ff20000 143360 C:\WINDOWS\System32\MSRATING.DLL 6.00.2800.1106 (xpsp1.020828-1920) Internet Ratings and Local User Management DLL
msratelc.dll 5ff50000 69632 C:\WINDOWS\System32\msratelc.dll 6.00.2600.0000 (xpclient.010817-1148) Internet Ratings and Local User Management DLL
PSTOREC.DLL 5e0c0000 49152 C:\WINDOWS\System32\PSTOREC.DLL 5.1.2600.0 (xpclient.010817-1148) Protected Storage COM interfaces
----------------------------------------

eviltone · 2004/11/17

winlogon.exe pv log
---------------------------------

Module information for 'winlogon.exe'
MODULE BASE SIZE PATH
winlogon.exe 1000000 536576 C:\WINDOWS\system32\winlogon.exe 5.1.2600.1106 (xpsp1.020828-1920) Windows NT Logon Application
ntdll.dll 77f50000 684032 C:\WINDOWS\System32\ntdll.dll 5.1.2600.1106 (xpsp1.020828-1920) NT Layer DLL
kernel32.dll 77e60000 942080 C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT BASE API Client DLL
msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL
ADVAPI32.dll 77dd0000 577536 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Advanced Windows 32 Base API
RPCRT4.dll 78000000 552960 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1361 (xpsp2.040109-1800) Remote Procedure Call Runtime
GDI32.dll 7e090000 266240 C:\WINDOWS\system32\GDI32.dll 5.1.2600.1346 (xpsp2.040109-1800) GDI Client DLL
USER32.dll 77d40000 573440 C:\WINDOWS\system32\USER32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows XP USER API Client DLL
USERENV.dll 75a70000 675840 C:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 (xpsp1.020828-1920) Userenv
NDdeApi.dll 75940000 28672 C:\WINDOWS\system32\NDdeApi.dll 5.1.2600.0 (xpclient.010817-1148) Network DDE Share Management APIs
CRYPT32.dll 762c0000 569344 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1106 (xpsp1.020828-1920) Crypto API32
MSASN1.dll 762a0000 65536 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.1362 (xpsp2.040109-1800) ASN.1 Runtime APIs
Secur32.dll 76f90000 65536 C:\WINDOWS\system32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface
WINSTA.dll 76360000 61440 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.1106 (xpsp1.020828-1920) Winstation Library
PROFMAP.dll 75930000 40960 C:\WINDOWS\system32\PROFMAP.dll 5.1.2600.0 (xpclient.010817-1148) Userenv
NETAPI32.dll 71c20000 319488 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.1343 (xpsp2.040109-1800) Net Win32 API DLL
REGAPI.dll 76bc0000 57344 C:\WINDOWS\system32\REGAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) Registry Configuration APIs
WS2_32.dll 71ab0000 86016 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 Helper for Windows NT
AUTHZ.dll 76cc0000 65536 C:\WINDOWS\system32\AUTHZ.dll 5.1.2600.0 (xpclient.010817-1148) Authorization Framework
PSAPI.DLL 76bf0000 45056 C:\WINDOWS\system32\PSAPI.DLL 5.1.2600.1106 (xpsp1.020828-1920) Process Status Helper
VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries
SETUPAPI.dll 76670000 946176 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Setup API
MSGINA.dll 75970000 991232 C:\WINDOWS\System32\MSGINA.dll 5.1.2600.1343 (xpsp2.040109-1800) Windows NT Logon GINA DLL
SHELL32.dll 773d0000 8351744 C:\WINDOWS\system32\SHELL32.dll 6.00.2800.1106 (xpsp1.020828-1920) Windows Shell Common Dll
SHLWAPI.dll 70a70000 409600 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Light-weight Utility Library
COMCTL32.dll 77340000 569344 C:\WINDOWS\system32\COMCTL32.dll 5.82 (xpsp1.020828-1920) Common Controls Library
ODBC32.dll 1f7b0000 200704 C:\WINDOWS\System32\ODBC32.dll 3.520.9030.0 Microsoft Data Access - ODBC Driver Manager
comdlg32.dll 763b0000 282624 C:\WINDOWS\system32\comdlg32.dll 6.00.2800.1106 (xpsp1.020828-1920) Common Dialogs DLL
comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library
odbcint.dll 1f850000 90112 C:\WINDOWS\System32\odbcint.dll 3.520.7713.0 Microsoft Data Access - ODBC Resources
SHSVCS.dll 76bd0000 126976 C:\WINDOWS\System32\SHSVCS.dll 6.00.2800.1106 (xpsp1.020828-1920) Windows Shell Services Dll
sfc.dll 76bb0000 16384 C:\WINDOWS\system32\sfc.dll 5.1.2600.0 (xpclient.010817-1148) Windows File Protection
sfc_os.dll 76c60000 167936 C:\WINDOWS\System32\sfc_os.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows File Protection
WINTRUST.dll 76c30000 176128 C:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 (xpclient.010817-1148) Microsoft Trust Verification APIs
ole32.dll 771b0000 1196032 C:\WINDOWS\system32\ole32.dll 5.1.2600.1362 (xpsp2.040109-1800) Microsoft OLE for Windows
IMAGEHLP.dll 76c90000 139264 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT Image Helper
WINSCARD.DLL 723d0000 106496 C:\WINDOWS\System32\WINSCARD.DLL 5.1.2600.0 (xpclient.010817-1148) Microsoft Smart Card API
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\System32\WTSAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Terminal Server SDK APIs
uxtheme.dll 5ad70000 212992 C:\WINDOWS\System32\uxtheme.dll 6.00.2800.1106 (xpsp1.020828-1920) Microsoft UxTheme Library
sxs.dll 75e90000 684032 C:\WINDOWS\System32\sxs.dll 5.1.2600.1106 (xpsp1.020828-1920) Fusion 2.5
WINMM.dll 76b40000 180224 C:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 (xpsp1.020828-1920) MCI API DLL
cscdll.dll 76600000 110592 C:\WINDOWS\system32\cscdll.dll 5.1.2600.0 (xpclient.010817-1148) Offline Network Agent
WlNotify.dll 75950000 102400 C:\WINDOWS\system32\WlNotify.dll 5.1.2600.1106 (xpsp1.020828-1920) Common DLL to receive Winlogon notifications
WINSPOOL.DRV 73000000 143360 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.1106 (xpsp1.020828-1920) Windows Spooler Driver
MPR.dll 71b20000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) Multiple Provider Router DLL
rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll 5.1.2600.1029 (xpsp1.020426-1800) Microsoft Base Cryptographic Provider
msv1_0.dll 76d10000 118784 C:\WINDOWS\system32\msv1_0.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft Authentication Package v1.0
SAMLIB.dll 71bf0000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 (xpsp1.020828-1920) SAM Library DLL
wldap32.dll 76f60000 180224 C:\WINDOWS\system32\wldap32.dll 5.1.2600.1106 (xpsp1.020828-1920) Win32 LDAP API DLL
RASAPI32.dll 76ee0000 225280 C:\WINDOWS\System32\RASAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access API
rasman.dll 76e90000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access Connection Manager
TAPI32.dll 76eb0000 176128 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Windows(TM) Telephony API Client DLL
rtutils.dll 76e80000 53248 C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities
cscui.dll 76620000 319488 C:\WINDOWS\System32\cscui.dll 5.1.2600.1106 (xpsp1.020828-1920) Client Side Caching UI
MPRAPI.dll 76d40000 90112 C:\WINDOWS\System32\MPRAPI.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT MP Router Administration DLL
ACTIVEDS.dll 76e40000 192512 C:\WINDOWS\System32\ACTIVEDS.dll 5.1.2600.0 (xpclient.010817-1148) ADs Router Layer DLL
adsldpc.dll 76e10000 151552 C:\WINDOWS\System32\adsldpc.dll 5.1.2600.1106 (xpsp1.020828-1920) ADs LDAP Provider C DLL
ATL.DLL 76b20000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems
COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
CLBCATQ.DLL 7c890000 528384 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.53
NTMARTA.DLL 76ce0000 126976 C:\WINDOWS\System32\NTMARTA.DLL 5.1.2600.1106 (xpsp1.020828-1920) Windows NT MARTA provider
wdmaud.drv 72d20000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
MSACM32.dll 77be0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft ACM Audio Filter
midimap.dll 77bd0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI Mapper
igfxsrvc.dll 10000000 352256 C:\WINDOWS\system32\igfxsrvc.dll 3.0.0.3762 igfxsrvc Module
hccutils.DLL bd0000 122880 C:\WINDOWS\System32\hccutils.DLL 3.0.0.3762 hccutils Module
wbemprox.dll 74ef0000 40960 C:\WINDOWS\System32\wbem\wbemprox.dll 5.1.2600.1106 (xpsp1.020828-1920) WMI
wbemcomn.dll 75290000 229376 C:\WINDOWS\System32\wbem\wbemcomn.dll 5.1.2600.1106 (xpsp1.020828-1920) WMI
wbemsvc.dll 74ed0000 61440 C:\WINDOWS\System32\wbem\wbemsvc.dll 5.1.2600.0 (xpclient.010817-1148) WMI
fastprox.dll 75690000 577536 C:\WINDOWS\System32\wbem\fastprox.dll 5.1.2600.1106 (xpsp1.020828-1920) WMI
-------------------------------------

eviltone · 2004/11/17

Nothing found in DLLCOMPARE....

GET Services log
-----

PsService v1.1 - local and remote services viewer/controller
Copyright (C) 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com

SERVICE_NAME: Alerter
Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Alerter
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: ALG
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Layer Gateway Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: AppMgmt
Provides software installation services such as Assign, Publish, and Remove.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Management
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: aspnet_state
Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ASP.NET State Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: AudioSrv
Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : AudioGroup
TAG : 0
DISPLAY_NAME : Windows Audio
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
Uses idle network bandwidth to transfer data.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Background Intelligent Transfer Service
DEPENDENCIES : Rpcss
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Browser
Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Computer Browser
DEPENDENCIES : LanmanWorkstation
: LanmanServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: CiSvc
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\cisvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Indexing Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\clipsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ClipBook
DEPENDENCIES : NetDDE
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: COMSysApp
Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : COM+ System Application
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 30 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds
: Restart DELAY: 5000 seconds
: None DELAY: 1000 seconds

SERVICE_NAME: CryptSvc
Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Cryptographic Services
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dhcp
Manages network configuration by registering and updating IP addresses and DNS names.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dmadmin.exe /com
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager Administrative Service
DEPENDENCIES : RpcSs
: PlugPlay
: DmServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager
DEPENDENCIES : RpcSs
: PlugPlay
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: ERSvc
Allows error reporting for services and applictions running in non-standard environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Error Reporting Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Eventlog
Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : Event log
TAG : 0
DISPLAY_NAME : Event Log
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : COM+ Event System
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: FastUserSwitchingCompatibility
Provides management for applications that require assistance in a multiple user environment.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Fast User Switching Compatibility
DEPENDENCIES : TermService
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: helpsvc
Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Help and Support
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 100 seconds
: Restart DELAY: 100 seconds
: None DELAY: 100 seconds

SERVICE_NAME: HidServ
Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Human Interface Device Access
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ImapiService
Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\imapi.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IMAPI CD-Burning COM Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Irmon
Supports infrared devices installed on the computer and detects other devices that are in range.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Infrared Monitor
DEPENDENCIES : irda
: RpcSs
: TermService
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanserver
Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanworkstation
Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Workstation
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: MDM
Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE "
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Machine Debug Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Messenger
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Messenger
DEPENDENCIES : LanmanWorkstation
: NetBIOS
: PlugPlay
: RpcSS
SERVICE_START_NAME: LocalSystem

eviltone · 2004/11/17

SERVICE_NAME: mnmsrvc
Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\mnmsrvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NetMeeting Remote Desktop Sharing
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSDTC
Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\msdtc.exe
LOAD_ORDER_GROUP : MS Transactions
TAG : 0
DISPLAY_NAME : Distributed Transaction Coordinator
DEPENDENCIES : RPCSS
: SamSS
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: MSIServer
Installs, repairs and removes software according to instructions contained in .MSI files.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\msiexec.exe /V
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Installer
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDE
Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP : NetDDEGroup
TAG : 0
DISPLAY_NAME : Network DDE
DEPENDENCIES : NetDDEDSDM
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network DDE DSDM
DEPENDENCIES :
: EGrLocalSystem
: Network DDE DSDM
: etwork DDE
: workService
: Distributed Transaction Coordinator
: ion
: mFiles=C^
:
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netlogon
Supports pass-through authentication of account logon events for computers in a domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP : RemoteValidation
TAG : 0
DISPLAY_NAME : Net Logon
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Connections
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Nla
Collects and stores network configuration and location information, and notifies applications when this information changes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Location Awareness (NLA)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NOD32krn
(null)
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Eset\nod32krn.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NOD32 Kernel Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 300 seconds
FAILURE_ACTIONS : Restart DELAY: 0 seconds

SERVICE_NAME: NtLmSsp
Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NT LM Security Support Provider
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Removable Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ose
Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Office Source Engine
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PlugPlay
Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Plug and Play
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPSEC Services
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Protected Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Auto Connection Manager
DEPENDENCIES : RasMan
: Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
Creates a network connection.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Connection Manager
DEPENDENCIES : Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RDSessMgr
Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\sessmgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Desktop Help Session Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
Offers routing services to businesses in local area and wide area network environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Routing and Remote Access
DEPENDENCIES : RpcSS
: +NetBIOSGroup
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteRegistry
Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Registry
DEPENDENCIES : RPCSS
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds

SERVICE_NAME: RpcLocator
Manages the RPC name service database.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\locator.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC) Locator
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: RpcSs
Provides the endpoint mapper and other miscellaneous RPC services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Reboot DELAY: 60000 seconds

SERVICE_NAME: RSVP
Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\rsvp.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : QoS RSVP
DEPENDENCIES : TcpIp
: Afd
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
Stores security information for local user accounts.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : LocalValidation
TAG : 0
DISPLAY_NAME : Security Accounts Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardDrv
Enables support for legacy non-plug and play smart-card readers used by this computer. If this service is stopped, this computer will not support legacy reader. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Smart Card Helper
DEPENDENCIES : +Smart Card Reader
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: SCardSvr
Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Smart Card
DEPENDENCIES : PlugPlay
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Schedule
Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : SchedulerGroup
TAG : 0
DISPLAY_NAME : Task Scheduler
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: seclogon
Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Secondary Logon
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : System Event Notification
DEPENDENCIES : EventSystem
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SharedAccess
Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
DEPENDENCIES : Netman
: NLA
: RasMan
: ALG
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ShellHWDetection
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : Shell Hardware Detection
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Spooler
Loads files to memory for later printing.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe
LOAD_ORDER_GROUP : SpoolerGroup
TAG : 0
DISPLAY_NAME : Print Spooler
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: srservice
Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : System Restore Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SSDPSRV
Enables discovery of UPnP devices on your home network.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SSDP Discovery Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: stisvc
Provides image acquisition services for scanners and cameras.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k imgsvc
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Image Acquisition (WIA)
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SwPrv
Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{364AD751-6A66-415A-A6D3-665F61EA19C7}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : MS Software Shadow Copy Provider
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\smlogsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Performance Logs and Alerts
DEPENDENCIES :
SERVICE_START_NAME: NT Authority\NetworkService

eviltone · 2004/11/17

SERVICE_NAME: TapiSrv
Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telephony
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TermService
Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Terminal Services
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Themes
Provides user experience theme management.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : UIGroup
TAG : 0
DISPLAY_NAME : Themes
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: TlntSvr
Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\tlntsvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telnet
DEPENDENCIES : RPCSS
: TCPIP
: NTLMSSP
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TrkWks
Maintains links between NTFS files within a computer or across computers in a network domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Distributed Link Tracking Client
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: uploadmgr
Manages synchronous and asynchronous file transfers between clients and servers on the network. If this service is stopped, synchronous and asynchronous file transfers between clients and servers on the network will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Upload Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 100 seconds
: Restart DELAY: 100 seconds
: None DELAY: 100 seconds

SERVICE_NAME: upnphost
Provides support to host Universal Plug and Play devices.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Universal Plug and Play Device Host
DEPENDENCIES : SSDPSRV
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : -1 seconds
FAILURE_ACTIONS : Restart DELAY: 0 seconds

SERVICE_NAME: UPS
Manages an uninterruptible power supply (UPS) connected to the computer.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\ups.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Uninterruptible Power Supply
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: VSS
Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\vssvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Volume Shadow Copy
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: W32Time
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Time
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WebClient
Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : WebClient
DEPENDENCIES : MRxDAV
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: winmgmt
Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation
DEPENDENCIES : RPCSS
: Eventlog
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: WmdmPmSN
Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Portable Media Serial Number Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Wmi
Provides systems management information to and from drivers.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation Driver Extensions
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WmiApSrv
Provides performance library information from WMI HiPerf providers.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\wbem\wmiapsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : WMI Performance Adapter
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Automatic Updates
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WZCSVC
Provides automatic configuration for the 802.11 adapters
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Wireless Zero Configuration
DEPENDENCIES : RpcSs
: Ndisuio
SERVICE_START_NAME: LocalSystem

----

nothing found under reglite

thanks guys

-Tone

noahdfear · 2004/11/17

Welcome to WindowsBBS Tone

One more thing for us now please. Go to start>run and paste the following command, then hit enter.

regedit.exe /e c:\Ms4Hd.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ms4Hd "

Open My Computer, then Local Disk C: and look for the Ms4Hd.txt file. Open and copy/paste the contents here.

**Note: The forum format put a space between the r and e in CurrentVersion that will need to be taken out

eviltone · 2004/11/17

as you requested:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ms4Hd]

-Tone

noahdfear · 2004/11/17

Oh, one other thing. Use dllcompare to search for .exes in the system32 folder and post the results please.

eviltone · 2004/11/17

dllcompare shows nothing for exe's.... nor for dll's

-Tone

eviltone · 2004/11/17

also...

Module information for 'svchost.exe'
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINDOWS\system32\svchost.exe 5.1.2600.0 (xpclient.010817-1148) Generic Host Process for Win32 Services
ntdll.dll 77f50000 684032 C:\WINDOWS\System32\ntdll.dll 5.1.2600.1106 (xpsp1.020828-1920) NT Layer DLL
kernel32.dll 77e60000 942080 C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 577536 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Advanced Windows 32 Base API
RPCRT4.dll 78000000 552960 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1361 (xpsp2.040109-1800) Remote Procedure Call Runtime
rpcss.dll 75850000 282624 c:\windows\system32\rpcss.dll 5.1.2600.1361 (xpsp2.040109-1800) Distributed COM Services
msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL
WS2_32.dll 71ab0000 86016 c:\windows\system32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 c:\windows\system32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 Helper for Windows NT
USER32.dll 77d40000 573440 C:\WINDOWS\system32\USER32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows XP USER API Client DLL
GDI32.dll 7e090000 266240 C:\WINDOWS\system32\GDI32.dll 5.1.2600.1346 (xpsp2.040109-1800) GDI Client DLL
Secur32.dll 76f90000 65536 c:\windows\system32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface
userenv.dll 75a70000 675840 C:\WINDOWS\system32\userenv.dll 5.1.2600.1106 (xpsp1.020828-1920) Userenv
rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll 5.1.2600.1029 (xpsp1.020426-1800) Microsoft Base Cryptographic Provider
mswsock.dll 71a50000 241664 C:\WINDOWS\system32\mswsock.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Windows Sockets 2.0 Service Provider
imon.dll 20b00000 258048 C:\WINDOWS\system32\imon.dll
WSOCK32.dll 71ad0000 32768 C:\WINDOWS\system32\WSOCK32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 32-Bit DLL
NTMARTA.DLL 76ce0000 126976 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.1106 (xpsp1.020828-1920) Windows NT MARTA provider
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) Win32 LDAP API DLL
ole32.dll 771b0000 1196032 C:\WINDOWS\system32\ole32.dll 5.1.2600.1362 (xpsp2.040109-1800) Microsoft OLE for Windows
SAMLIB.dll 71bf0000 69632 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.1106 (xpsp1.020828-1920) SAM Library DLL
rsvpsp.dll 73080000 114688 C:\WINDOWS\system32\rsvpsp.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Windows Rsvp 1.0 Service Provider
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.0 (xpclient.010817-1148) Windows Sockets Helper DLL
DNSAPI.dll 76f20000 151552 C:\WINDOWS\system32\DNSAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) DNS Client API DLL
iphlpapi.dll 76d60000 94208 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2 (xpsp1.020828-1920) IP Helper API
winrnr.dll 76fb0000 28672 C:\WINDOWS\System32\winrnr.dll 5.1.2600.0 (xpclient.010817-1148) LDAP RnR Provider DLL
rasadhlp.dll 76fc0000 20480 C:\WINDOWS\system32\rasadhlp.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access AutoDial Helper
CLBCATQ.DLL 7c890000 528384 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.53
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.42
VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries
msi.dll 76400000 2101248 C:\WINDOWS\system32\msi.dll 2.0.2600.1106 Windows Installer
Apphelp.dll 75f40000 126976 C:\WINDOWS\system32\Apphelp.dll 5.1.2600.1106 (xpsp1.020828-1920) Application Compatibility Client Library
Module information for 'svchost.exe'
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINDOWS\System32\svchost.exe 5.1.2600.0 (xpclient.010817-1148) Generic Host Process for Win32 Services
ntdll.dll 77f50000 684032 C:\WINDOWS\System32\ntdll.dll 5.1.2600.1106 (xpsp1.020828-1920) NT Layer DLL
kernel32.dll 77e60000 942080 C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 577536 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Advanced Windows 32 Base API
RPCRT4.dll 78000000 552960 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1361 (xpsp2.040109-1800) Remote Procedure Call Runtime
ole32.dll 771b0000 1196032 C:\WINDOWS\system32\ole32.dll 5.1.2600.1362 (xpsp2.040109-1800) Microsoft OLE for Windows
GDI32.dll 7e090000 266240 C:\WINDOWS\system32\GDI32.dll 5.1.2600.1346 (xpsp2.040109-1800) GDI Client DLL
USER32.dll 77d40000 573440 C:\WINDOWS\system32\USER32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows XP USER API Client DLL
shsvcs.dll 76bd0000 126976 c:\windows\system32\shsvcs.dll 6.00.2800.1106 (xpsp1.020828-1920) Windows Shell Services Dll
msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL
SHLWAPI.dll 70a70000 409600 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Light-weight Utility Library
shell32.dll 773d0000 8351744 C:\WINDOWS\system32\shell32.dll 6.00.2800.1106 (xpsp1.020828-1920) Windows Shell Common Dll
comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library
comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp1.020828-1920) Common Controls Library
WINSTA.dll 76360000 61440 C:\WINDOWS\System32\WINSTA.dll 5.1.2600.1106 (xpsp1.020828-1920) Winstation Library
dhcpcsvc.dll 76d80000 110592 c:\windows\system32\dhcpcsvc.dll 5.1.2600.1106 (xpsp1.020828-1920) DHCP Client Service
DNSAPI.dll 76f20000 151552 c:\windows\system32\DNSAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) DNS Client API DLL
WS2_32.dll 71ab0000 86016 c:\windows\system32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 c:\windows\system32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 Helper for Windows NT
iphlpapi.dll 76d60000 94208 c:\windows\system32\iphlpapi.dll 5.1.2600.2 (xpsp1.020828-1920) IP Helper API
Secur32.dll 76f90000 65536 c:\windows\system32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface
UxTheme.dll 5ad70000 212992 C:\WINDOWS\System32\UxTheme.dll 6.00.2800.1106 (xpsp1.020828-1920) Microsoft UxTheme Library
rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll 5.1.2600.1029 (xpsp1.020426-1800) Microsoft Base Cryptographic Provider
imon.dll 20b00000 258048 C:\WINDOWS\System32\imon.dll
WSOCK32.dll 71ad0000 32768 C:\WINDOWS\System32\WSOCK32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 32-Bit DLL
NTMARTA.DLL 76ce0000 126976 C:\WINDOWS\System32\NTMARTA.DLL 5.1.2600.1106 (xpsp1.020828-1920) Windows NT MARTA provider
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) Win32 LDAP API DLL
SAMLIB.dll 71bf0000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 (xpsp1.020828-1920) SAM Library DLL
mswsock.dll 71a50000 241664 C:\WINDOWS\system32\mswsock.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Windows Sockets 2.0 Service Provider
rsvpsp.dll 73080000 114688 C:\WINDOWS\system32\rsvpsp.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Windows Rsvp 1.0 Service Provider
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.0 (xpclient.010817-1148) Windows Sockets Helper DLL
termsrv.dll 752d0000 241664 c:\windows\system32\termsrv.dll 5.1.2600.1106 (xpsp1.020828-1920) Terminal Server Service
ICAAPI.dll 74f70000 20480 c:\windows\system32\ICAAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL Interface to TermDD Device Driver
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems
AUTHZ.dll 76cc0000 65536 c:\windows\system32\AUTHZ.dll 5.1.2600.0 (xpclient.010817-1148) Authorization Framework
mstlsapi.dll 75110000 114688 c:\windows\system32\mstlsapi.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft® Terminal Server Licensing
ACTIVEDS.dll 76e40000 192512 c:\windows\system32\ACTIVEDS.dll 5.1.2600.0 (xpclient.010817-1148) ADs Router Layer DLL
adsldpc.dll 76e10000 151552 c:\windows\system32\adsldpc.dll 5.1.2600.1106 (xpsp1.020828-1920) ADs LDAP Provider C DLL
NETAPI32.dll 71c20000 319488 c:\windows\system32\NETAPI32.dll 5.1.2600.1343 (xpsp2.040109-1800) Net Win32 API DLL
ATL.DLL 76b20000 86016 c:\windows\system32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)
CRYPT32.dll 762c0000 569344 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1106 (xpsp1.020828-1920) Crypto API32
MSASN1.dll 762a0000 65536 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.1362 (xpsp2.040109-1800) ASN.1 Runtime APIs
wzcsvc.dll 70b50000 278528 c:\windows\system32\wzcsvc.dll 5.1.2600.1106 (xpsp1.020828-1920) Wireless Zero Configuration Service
rtutils.dll 76e80000 53248 c:\windows\system32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities
WMI.dll 76d30000 16384 c:\windows\system32\WMI.dll 5.1.2600.0 (XPClient.010817-1148) WMI DC and DP functionality
WTSAPI32.dll 76f50000 32768 c:\windows\system32\WTSAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Terminal Server SDK APIs
ESENT.dll 69710000 1036288 c:\windows\system32\ESENT.dll 5.1.2600.0 (xpclient.010817-1148) Server Database Storage Engine
REGAPI.dll 76bc0000 57344 C:\WINDOWS\System32\REGAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) Registry Configuration APIs
VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries
irmon.dll 65f40000 114688 c:\windows\system32\irmon.dll 5.1.2600.1106 (xpsp1.020828-1920) Infrared Monitor
USERENV.dll 75a70000 675840 C:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 (xpsp1.020828-1920) Userenv
winmm.dll 76b40000 180224 C:\WINDOWS\System32\winmm.dll 5.1.2600.1106 (xpsp1.020828-1920) MCI API DLL
wshirda.dll 58d30000 20480 C:\WINDOWS\System32\wshirda.dll 5.1.2600.0 (xpclient.010817-1148) Windows Sockets Helper DLL
rastls.dll 555a0000 106496 C:\WINDOWS\System32\rastls.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access PPP EAP-TLS
CRYPTUI.dll 754d0000 483328 C:\WINDOWS\System32\CRYPTUI.dll 5.131.2600.1106 (xpsp1.020828-1920) Microsoft Trust UI Provider
WINTRUST.dll 76c30000 176128 C:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 (xpclient.010817-1148) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 139264 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT Image Helper
WININET.dll 76200000 622592 C:\WINDOWS\system32\WININET.dll 6.00.2800.1106 (xpsp1.020828-1920) Internet Extensions for Win32
MPRAPI.dll 76d40000 90112 C:\WINDOWS\System32\MPRAPI.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT MP Router Administration DLL
SETUPAPI.dll 76670000 946176 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Setup API
RASAPI32.dll 76ee0000 225280 C:\WINDOWS\System32\RASAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access API
rasman.dll 76e90000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access Connection Manager
TAPI32.dll 76eb0000 176128 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Windows(TM) Telephony API Client DLL
SCHANNEL.dll 767f0000 147456 C:\WINDOWS\System32\SCHANNEL.dll 5.1.2600.1347 (xpsp2.040109-1800) TLS / SSL Security Provider
WinSCard.dll 723d0000 106496 C:\WINDOWS\System32\WinSCard.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Smart Card API
raschap.dll 70af0000 69632 C:\WINDOWS\System32\raschap.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access PPP CHAP
msv1_0.dll 76d10000 118784 C:\WINDOWS\system32\msv1_0.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft Authentication Package v1.0
CLBCATQ.DLL 7c890000 528384 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.53
COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
schedsvc.dll 751d0000 172032 c:\windows\system32\schedsvc.dll 5.1.2600.1106 (xpsp1.020828-1920) Task Scheduler Engine
NTDSAPI.dll 767a0000 77824 c:\windows\system32\NTDSAPI.dll 5.1.2600.0 (xpclient.010817-1148) NT5DS
MSIDLE.DLL 74f50000 20480 C:\WINDOWS\System32\MSIDLE.DLL 6.00.2600.0000 (xpclient.010817-1148) User Idle Monitor
audiosrv.dll 708b0000 53248 c:\windows\system32\audiosrv.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Audio Service
wkssvc.dll 75170000 131072 c:\windows\system32\wkssvc.dll 5.1.2600.0 (xpclient.010817-1148) Workstation Service DLL
cryptsvc.dll 74fa0000 65536 c:\windows\system32\cryptsvc.dll 5.1.2600.1106 (xpsp1.020828-1920) Cryptographic Services
certcli.dll 75350000 200704 c:\windows\system32\certcli.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Certificate Services Client
es.dll 76b70000 253952 c:\windows\system32\es.dll 2001.12.4414.53
srvsvc.dll 75090000 94208 c:\windows\system32\srvsvc.dll 5.1.2600.0 (xpclient.010817-1148) Server Service DLL
netman.dll 76de0000 163840 c:\windows\system32\netman.dll 5.1.2600.1106 (xpsp1.020828-1920) Network Connections Manager
seclogon.dll 73d20000 36864 c:\windows\system32\seclogon.dll 5.1.2600.0 (xpclient.010817-1148) Secondary Logon Service DLL
sens.dll 722d0000 49152 c:\windows\system32\sens.dll 5.1.2600.1106 (xpsp1.020828-1920) System Event Notification Service (SENS)
srsvc.dll 751a0000 176128 c:\windows\system32\srsvc.dll 5.1.2600.1106 (xpsp1.020828-1920) System Restore Service
POWRPROF.dll 74ad0000 28672 c:\windows\system32\POWRPROF.dll 6.00.2600.0000 (xpclient.010817-1148) Power Profile Helper DLL
tapisrv.dll 733e0000 245760 c:\windows\system32\tapisrv.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Windows(TM) Telephony Server
PSAPI.DLL 76bf0000 45056 c:\windows\system32\PSAPI.DLL 5.1.2600.1106 (xpsp1.020828-1920) Process Status Helper
trkwks.dll 75070000 94208 c:\windows\system32\trkwks.dll 5.1.2600.1106 (xpsp1.020828-1920) Distributed Link Tracking Client
pchsvc.dll 74f40000 40960 c:\windows\pchealth\helpctr\binaries\pchsvc.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft PCHealth Service Holder
w32time.dll 767c0000 172032 c:\windows\system32\w32time.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Time Service
MSVCP60.dll 55900000 397312 c:\windows\system32\MSVCP60.dll 6.00.8972.0 Microsoft (R) C++ Runtime Library

eviltone · 2004/11/17

to continue that....

wmisvc.dll 597a0000 114688 c:\windows\system32\wbem\wmisvc.dll 5.1.2600.1106 (xpsp1.020828-1920) WMI
wbemcomn.dll 75290000 229376 c:\windows\system32\wbem\wbemcomn.dll 5.1.2600.1106 (xpsp1.020828-1920) WMI
VSSAPI.DLL 753e0000 425984 C:\WINDOWS\System32\VSSAPI.DLL 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL
browser.dll 74fe0000 61440 c:\windows\system32\browser.dll 5.1.2600.1106 (xpsp1.020828-1920) Computer Browser Service DLL
SXS.DLL 75e90000 684032 C:\WINDOWS\System32\SXS.DLL 5.1.2600.1106 (xpsp1.020828-1920) Fusion 2.5
comsvcs.dll 7c400000 1204224 C:\WINDOWS\system32\comsvcs.dll 2001.12.4414.53
MTXCLU.DLL 750f0000 73728 C:\WINDOWS\system32\MTXCLU.DLL 2001.12.4414.53 MS DTC amd MTS clustering support DLL
colbact.DLL 75130000 86016 C:\WINDOWS\system32\colbact.DLL 2001.12.4414.53
CLUSAPI.DLL 55560000 69632 C:\WINDOWS\System32\CLUSAPI.DLL 5.1.2600.1106 (xpsp1.020828-1920) Cluster API Library
RESUTILS.DLL 750b0000 69632 C:\WINDOWS\System32\RESUTILS.DLL 5.1.2600.0 (xpclient.010817-1148) Microsoft Cluster Resource Utility DLL
mtxoci.dll 750d0000 102400 C:\WINDOWS\System32\mtxoci.dll 2001.12.4414.53 Microsoft database support DLL for Oracle
rasmans.dll 72480000 180224 c:\windows\system32\rasmans.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access Connection Manager
WINIPSEC.DLL 74370000 40960 c:\windows\system32\WINIPSEC.DLL 5.1.2600.0 (xpclient.010817-1148) Windows IPSec SPD Client DLL
netcfgx.dll 755f0000 593920 c:\windows\system32\netcfgx.dll 5.1.2600.1106 (xpsp1.020828-1920) Network Configuration Objects
rastapi.dll 72060000 65536 C:\WINDOWS\System32\rastapi.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access TAPI Compliance Layer
unimdm.tsp 57cc0000 200704 C:\WINDOWS\System32\unimdm.tsp 5.1.2600.0 (xpclient.010817-1148) Unimodem 5 Service Provider
uniplat.dll 72000000 28672 C:\WINDOWS\System32\uniplat.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem AT Mini Driver Platform Driver for Windows NT
unimdmat.dll 5b070000 77824 C:\WINDOWS\System32\unimdmat.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Service Provider AT Mini Driver
modemui.dll 61650000 155648 C:\WINDOWS\System32\modemui.dll 5.1.2600.0 (xpclient.010817-1148) Windows Modem Properties
kmddsp.tsp 57d40000 45056 C:\WINDOWS\System32\kmddsp.tsp 5.1.2600.0 (xpclient.010817-1148) TAPI Kernel-Mode Service Provider
ndptsp.tsp 57d20000 65536 C:\WINDOWS\System32\ndptsp.tsp 5.1.2600.0 (xpclient.010817-1148) NDIS Proxy TAPI Service Provider
ipconf.tsp 57d50000 28672 C:\WINDOWS\System32\ipconf.tsp 5.1.2600.0 (xpclient.010817-1148) Microsoft Multicast Conference TAPI Service Provider
h323.tsp 57d70000 274432 C:\WINDOWS\System32\h323.tsp 5.1.2600.1348 (xpsp2.040109-1800) Microsoft H.323 Telephony Service Provider
hidphone.tsp 57d60000 40960 C:\WINDOWS\System32\hidphone.tsp 5.1.2600.0 (xpclient.010817-1148) Microsoft HID Phone TSP
HID.DLL 688f0000 36864 C:\WINDOWS\System32\HID.DLL 5.1.2600.0 (XPClient.010817-1148) Hid User Library
rasppp.dll 72240000 204800 C:\WINDOWS\System32\rasppp.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access PPP
ntlsapi.dll 724b0000 20480 C:\WINDOWS\System32\ntlsapi.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft® License Server Interface DLL
ipnathlp.dll 66460000 454656 c:\windows\system32\ipnathlp.dll 5.1.2600.1364 (xpsp2.040109-1800) Microsoft NAT Helper Components
netshell.dll 75cf0000 1642496 c:\windows\system32\netshell.dll 5.1.2600.1106 (xpsp1.020828-1920) Network Connections Shell
credui.dll 76c00000 184320 c:\windows\system32\credui.dll 5.1.2600.1106 (xpsp1.020828-1920) Credential Manager User Interface
HNetCfg.dll 68880000 258048 c:\windows\system32\HNetCfg.dll 5.1.2600.1106 (xpsp1.020828-1920) Home Networking Configuration Manager
rasadhlp.dll 76fc0000 20480 C:\WINDOWS\System32\rasadhlp.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access AutoDial Helper
wbemcore.dll 75450000 491520 C:\WINDOWS\System32\Wbem\wbemcore.dll 5.1.2600.1106 (xpsp1.020828-1920) WMI
esscli.dll 75310000 245760 C:\WINDOWS\System32\Wbem\esscli.dll 5.1.2600.1106 (xpsp1.020828-1920) WMI
FastProx.dll 75690000 577536 C:\WINDOWS\System32\Wbem\FastProx.dll 5.1.2600.1106 (xpsp1.020828-1920) WMI
wmiutils.dll 75020000 114688 C:\WINDOWS\System32\wbem\wmiutils.dll 5.1.2600.1106 (xpsp1.020828-1920) WMI
repdrvfs.dll 75200000 147456 C:\WINDOWS\System32\wbem\repdrvfs.dll 5.1.2600.1106 (xpsp1.020828-1920) WMI
wmiprvsd.dll 597f0000 421888 C:\WINDOWS\System32\wbem\wmiprvsd.dll 5.1.2600.1106 (xpsp1.020828-1920) WMI
NCObjAPI.DLL 5f770000 57344 C:\WINDOWS\System32\NCObjAPI.DLL 5.1.2600.1106 (xpsp1.020828-1920)
wbemess.dll 75390000 270336 C:\WINDOWS\System32\wbem\wbemess.dll 5.1.2600.1106 (xpsp1.020828-1920) WMI
upnp.dll 555f0000 135168 C:\WINDOWS\System32\upnp.dll 5.1.2600.1106 (xpsp1.020828-1920) Universal Plug and Play API
SSDPAPI.dll 74f00000 40960 C:\WINDOWS\System32\SSDPAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) SSDP Client API DLL
RASDLG.dll 75550000 647168 C:\WINDOWS\System32\RASDLG.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access Common Dialog API
ncprov.dll 5f740000 69632 C:\WINDOWS\System32\wbem\ncprov.dll 5.1.2600.1106 (xpsp1.020828-1920) Non-COM WMI Event Provision APIs
wbemsvc.dll 74ed0000 61440 C:\WINDOWS\System32\wbem\wbemsvc.dll 5.1.2600.0 (xpclient.010817-1148) WMI
winrnr.dll 76fb0000 28672 C:\WINDOWS\System32\winrnr.dll 5.1.2600.0 (xpclient.010817-1148) LDAP RnR Provider DLL
Apphelp.dll 75f40000 126976 C:\WINDOWS\system32\Apphelp.dll 5.1.2600.1106 (xpsp1.020828-1920) Application Compatibility Client Library
Module information for 'svchost.exe'
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINDOWS\System32\svchost.exe 5.1.2600.0 (xpclient.010817-1148) Generic Host Process for Win32 Services
ntdll.dll 77f50000 684032 C:\WINDOWS\System32\ntdll.dll 5.1.2600.1106 (xpsp1.020828-1920) NT Layer DLL
kernel32.dll 77e60000 942080 C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 577536 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Advanced Windows 32 Base API
RPCRT4.dll 78000000 552960 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1361 (xpsp2.040109-1800) Remote Procedure Call Runtime
dnsrslvr.dll 76770000 53248 c:\windows\system32\dnsrslvr.dll 5.1.2600.0 (xpclient.010817-1148) DNS Caching Resolver Service
msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL
USER32.dll 77d40000 573440 C:\WINDOWS\system32\USER32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows XP USER API Client DLL
GDI32.dll 7e090000 266240 C:\WINDOWS\system32\GDI32.dll 5.1.2600.1346 (xpsp2.040109-1800) GDI Client DLL
DNSAPI.dll 76f20000 151552 c:\windows\system32\DNSAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) DNS Client API DLL
WS2_32.dll 71ab0000 86016 c:\windows\system32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 c:\windows\system32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 Helper for Windows NT
iphlpapi.dll 76d60000 94208 c:\windows\system32\iphlpapi.dll 5.1.2600.2 (xpsp1.020828-1920) IP Helper API
imon.dll 20b00000 258048 C:\WINDOWS\System32\imon.dll
WSOCK32.dll 71ad0000 32768 C:\WINDOWS\System32\WSOCK32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 32-Bit DLL
NTMARTA.DLL 76ce0000 126976 C:\WINDOWS\System32\NTMARTA.DLL 5.1.2600.1106 (xpsp1.020828-1920) Windows NT MARTA provider
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) Win32 LDAP API DLL
ole32.dll 771b0000 1196032 C:\WINDOWS\system32\ole32.dll 5.1.2600.1362 (xpsp2.040109-1800) Microsoft OLE for Windows
SAMLIB.dll 71bf0000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 (xpsp1.020828-1920) SAM Library DLL
mswsock.dll 71a50000 241664 C:\WINDOWS\system32\mswsock.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Windows Sockets 2.0 Service Provider
rsvpsp.dll 73080000 114688 C:\WINDOWS\system32\rsvpsp.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Windows Rsvp 1.0 Service Provider
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.0 (xpclient.010817-1148) Windows Sockets Helper DLL
Module information for 'svchost.exe'
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINDOWS\System32\svchost.exe 5.1.2600.0 (xpclient.010817-1148) Generic Host Process for Win32 Services
ntdll.dll 77f50000 684032 C:\WINDOWS\System32\ntdll.dll 5.1.2600.1106 (xpsp1.020828-1920) NT Layer DLL
kernel32.dll 77e60000 942080 C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 577536 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Advanced Windows 32 Base API
RPCRT4.dll 78000000 552960 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1361 (xpsp2.040109-1800) Remote Procedure Call Runtime
ole32.dll 771b0000 1196032 C:\WINDOWS\system32\ole32.dll 5.1.2600.1362 (xpsp2.040109-1800) Microsoft OLE for Windows
GDI32.dll 7e090000 266240 C:\WINDOWS\system32\GDI32.dll 5.1.2600.1346 (xpsp2.040109-1800) GDI Client DLL
USER32.dll 77d40000 573440 C:\WINDOWS\system32\USER32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows XP USER API Client DLL
lmhsvc.dll 74c40000 24576 c:\windows\system32\lmhsvc.dll 5.1.2600.0 (xpclient.010817-1148) TCPIP NetBios Transport Services DLL
msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL
iphlpapi.dll 76d60000 94208 c:\windows\system32\iphlpapi.dll 5.1.2600.2 (xpsp1.020828-1920) IP Helper API
WS2_32.dll 71ab0000 86016 c:\windows\system32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 c:\windows\system32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 Helper for Windows NT
webclnt.dll 5a6e0000 81920 c:\windows\system32\webclnt.dll 5.1.2600.1106 (xpsp1.020828-1920) Web DAV Service DLL
WININET.dll 76200000 622592 C:\WINDOWS\system32\WININET.dll 6.00.2800.1106 (xpsp1.020828-1920) Internet Extensions for Win32
SHLWAPI.dll 70a70000 409600 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Light-weight Utility Library
CRYPT32.dll 762c0000 569344 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1106 (xpsp1.020828-1920) Crypto API32
MSASN1.dll 762a0000 65536 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.1362 (xpsp2.040109-1800) ASN.1 Runtime APIs
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems
comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library
shell32.dll 773d0000 8351744 C:\WINDOWS\system32\shell32.dll 6.00.2800.1106 (xpsp1.020828-1920) Windows Shell Common Dll
comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp1.020828-1920) Common Controls Library
Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface
wsock32.dll 71ad0000 32768 C:\WINDOWS\System32\wsock32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 32-Bit DLL
ssdpsrv.dll 74c10000 57344 c:\windows\system32\ssdpsrv.dll 5.1.2600.1106 (xpsp1.020828-1920) SSDP Service DLL
imon.dll 20b00000 258048 C:\WINDOWS\System32\imon.dll
NTMARTA.DLL 76ce0000 126976 C:\WINDOWS\System32\NTMARTA.DLL 5.1.2600.1106 (xpsp1.020828-1920) Windows NT MARTA provider
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) Win32 LDAP API DLL
SAMLIB.dll 71bf0000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 (xpsp1.020828-1920) SAM Library DLL
mswsock.dll 71a50000 241664 C:\WINDOWS\system32\mswsock.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Windows Sockets 2.0 Service Provider
rsvpsp.dll 73080000 114688 C:\WINDOWS\system32\rsvpsp.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Windows Rsvp 1.0 Service Provider
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.0 (xpclient.010817-1148) Windows Sockets Helper DLL
uxtheme.dll 5ad70000 212992 C:\WINDOWS\System32\uxtheme.dll 6.00.2800.1106 (xpsp1.020828-1920) Microsoft UxTheme Library
DNSAPI.dll 76f20000 151552 C:\WINDOWS\System32\DNSAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) DNS Client API DLL
rasadhlp.dll 76fc0000 20480 C:\WINDOWS\System32\rasadhlp.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access AutoDial Helper

thanks
-Tone

TonyT · 2004/11/18

Try this:
Download Autoruns from http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml
It's a free utility that will show you ALL possible locations of and ALL things that load at boot, as well as Microsoft items that load at boot if desired. (useful if a malware is disguised as a MS startup item)

noahdfear · 2004/11/18

Tone,

We still need to see the content of the exported registry key.

http://www.windowsbbs.com/showpost.php?p=199881&postcount=7

I have already identified the dlls that need removed, just need this last bit of info to recommend a fix.

eviltone · 2004/11/18

noahdfear said:

Tone,

We still need to see the content of the exported registry key.

http://www.windowsbbs.com/showpost.php?p=199881&postcount=7

I have already identified the dlls that need removed, just need this last bit of info to recommend a fix.
Click to expand...

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ms4Hd]

-Tone

eviltone · 2004/11/18

this is what that new tool came up with

Code:

HKLM\System\CurrentControlSet\Services			
+ AudioSrv	Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.	Microsoft Corporation	c:\windows\system32\svchost.exe
+ Browser	Generic Host Process for Win32 Services	Microsoft Corporation	c:\windows\system32\svchost.exe
+ CryptSvc	Generic Host Process for Win32 Services	Microsoft Corporation	c:\windows\system32\svchost.exe
+ Dhcp	Manages network configuration by registering and updating IP addresses and DNS names.	Microsoft Corporation	c:\windows\system32\svchost.exe
+ Dnscache	Generic Host Process for Win32 Services	Microsoft Corporation	c:\windows\system32\svchost.exe
+ Eventlog	Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.	Microsoft Corporation	c:\windows\system32\services.exe
+ Irmon	Supports infrared devices installed on the computer and detects other devices that are in range.	Microsoft Corporation	c:\windows\system32\svchost.exe
+ lanmanserver	Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.	Microsoft Corporation	c:\windows\system32\svchost.exe
+ lanmanworkstation	Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.	Microsoft Corporation	c:\windows\system32\svchost.exe
+ LmHosts	Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.	Microsoft Corporation	c:\windows\system32\svchost.exe
+ MDM	Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly.	Microsoft Corporation	c:\program files\common files\microsoft shared\vs7debug\mdm.exe
+ NOD32krn			c:\program files\eset\nod32krn.exe
+ PlugPlay	Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.	Microsoft Corporation	c:\windows\system32\services.exe
+ PolicyAgent	Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.	Microsoft Corporation	c:\windows\system32\lsass.exe
+ ProtectedStorage	Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.	Microsoft Corporation	c:\windows\system32\lsass.exe
+ RpcSs	Provides the endpoint mapper and other miscellaneous RPC services.	Microsoft Corporation	c:\windows\system32\svchost.exe
+ SamSs	Stores security information for local user accounts.	Microsoft Corporation	c:\windows\system32\lsass.exe
+ Schedule	Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.	Microsoft Corporation	c:\windows\system32\svchost.exe
+ seclogon	Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.	Microsoft Corporation	c:\windows\system32\svchost.exe
+ SENS	Tracks system events such as Windows logon, network, and power events.  Notifies COM+ Event System subscribers of these events.	Microsoft Corporation	c:\windows\system32\svchost.exe
+ SharedAccess	Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.	Microsoft Corporation	c:\windows\system32\svchost.exe
+ ShellHWDetection	Generic Host Process for Win32 Services	Microsoft Corporation	c:\windows\system32\svchost.exe
+ Spooler	Loads files to memory for later printing.	Microsoft Corporation	c:\windows\system32\spoolsv.exe
+ srservice	Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties	Microsoft Corporation	c:\windows\system32\svchost.exe
+ Themes	Provides user experience theme management.	Microsoft Corporation	c:\windows\system32\svchost.exe
+ TrkWks	Maintains links between NTFS files within a computer or across computers in a network domain.	Microsoft Corporation	c:\windows\system32\svchost.exe
+ uploadmgr	Generic Host Process for Win32 Services	Microsoft Corporation	c:\windows\system32\svchost.exe
+ W32Time	Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
	Microsoft Corporation	c:\windows\system32\svchost.exe
+ WebClient	Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.	Microsoft Corporation	c:\windows\system32\svchost.exe
+ winmgmt	Generic Host Process for Win32 Services	Microsoft Corporation	c:\windows\system32\svchost.exe
+ WZCSVC	Provides automatic configuration for the 802.11 adapters	Microsoft Corporation	c:\windows\system32\svchost.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify			
+ cscdll	Offline Network Agent	Microsoft Corporation	c:\windows\system32\cscdll.dll
+ ScCertProp	Common DLL to receive Winlogon notifications	Microsoft Corporation	c:\windows\system32\wlnotify.dll
+ Schedule	Common DLL to receive Winlogon notifications	Microsoft Corporation	c:\windows\system32\wlnotify.dll
+ SensLogn	Common DLL to receive Winlogon notifications	Microsoft Corporation	c:\windows\system32\wlnotify.dll
+ termsrv	Common DLL to receive Winlogon notifications	Microsoft Corporation	c:\windows\system32\wlnotify.dll
+ wlballoon	Common DLL to receive Winlogon notifications	Microsoft Corporation	c:\windows\system32\wlnotify.dll
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon			
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon			
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit			
+ C:\WINDOWS\system32\userinit.exe,	Userinit Logon Application	Microsoft Corporation	c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls			
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell			
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell			
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell			
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell			
+ Explorer.exe	Windows Explorer	Microsoft Corporation	c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run			
+ AnyDVD	AnyDVD Application	(Not verified) SlySoft, Inc.	c:\program files\slysoft\anydvd\anydvd.exe
+ HotKeysCmds	hkcmd Module	Intel Corporation	c:\windows\system32\hkcmd.exe
+ IgfxTray	igfxTray Module	Intel Corporation	c:\windows\system32\igfxtray.exe
+ nod32kui			c:\program files\eset\nod32kui.exe
+ PCTVOICE	pctvoice MFC Application		c:\windows\system32\pctspk.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx			
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce			
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components			
+ Address Book 6	Outlook Express Setup Library	Microsoft Corporation	c:\program files\outlook express\setup50.exe
+ Browser Customizations	Microsoft Internet Explorer Customization DLL	Microsoft Corporation	c:\windows\system32\iedkcs32.dll
+ Internet Explorer	Windows NT User Data Migration Tool	Microsoft Corporation	c:\windows\system32\shmgrate.exe
+ Internet Explorer 6	IE 5.0 Per-User Install Utility	Microsoft Corporation	c:\windows\system32\ie4uinit.exe
+ Microsoft Outlook Express 6	Outlook Express Setup Library	Microsoft Corporation	c:\program files\outlook express\setup50.exe
+ Microsoft Windows Media Player	Microsoft Windows Media Player Setup Utility	Microsoft Corporation	c:\windows\inf\unregmp2.exe
+ Microsoft Windows Media Player	ADVPACK	Microsoft Corporation	c:\windows\system32\advpack.dll
+ NetMeeting 3.01	ADVPACK	Microsoft Corporation	c:\windows\system32\advpack.dll
+ Outlook Express	Windows NT User Data Migration Tool	Microsoft Corporation	c:\windows\system32\shmgrate.exe
+ Themes Setup	Microsoft(C) Register Server	Microsoft Corporation	c:\windows\system32\regsvr32.exe
+ Windows Desktop Update	Microsoft(C) Register Server	Microsoft Corporation	c:\windows\system32\regsvr32.exe
+ Windows Messenger 4.7	ADVPACK	Microsoft Corporation	c:\windows\system32\advpack.dll
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components			
C:\Documents and Settings\All Users\Start Menu\Programs\Startup			
+ NETGEAR WAG511 Smart Wizard.lnk	Netgear MFC Application	(Not verified) NETGEAR	c:\program files\netgear\wag511 configuration utility\wlancfg3.exe
C:\Documents and Settings\evilotne\Start Menu\Programs\Startup			
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load			
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run			
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run			
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler			
+ Browseui preloader	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Component Categories cache daemon	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad			
+ CDBurn	Windows Shell Common Dll	Microsoft Corporation	c:\windows\system32\shell32.dll
+ PostBootReminder	Windows Shell Common Dll	Microsoft Corporation	c:\windows\system32\shell32.dll
+ SysTray	Systray shell service object	Microsoft Corporation	c:\windows\system32\stobject.dll
+ WebCheck	Web Site Monitor	Microsoft Corporation	c:\windows\system32\webcheck.dll
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad			
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run			
HKCU\Software\Microsoft\Windows\CurrentVersion\Run			
+ AIM	AOL Instant Messenger	(Not verified) America Online, Inc.	c:\program files\aim\aim.exe
+ ctfmon.exe	CTF Loader	Microsoft Corporation	c:\windows\system32\ctfmon.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce			
Task Scheduler			
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects			
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks			
+ shell32.dll	Windows Shell Common Dll	Microsoft Corporation	c:\windows\system32\shell32.dll

eviltone · 2004/11/18

Code:

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved			
+ %DESC_PublishDropTarget%	Photo Printing Wizard	Microsoft Corporation	c:\windows\system32\photowiz.dll
+ &Address	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ .CAB file viewer	Cabinet File Viewer Shell Extension	Microsoft Corporation	c:\windows\system32\cabview.dll
+ Accessible	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ ActiveX Cache Folder	Object Control Viewer	Microsoft Corporation	c:\windows\system32\occache.dll
+ Address Bar Parser	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Address EditBox	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Administrative Tools	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ AlcoholShellEx	AXShlEx.dll	(Not verified) Alcohol Soft Development Team	c:\program files\alcohol soft\alcohol 120\axshlex.dll
+ Audio Media Properties Handler	Media File Property Extractor Shell Extension	Microsoft Corporation	c:\windows\system32\shmedia.dll
+ Augmented Shell Folder	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Augmented Shell Folder 2	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Auto Update Property Sheet Extension	Automatic Updates Control Panel	Microsoft Corporation	c:\windows\system32\wuaucpl.cpl
+ Avi Properties Handler	Media File Property Extractor Shell Extension	Microsoft Corporation	c:\windows\system32\shmedia.dll
+ BandProxy	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Briefcase	Windows Briefcase	Microsoft Corporation	c:\windows\system32\syncui.dll
+ CD Slideshow Powertoy	Windows XP PowerToys	(Not verified) Microsoft Corporation	c:\windows\system32\slideshow.dll
+ CDF Extension Copy Hook	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Channel File	Channel Definition File Viewer	Microsoft Corporation	c:\windows\system32\cdfview.dll
+ Channel Handler Object	Channel Definition File Viewer	Microsoft Corporation	c:\windows\system32\cdfview.dll
+ Channel Menu	Channel Definition File Viewer	Microsoft Corporation	c:\windows\system32\cdfview.dll
+ Channel Properties	Channel Definition File Viewer	Microsoft Corporation	c:\windows\system32\cdfview.dll
+ Channel Shortcut	Channel Definition File Viewer	Microsoft Corporation	c:\windows\system32\cdfview.dll
+ Code Download Agent	Web Site Monitor	Microsoft Corporation	c:\windows\system32\webcheck.dll
+ Compatibility Page	Compatibility Tab Shell Extension DLL	Microsoft Corporation	c:\windows\system32\slayerxp.dll
+ Compressed (zipped) Folder	Compressed (zipped) Folders	Microsoft Corporation	c:\windows\system32\zipfldr.dll
+ Compressed (zipped) Folder Right Drag Handler	Compressed (zipped) Folders	Microsoft Corporation	c:\windows\system32\zipfldr.dll
+ Compressed (zipped) Folder SendTo Target	Compressed (zipped) Folders	Microsoft Corporation	c:\windows\system32\zipfldr.dll
+ ConnectionAgent	Web Site Monitor	Microsoft Corporation	c:\windows\system32\webcheck.dll
+ Crypto PKO Extension	Crypto Shell Extensions	Microsoft Corporation	c:\windows\system32\cryptext.dll
+ Crypto Sign Extension	Crypto Shell Extensions	Microsoft Corporation	c:\windows\system32\cryptext.dll
+ Custom MRU AutoCompleted List	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Darwin App Publisher	Shell Application Manager	Microsoft Corporation	c:\windows\system32\appwiz.cpl
+ DfsShell	Distributed File System shell extension	Microsoft Corporation	c:\windows\system32\dfsshlex.dll
+ Directory Context Menu Verbs	Directory Service Common UI	Microsoft Corporation	c:\windows\system32\dsuiext.dll
+ Directory Object Find	Directory Service Find	Microsoft Corporation	c:\windows\system32\dsquery.dll
+ Directory Property UI	Directory Service Common UI	Microsoft Corporation	c:\windows\system32\dsuiext.dll
+ Directory Query UI	Directory Service Find	Microsoft Corporation	c:\windows\system32\dsquery.dll
+ Directory Start/Search Find	Directory Service Find	Microsoft Corporation	c:\windows\system32\dsquery.dll
+ Disk Copy Extension	Windows DiskCopy	Microsoft Corporation	c:\windows\system32\diskcopy.dll
+ Disk Quota UI	Windows Shell Disk Quota UI DLL	Microsoft Corporation	c:\windows\system32\dskquoui.dll
+ Display Adapter CPL Extension	Advanced display adapter properties	Microsoft Corporation	c:\windows\system32\deskadp.dll
+ Display Monitor CPL Extension	Advanced display monitor properties	Microsoft Corporation	c:\windows\system32\deskmon.dll
+ Display Panning CPL Extension			File not found: deskpan.dll
+ Display TroubleShoot CPL Extension	Advanced display performance properties	Microsoft Corporation	c:\windows\system32\deskperf.dll
+ Download Status	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ DS Security Page	Directory Service Security UI	Microsoft Corporation	c:\windows\system32\dssec.dll
+ E-mail	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Explorer Band	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Favorites Band	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Fonts	Windows Font Folder	Microsoft Corporation	c:\windows\system32\fontext.dll
+ Fonts	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ For &People...	Find People	Microsoft Corporation	c:\program files\outlook express\wabfind.dll
+ FTP Folders Webview	Microsoft Internet Explorer FTP Folder Shell Extension	Microsoft Corporation	c:\windows\system32\msieftp.dll
+ Fusion Cache	Microsoft .NET Runtime Execution Engine	(Not verified) Microsoft Corporation	c:\windows\system32\mscoree.dll
+ GDI+ file thumbnail extractor	Windows Picture and Fax Viewer	Microsoft Corporation	c:\windows\system32\shimgvw.dll
+ Get a Passport Wizard	Map Network Drives/Network Places Wizard	Microsoft Corporation	c:\windows\system32\netplwiz.dll
+ Global Folder Settings	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Help and Support	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Help and Support	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ History	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ HTML Thumbnail Extractor	Windows Picture and Fax Viewer	Microsoft Corporation	c:\windows\system32\shimgvw.dll
+ HyperTerminal Icon Ext	HyperTerminal Applet Library	Hilgraeve, Inc.	c:\windows\system32\hticons.dll
+ ICC Profile	Microsoft Color Matching System User Interface DLL	Microsoft Corporation	c:\windows\system32\icmui.dll
+ ICM Monitor Management	Microsoft Color Matching System User Interface DLL	Microsoft Corporation	c:\windows\system32\icmui.dll
+ ICM Printer Management	Microsoft Color Matching System User Interface DLL	Microsoft Corporation	c:\windows\system32\icmui.dll
+ ICM Scanner Management	Microsoft Color Matching System User Interface DLL	Microsoft Corporation	c:\windows\system32\icmui.dll
+ IE4 Suite Splash Screen	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ In-pane search	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Installed Apps Enumerator	Shell Application Manager	Microsoft Corporation	c:\windows\system32\appwiz.cpl
+ Internet	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Internet Name Space	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ InternetShortcut	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ ISFBand OC	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Media Band	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Microsoft Agent Character Property Sheet Handler	Microsoft Agent Property Sheet Handler	Microsoft Corporation	c:\windows\msagent\agentpsh.dll
+ Microsoft AutoComplete	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Microsoft Browser Architecture	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Microsoft BrowserBand	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Microsoft Data Link	Microsoft Data Access - OLE DB Core Services	Microsoft Corporation	c:\program files\common files\system\ole db\oledb32.dll
+ Microsoft DocProp Inplace Calendar Control	Microsoft DocProp Shell Ext	Microsoft Corporation	c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Droplist Combo Control	Microsoft DocProp Shell Ext	Microsoft Corporation	c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Edit Box Control	Microsoft DocProp Shell Ext	Microsoft Corporation	c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace ML Edit Box Control	Microsoft DocProp Shell Ext	Microsoft Corporation	c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Time Control	Microsoft DocProp Shell Ext	Microsoft Corporation	c:\windows\system32\docprop2.dll
+ Microsoft DocProp Shell Ext	Microsoft DocProp Shell Ext	Microsoft Corporation	c:\windows\system32\docprop2.dll
+ Microsoft History AutoComplete List	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Microsoft Internet Toolbar	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Microsoft Multiple AutoComplete List Container	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Microsoft Office HTML Icon Handler	Microsoft Office 2003 component	Microsoft Corporation	c:\program files\microsoft office\office11\msohev.dll
+ Microsoft Office Outlook Custom Icon Handler	Outlook Shell Hook for Start/Find	Microsoft Corporation	c:\program files\microsoft office\office11\olkfstub.dll
+ Microsoft Office Outlook Desktop Icon Handler	Microsoft Shell Extension Library	Microsoft Corporation	c:\program files\microsoft office\office11\mlshext.dll
+ Microsoft Shell Folder AutoComplete List	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Microsoft Url History Service	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Microsoft Url Search Hook	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Midi Properties Handler	Media File Property Extractor Shell Extension	Microsoft Corporation	c:\windows\system32\shmedia.dll
+ MMC Icon Handler	MMC Shell Extension DLL	Microsoft Corporation	c:\windows\system32\mmcshext.dll
+ MRU AutoComplete List	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Multimedia File Property Sheet	Control Panel Drivers Applet	Microsoft Corporation	c:\windows\system32\mmsys.cpl
+ MyDocs Copy Hook	My Documents Folder UI	Microsoft Corporation	c:\windows\system32\mydocs.dll
+ MyDocs Drop Target	My Documents Folder UI	Microsoft Corporation	c:\windows\system32\mydocs.dll
+ MyDocs Properties	My Documents Folder UI	Microsoft Corporation	c:\windows\system32\mydocs.dll
+ Network Connections	Network Connections Shell	Microsoft Corporation	c:\windows\system32\netshell.dll
+ Network Connections	Network Connections Shell	Microsoft Corporation	c:\windows\system32\netshell.dll
+ NOD32 Context Menu Shell Extension			c:\program files\eset\nodshex.dll
+ NTFS Security Page	Security Shell Extension	Microsoft Corporation	c:\windows\system32\rshx32.dll
+ Offline Files Folder	Client Side Caching UI	Microsoft Corporation	c:\windows\system32\cscui.dll
+ Offline Files Folder Options	Client Side Caching UI	Microsoft Corporation	c:\windows\system32\cscui.dll
+ Offline Files Menu	Client Side Caching UI	Microsoft Corporation	c:\windows\system32\cscui.dll
+ OLE Docfile Property Page	OLE DocFile Property Page	Microsoft Corporation	c:\windows\system32\docprop.dll
+ PhotoToys	Windows XP PowerToys	(Not verified) Microsoft Corporation	c:\windows\system32\phototoys.dll
+ PlusPack CPL Extension	Windows Theme API	Microsoft Corporation	c:\windows\system32\themeui.dll
+ PostAgent	Web Site Monitor	Microsoft Corporation	c:\windows\system32\webcheck.dll
+ Print Ordering via the Web	Map Network Drives/Network Places Wizard	Microsoft Corporation	c:\windows\system32\netplwiz.dll
+ Printers Security Page	Security Shell Extension	Microsoft Corporation	c:\windows\system32\rshx32.dll
+ Registry Tree Options Utility	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Remote Sessions CPL Extension	Remote Sessions CPL Extension	Microsoft Corporation	c:\windows\system32\remotepg.dll
+ Run...	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Scanners & Cameras	Imaging Devices Shell Folder UI	Microsoft Corporation	c:\windows\system32\wiashext.dll
+ Scanners & Cameras	Imaging Devices Shell Folder UI	Microsoft Corporation	c:\windows\system32\wiashext.dll
+ Scanners & Cameras	Imaging Devices Shell Folder UI	Microsoft Corporation	c:\windows\system32\wiashext.dll
+ Scanners & Cameras	Imaging Devices Shell Folder UI	Microsoft Corporation	c:\windows\system32\wiashext.dll
+ Scanners & Cameras	Imaging Devices Shell Folder UI	Microsoft Corporation	c:\windows\system32\wiashext.dll
+ Scheduled Tasks	Task Scheduler interface DLL	Microsoft Corporation	c:\windows\system32\mstask.dll
+ Search	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Search Assistant OC	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Search Band	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Sendmail service	Send Mail	Microsoft Corporation	c:\windows\system32\sendmail.dll
+ Sendmail service	Send Mail	Microsoft Corporation	c:\windows\system32\sendmail.dll
+ Shell Application Manager	Shell Application Manager	Microsoft Corporation	c:\windows\system32\appwiz.cpl
+ Shell Automation Inproc Service	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Shell Band Site Menu	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Shell DeskBar	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Shell DeskBarApp	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Shell DocObject Viewer	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Shell extensions for Microsoft Windows Network objects	Network object shell UI	Microsoft Corporation	c:\windows\system32\ntlanui2.dll
+ Shell Extensions for RealOne Player	RealPlayer Shell Extensions	(Not verified) RealNetworks, Inc.	c:\program files\k-lite codec pack\real\rpshell.dll
+ Shell extensions for sharing	Shell extensions for sharing	Microsoft Corporation	c:\windows\system32\ntshrui.dll
+ Shell extensions for sharing	Shell extensions for sharing	Microsoft Corporation	c:\windows\system32\ntshrui.dll
+ Shell extensions for Windows Script Host	Microsoft (r) Shell Extension for Windows Script Host	Microsoft Corporation	c:\windows\system32\wshext.dll
+ Shell Image Data Factory	Windows Picture and Fax Viewer	Microsoft Corporation	c:\windows\system32\shimgvw.dll
+ Shell Image Property Handler	Windows Picture and Fax Viewer	Microsoft Corporation	c:\windows\system32\shimgvw.dll
+ Shell Image Verbs	Windows Picture and Fax Viewer	Microsoft Corporation	c:\windows\system32\shimgvw.dll
+ Shell properties for a DS object	Directory Service Find	Microsoft Corporation	c:\windows\system32\dsquery.dll
+ Shell Publishing Wizard Object	Map Network Drives/Network Places Wizard	Microsoft Corporation	c:\windows\system32\netplwiz.dll
+ Shell Rebar BandSite	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Shell Scrap DataHandler	Shell scrap object handler	Microsoft Corporation	c:\windows\system32\shscrap.dll
+ Subscription Folder	Web Site Monitor	Microsoft Corporation	c:\windows\system32\webcheck.dll
+ Subscription Mgr	Web Site Monitor	Microsoft Corporation	c:\windows\system32\webcheck.dll
+ Summary Info Thumbnail handler (DOCFILES)	Windows Picture and Fax Viewer	Microsoft Corporation	c:\windows\system32\shimgvw.dll
+ Taskbar and Start Menu	Windows Shell Common Dll	Microsoft Corporation	c:\windows\system32\shell32.dll
+ Tasks Folder Icon Handler	Task Scheduler interface DLL	Microsoft Corporation	c:\windows\system32\mstask.dll
+ Tasks Folder Shell Extension	Task Scheduler interface DLL	Microsoft Corporation	c:\windows\system32\mstask.dll
+ Temporary Internet Files	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Temporary Internet Files	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ The Internet	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Track Popup Bar	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ TrayAgent	Web Site Monitor	Microsoft Corporation	c:\windows\system32\webcheck.dll
+ TridentImageExtractor	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ User Accounts	Map Network Drives/Network Places Wizard	Microsoft Corporation	c:\windows\system32\netplwiz.dll
+ User Assist	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Video Media Properties Handler	Media File Property Extractor Shell Extension	Microsoft Corporation	c:\windows\system32\shmedia.dll
+ Video Thumbnail Extractor	Media File Property Extractor Shell Extension	Microsoft Corporation	c:\windows\system32\shmedia.dll
+ Wav Properties Handler	Media File Property Extractor Shell Extension	Microsoft Corporation	c:\windows\system32\shmedia.dll
+ Web Folders	Microsoft Web Folders	Microsoft Corporation	c:\program files\common files\microsoft shared\web folders\msonsext.dll
+ Web Printer Shell Extension	Print UI DLL	Microsoft Corporation	c:\windows\system32\printui.dll
+ Web Publishing Wizard	Map Network Drives/Network Places Wizard	Microsoft Corporation	c:\windows\system32\netplwiz.dll
+ Web Search	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ WebCheck	Web Site Monitor	Microsoft Corporation	c:\windows\system32\webcheck.dll
+ WebCheck SyncMgr Handler	Web Site Monitor	Microsoft Corporation	c:\windows\system32\webcheck.dll
+ WebCheckChannelAgent	Web Site Monitor	Microsoft Corporation	c:\windows\system32\webcheck.dll
+ WebCheckWebCrawler	Web Site Monitor	Microsoft Corporation	c:\windows\system32\webcheck.dll
+ Windows Media Player Add to Playlist Context Menu Handler	Windows Media Player Launcher	Microsoft Corporation	c:\windows\system32\wmpshell.dll
+ Windows Media Player Burn Audio CD Context Menu Handler	Windows Media Player Launcher	Microsoft Corporation	c:\windows\system32\wmpshell.dll
+ Windows Media Player Play as Playlist Context Menu Handler	Windows Media Player Launcher	Microsoft Corporation	c:\windows\system32\wmpshell.dll
+ WinRAR shell extension			c:\program files\winrar\rarext.dll
+ {506F4668-F13E-4AA1-BB04-B43203AB3CC0}	Visio Shell Extension DLL	Microsoft Corporation	c:\program files\microsoft office\visio11\visshe.dll
+ {D66DC78C-4F61-447F-942B-3FB6980118CF}	Visio Shell Extension DLL	Microsoft Corporation	c:\program files\microsoft office\visio11\visshe.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar

done

noahdfear · 2004/11/18

Well, I was expecting alot more from that key. Would you do a search of the registry for some of these filenames and export what you find to a text file, then post it for us, please? (The uppermost key where they are/may be found)

dllhostxp.exe
pxhping.exe
clfmon.exe
extrac16.exe
service.exe

eviltone · 2004/11/18

noahdfear said:

Well, I was expecting alot more from that key. Would you do a search of the registry for some of these filenames and export what you find to a text file, then post it for us, please? (The uppermost key where they are/may be found)

dllhostxp.exe
pxhping.exe
clfmon.exe
extrac16.exe
service.exe
Click to expand...

i cannot seem to search the registry. how do i do it command line like? the regedit and registrar lite applications crash....

-TOne

noahdfear · 2004/11/18

I don't know if it can be done from a command line. Good question though. I may have to play a little if someone doesn't post it first. Try RegSeeker.

Log in or Sign up

Stupid trusted Zone Problem. STILL pxhping.exe

eviltone Inactive Thread Starter

eviltone Inactive Thread Starter

eviltone Inactive Thread Starter

eviltone Inactive Thread Starter

eviltone Inactive Thread Starter

eviltone Inactive Thread Starter

noahdfear Inactive

eviltone Inactive Thread Starter

noahdfear Inactive

eviltone Inactive Thread Starter

eviltone Inactive Thread Starter

eviltone Inactive Thread Starter

TonyT SuperGeek Staff

noahdfear Inactive

eviltone Inactive Thread Starter

eviltone Inactive Thread Starter

eviltone Inactive Thread Starter

noahdfear Inactive

eviltone Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Stupid trusted Zone Problem. STILL pxhping.exe

eviltone Inactive Thread Starter

eviltone Inactive Thread Starter

eviltone Inactive Thread Starter

eviltone Inactive Thread Starter

eviltone Inactive Thread Starter

eviltone Inactive Thread Starter

noahdfear Inactive

eviltone Inactive Thread Starter

noahdfear Inactive

eviltone Inactive Thread Starter

eviltone Inactive Thread Starter

eviltone Inactive Thread Starter

TonyT SuperGeek Staff

noahdfear Inactive

eviltone Inactive Thread Starter

eviltone Inactive Thread Starter

eviltone Inactive Thread Starter

noahdfear Inactive

eviltone Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches