Link to home
Start Free TrialLog in
Avatar of rscsei
rscsei

asked on

winlogon.exe Application Error

When I start my Windows XP SP3, it pops up an error message at the Welcom page: winlogon.exe-Application Error  The exception unknown software exception (0xc0000409) occurred in the application at location 0x1012fee8.  I also see the problem occurred at location 0x1013??f1. If I click either the OK button or CANCEL button, the system will restarted, and the error message will pop up again. I found I can do all the computing if I leave the error message untouched. But considering it can be a problem potentially harm my computer in the future, plus this message is so annoying, I'm here to seek help. Please note, I only set 1 account at Windows logon account, and that account is an administrater account with no password, it logs on automatically when Windows start.
Avatar of orangutang
orangutang
Avatar of rscsei
rscsei

ASKER


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:45:25, on 2009-2-7
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\StormII\stormliv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\JWPEN.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Panasonic\SD-JukeboxV3\sdjbmgr.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\sdpasvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\HWHOTKEY.exe
C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\HWTabTray.exe
C:\WINDOWS\system32\HWKeyPlus.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\360Safebox\safeboxTray.exe
C:\Program Files\sohutv_web\SysTrayIcon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Superpen_Soft_Pro\hwshell.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Kingsoft\PowerWord Lite\XDict.exe
C:\Program Files\Omega One\1-Calc\1Calc.exe
C:\HWSOFT\TMOUSE\HWPEN10U.EXE
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\HWSOFT\TMOUSE\HWLoad.EXE
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\HWSOFT\TMOUSE\WWServer.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\chkdsk.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
 
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live {U.© - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CBIEBuddy - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: >: Norton åw - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: ~¦åw - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll (file missing)
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [UUSEE] "C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe"
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Runserver] C:\WINDOWS\HWHOTKEY.exe
O4 - HKLM\..\Run: [RegNetPass] C:\WINDOWS\system32\regcsp.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\StormII\Codec\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Hanvon Tablet Tray Service] C:\WINDOWS\system32\HWTabTray.exe
O4 - HKLM\..\Run: [Hanvon Key Pus] C:\WINDOWS\system32\HWKeyPlus.exe
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [360Safebox] "C:\Program Files\360Safebox\safeboxTray.exe" /r
O4 - HKLM\..\Run: [Ð5Æ:QuH] C:\Program Files\sohutv_web\SysTrayIcon.exe "C:\Program Files\sohutv_web" "683ae79bab452e0534bc66723d728881" "1.0.0.10" ""
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: 1-Calc.lnk = C:\Program Files\Omega One\1-Calc\1Calc.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: HANWANG Shell.lnk = ?SystemDrive%\Superpen_Soft_Pro\hwshell.exe
O4 - Global Startup: T&Mouse.lnk = ?SystemDrive%\HWSOFT\TMOUSE\hwpen10.exe
O4 - Global Startup: 7LÑqÍ8\H.lnk = C:\Program Files\Kingsoft\PowerWord Lite\XDict.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Set As Messenger Live Display Picture - C:\Program Files\MSNShell\Bin\SetMSNDP.htm
O8 - Extra context menu item: (UUSee} - C:\Program Files\uusee\geturltodown.htm
O8 - Extra context menu item: (UUSee ­> - C:\Program Files\uusee\geturltoplay.htm
O8 - Extra context menu item: (Å÷} - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: (Å÷}hèþ¥ - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O9 - Extra button: /¨Å÷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: /¨Å÷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: ™eå× - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer -„™eå×(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: úû¨6Ï... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ˆëÆ‘" - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel (file missing)
O9 - Extra 'Tools' menuitem: ˆëÆ‘" - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel (file missing)
O9 - Extra button: /¨UUSee QÜ5Æ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe
O9 - Extra 'Tools' menuitem: /¨UUSee QÜ5Æ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe
O9 - Extra button: ÑqÍ8OÈh - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll
O9 - Extra 'Tools' menuitem: ÑqÍ8OÈh - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/new_MMCShell.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.bctransit.com/activex/ScriptX.cab
O16 - DPF: {1D90741B-F236-4D21-94F6-F70631BF3CA3} (GemOCX Control) - https://b2c.icbc.com.cn/icbc/GemOCX.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DA2AAF4-4289-4D6E-B9C0-D8360229607B} (IPAQSelfHelp Class) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/ISPEIPAQTool.CAB
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) - https://img.alipay.com/download/2121/aliedit.cab
O16 - DPF: {5CB840B5-A94E-4AD9-B785-4866E3B04476} (InfoSecNetSign Class) - https://b2c.icbc.com.cn/icbc/ICBCNetSignG.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ê¨ LiveUpdate ¦ (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour 
¡ (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - ¬´ÎQEÑ€	Plø - C:\Program Files\StormII\stormliv.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HWSuperPowerTablet - HanWang - C:\WINDOWS\system32\JWPEN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod 
¡ (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SDJB Manager - ~ûh#m*> - C:\Program Files\Panasonic\SD-JukeboxV3\sdjbmgr.exe
O23 - Service: SDPAUMS server service (SDPASVC) -  Matsushita Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\sdpasvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
 
--
End of file - 18506 bytes

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of johnb6767
johnb6767
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of johnb6767
johnb6767
Flag of United States of America image
Actually Safe Mode, Command  Prompt Only I meant....

But either will work for this command if you get in.......
Avatar of orangutang
orangutang
You have a lot of weird characters in your HijackThis log. Do you know what that is johnb6767?
Avatar of orangutang
orangutang
Also, try scanning with Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam.php)
Avatar of johnb6767
johnb6767
Flag of United States of America image
Are you familiar with these 5 server processes?
C:\WINDOWS\system32\JWPEN.exe
C:\WINDOWS\system32\sdpasvc.exe
C:\HWSOFT\TMOUSE\HWLoad.EXE
C:\HWSOFT\TMOUSE\WWServer.EXE
C:\HWSOFT\TMOUSE\HWPEN10U.EXE

Also, this is an unknown file?
C:\Superpen_Soft_Pro\hwshell.exe

I would like to see what the full command line is of the following....
C:\WINDOWS\system32\RunDLL32.exe

Process Explorer for Windows v10.21
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx

Double Click rundll32.exe, and select the Image Tab, and paste the Command line here......

And I honestly dont think you would be running a chkdsk right now....
C:\WINDOWS\system32\chkdsk.exe

Find that file, and right click it, and select properties, make sure the Details tab show from MS....
Avatar of johnb6767
johnb6767
Flag of United States of America image
Sheesh this is taking forever.....    :^)

These are safe to delete....
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: ˆëÆ‘" - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel (file missing)
O9 - Extra 'Tools' menuitem: ˆëÆ‘" - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel (file missing)

These are questionable, unless you know the vendor of the software......
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: CBIEBuddy - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513 (creative Webcam, safe if you have one....)
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: HANWANG Shell.lnk = ?SystemDrive%\Superpen_Soft_Pro\hwshell.exe
O4 - Global Startup: T&Mouse.lnk = ?SystemDrive%\HWSOFT\TMOUSE\hwpen10.exe
O8 - Extra context menu item: (Å÷ } - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: (Å÷ }hèþ¥ - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O9 - Extra button: /¨Å÷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: /¨Å÷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe

Looks to possibly be viral.....
O4 - HKLM\..\Run: [Ð5Æ:QuH] C:\Program Files\sohutv_web\SysTrayIcon.exe "C:\Program Files\sohutv_web" "683ae79bab452e0534bc66723d728881" "1.0.0.10" ""


Avatar of johnb6767
johnb6767
Flag of United States of America image
The viral one up top.... upload it here for a virii scan....

Jotti's malware scan 2.99
http://virusscan.jotti.org/

Bet its viral....

Heres the readers digest version oif what I see....

You have a lot of apps I have never heard of before, so take caution in disabling things I have suggested....

Thunder Networks
USee
Storm Media Center

If these are legit, and you are aware of them, dont need to disbale them, unless you dont need thier startup itmes running.....

Also, the server processes. If they are servers for your legit Media appsm, then I wouldnt worry too much. If you dont know what they are, then they might be a contributing factor as well... You might have a zombie on a botnet, acting as a server to a malicious network.....

Other than that, I think you definately have some viral activity going on, to provide some of the behaviour you are seeing.....

Lets start by cleaning this up a bit, and rescan..... Attach the log file here if you dont mind on the next o0ne.....Easier to read.....
Avatar of rscsei
rscsei

ASKER

Hi, john6767:
Thanks for your help. I made the reg query in Safe Mode, but when I restart the system, the error message appeared again, but the location was changed to 0x101??3f1   I run the command again in normal mode then restart system, this time, the old error message come back again.

For the 5 server process, they are from my software, from graphic tablet driver, and Chinese input tablet software.

Yes, when I do the Hijack This scan, I'm doing the chkdsk in DOS, that's one solution I found from by google it.

C:\Superpen_Soft_Pro\hwshell.exe
This is from my Chinese input tablet,a hand writing recognition mouse.

For the rundll32.exe, the command line is follows:
"C:\WINDOWS\system32\RunDLL32.exe" P0620Pin.dll,RunDLL32EP 513

Waiting for your reply!
Avatar of orangutang
orangutang
Oh, that's why there's weird characters in your log.
Avatar of rscsei
rscsei

ASKER

hehe
Avatar of orangutang
orangutang
I should have been able to figure that out. Also, send your Autoruns (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx) log.
Avatar of rscsei
rscsei

ASKER


HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms			
+ rdpclip	RDP Clip Monitor	Microsoft Corporation	c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit			
+ C:\WINDOWS\SYSTEM32\userinit.exe	Userinit Logon Application	Microsoft Corporation	c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell			
+ Explorer.exe	Windows Explorer	Microsoft Corporation	c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run			
+ 360Safebox	360Ýi±	360‰h-Ã	c:\program files\360safebox\safeboxtray.exe
+ Adobe Reader Speed Launcher	Adobe Acrobat SpeedLauncher	Adobe Systems Incorporated	c:\program files\adobe\reader 8.0\reader\reader_sl.exe
+ Alcmtr	Realtek Azalia Audio - Event Monitor	Realtek Semiconductor Corp.	c:\windows\alcmtr.exe
+ AlcWzrd	RealTek AlcWzrd Application	RealTek Semicoductor Corp.	c:\windows\alcwzrd.exe
+ AppleSyncNotifier	AppleSyncNotifier	Apple Inc.	c:\program files\common files\apple\mobile device support\bin\applesyncnotifier.exe
+ BrMfcWnd	Brother Status Monitor MFC Application	Brother Industries, Ltd.	c:\program files\brother\brmfcmon\brmfcwnd.exe
+ ccApp	Symantec User Session	Symantec Corporation	c:\program files\common files\symantec shared\ccapp.exe
+ ControlCenter3	ControlCenter Program	Brother Industries, Ltd.	c:\program files\brother\controlcenter3\brctrcen.exe
+ gemstrmw	GSCardStart	Gemplus	c:\windows\system32\gemstrmw.exe
+ Google IME Autoupdater	Google Pinyin Network Daemon	Google Inc.	c:\program files\google\google pinyin\googlepinyindaemon.exe
+ Hanvon Key Pus			c:\windows\system32\hwkeyplus.exe
+ Hanvon Tablet Tray Service	HWTabTray Microsoft ú@{”(		c:\windows\system32\hwtabtray.exe
+ HotKeysCmds	hkcmd Module	Intel Corporation	c:\windows\system32\hkcmd.exe
+ hpsysdrv	hpsysdrv	Hewlett-Packard Company	c:\windows\system\hpsysdrv.exe
+ IgfxTray	igfxTray Module	Intel Corporation	c:\windows\system32\igfxtray.exe
+ IndexSearch	PaperPort IndexSearch	Nuance Communications, Inc.	c:\program files\scansoft\paperport\indexsearch.exe
+ IntelliPoint	IPoint.exe	Microsoft Corporation	c:\program files\microsoft intellipoint\ipoint.exe
+ ISTray	PC Tools Tray Application	PC Tools	c:\program files\spyware doctor\pctstray.exe
+ iTunesHelper	iTunesHelper Module	Apple Inc.	c:\program files\itunes\ituneshelper.exe
+ itype	IType.exe	Microsoft Corporation	c:\program files\microsoft intellitype pro\itype.exe
+ NeroFilterCheck	NeroCheck	Nero AG	c:\program files\common files\ahead\lib\nerocheck.exe
+ osCheck	Norton 360 Vista Migration Tool	Symantec Corporation	c:\program files\norton 360\oscheck.exe
+ PaperPort PTD	PaperPort Print to Desktop for NT	Nuance Communications, Inc.	c:\program files\scansoft\paperport\pptd40nt.exe
+ PD0620 STISvc	Installation Plug-In	Creative Technology Ltd.	c:\windows\system32\p0620pin.dll
+ Persistence	persistence Module	Intel Corporation	c:\windows\system32\igfxpers.exe
+ PPort11reminder	SSEreg MFC Application	Nuance Communications, Inc.	c:\program files\scansoft\paperport\ereg\ereg.exe
+ QuickTime Task	QuickTime Task	Apple Inc.	c:\program files\stormii\codec\qttask.exe
+ Recguard	Recguard Application		c:\windows\sminst\recguard.exe
+ RegNetPass			c:\windows\system32\regcsp.exe
+ Runserver			c:\windows\hwhotkey.exe
+ SoundMan	Realtek Sound Manager	Realtek Semiconductor Corp.	c:\windows\soundman.exe
+ SSBkgdUpdate	SSBkgdUpdate	Nuance Communications, Inc.	c:\program files\common files\scansoft shared\ssbkgdupdate\ssbkgdupdate.exe
+ SunJavaUpdateSched	Java(TM) Platform SE binary	Sun Microsystems, Inc.	c:\program files\java\jre6\bin\jusched.exe
+ Thunder		Thunder Networking Technologies,LTD	c:\program files\thunder network\thunder\thunder.exe
+ UUSEE	MediaCenter		c:\program files\common files\uusee\uuseemediacenter.exe
+ Ð5Æ:QuH	Ð5Æ:QuH	Sohu.com Inc.	c:\program files\sohutv_web\systrayicon.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup			
+ APC UPS Status.lnk	Startup notification module	American Power Conversion Corporation	c:\program files\apc\apc powerchute personal edition\display.exe
+ HANWANG Shell.lnk			c:\superpen_soft_pro\hwshell.exe
+ T&Mouse.lnk			c:\hwsoft\tmouse\hwpen10.exe
+ 7LÑqÍ8\H.lnk	Kingsoft PowerWord Lite	Kingsoft Corporation	c:\program files\kingsoft\powerword lite\xdict.exe
C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup			
+ 1-Calc.lnk	Omega One 1-Calc	Implicit Software Solutions www.implicitsoftware.com	c:\program files\omega one\1-calc\1calc.exe
+ Yahoo! Widgets.lnk	Yahoo! Widgets	Yahoo! Inc.	c:\program files\yahoo!\widgets\yahoowidgets.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run			
+ BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}	Nero Home	Nero AG	c:\program files\common files\ahead\lib\nmbgmonitor.exe
+ ctfmon.exe	CTF Loader	Microsoft Corporation	c:\windows\system32\ctfmon.exe
+ H/PC Connection Agent	ActiveSync Connection Manager	Microsoft Corporation	c:\program files\microsoft activesync\wcescomm.exe
+ MsnMsgr	Windows Live Messenger	Microsoft Corporation	c:\program files\windows live\messenger\msnmsgr.exe
+ swg	GoogleToolbarNotifier	Google Inc.	c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
HKLM\SOFTWARE\Classes\Protocols\Filter			
+ application/octet-stream	Microsoft .NET Runtime Execution Engine	Microsoft Corporation	c:\windows\system32\mscoree.dll
+ application/x-complus	Microsoft .NET Runtime Execution Engine	Microsoft Corporation	c:\windows\system32\mscoree.dll
+ application/x-msdownload	Microsoft .NET Runtime Execution Engine	Microsoft Corporation	c:\windows\system32\mscoree.dll
+ Class Install Handler	OLE32 Extensions for Win32	Microsoft Corporation	c:\windows\system32\urlmon.dll
+ deflate	OLE32 Extensions for Win32	Microsoft Corporation	c:\windows\system32\urlmon.dll
+ gzip	OLE32 Extensions for Win32	Microsoft Corporation	c:\windows\system32\urlmon.dll
+ lzdhtml	OLE32 Extensions for Win32	Microsoft Corporation	c:\windows\system32\urlmon.dll
+ text/webviewhtml	Windows Shell Common Dll	Microsoft Corporation	c:\windows\system32\shell32.dll
+ text/xml	Microsoft Office XML MIME Filter	Microsoft Corporation	c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
HKLM\SOFTWARE\Classes\Protocols\Handler			
+ about	Microsoft (R) HTML Viewer	Microsoft Corporation	c:\windows\system32\mshtml.dll
+ cdl	OLE32 Extensions for Win32	Microsoft Corporation	c:\windows\system32\urlmon.dll
+ dvd	ActiveX control for streaming video	Microsoft Corporation	c:\windows\system32\msvidctl.dll
+ file	OLE32 Extensions for Win32	Microsoft Corporation	c:\windows\system32\urlmon.dll
+ ftp	OLE32 Extensions for Win32	Microsoft Corporation	c:\windows\system32\urlmon.dll
+ gopher	OLE32 Extensions for Win32	Microsoft Corporation	c:\windows\system32\urlmon.dll
+ http	OLE32 Extensions for Win32	Microsoft Corporation	c:\windows\system32\urlmon.dll
+ https	OLE32 Extensions for Win32	Microsoft Corporation	c:\windows\system32\urlmon.dll
+ its	Microsoft? InfoTech Storage System Library	Microsoft Corporation	c:\windows\system32\itss.dll
+ javascript	Microsoft (R) HTML Viewer	Microsoft Corporation	c:\windows\system32\mshtml.dll
+ lid	ActiveX control for streaming video	Microsoft Corporation	c:\windows\system32\msvidctl.dll
+ livecall	Windows Live Messenger Protocol Handler	Microsoft Corporation	c:\program files\windows live\messenger\msgrapp.8.5.1302.1018.dll
+ local	OLE32 Extensions for Win32	Microsoft Corporation	c:\windows\system32\urlmon.dll
+ mailto	Microsoft (R) HTML Viewer	Microsoft Corporation	c:\windows\system32\mshtml.dll
+ mhtml	Microsoft Internet Messaging API	Microsoft Corporation	c:\windows\system32\inetcomm.dll
+ mk	OLE32 Extensions for Win32	Microsoft Corporation	c:\windows\system32\urlmon.dll
+ ms-its	Microsoft? InfoTech Storage System Library	Microsoft Corporation	c:\windows\system32\itss.dll
+ ms-itss	Microsoft? InfoTech Storage System Library	Microsoft Corporation	c:\program files\common files\microsoft shared\information retrieval\msitss.dll
+ msnim	Windows Live Messenger Protocol Handler	Microsoft Corporation	c:\program files\windows live\messenger\msgrapp.8.5.1302.1018.dll
+ mso-offdap11	Microsoft Office Web Components 2003	Microsoft Corporation	c:\program files\common files\microsoft shared\web components\11\owc11.dll
+ res	Microsoft (R) HTML Viewer	Microsoft Corporation	c:\windows\system32\mshtml.dll
+ sysimage	Microsoft (R) HTML Viewer	Microsoft Corporation	c:\windows\system32\mshtml.dll
+ tv	ActiveX control for streaming video	Microsoft Corporation	c:\windows\system32\msvidctl.dll
+ vbscript	Microsoft (R) HTML Viewer	Microsoft Corporation	c:\windows\system32\mshtml.dll
+ wia	WIA Scripting Layer	Microsoft Corporation	c:\windows\system32\wiascr.dll
+ wlmailhtml	Microsoft Internet Messaging API Resources	Microsoft Corporation	c:\program files\windows live\mail\mailcomm.dll
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components			
+ 0			File not found: About:Home
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components			
+ Address Book 6	Outlook Express Setup Library	Microsoft Corporation	c:\program files\outlook express\setup50.exe
+ Browser Customizations	IEAK branding	Microsoft Corporation	c:\windows\system32\iedkcs32.dll
+ Fax	ADVPACK	Microsoft Corporation	c:\windows\system32\advpack.dll
+ IE7 Uninstall Stub	IE Per User Active Setup Uninstall Utility	Microsoft Corporation	c:\windows\system32\ieudinit.exe
+ Internet Explorer	Windows NT User Data Migration Tool	Microsoft Corporation	c:\windows\system32\shmgrate.exe
+ Internet Explorer	IE Per-User Initialization Utility	Microsoft Corporation	c:\windows\system32\ie4uinit.exe
+ Microsoft Outlook Express 6	Outlook Express Setup Library	Microsoft Corporation	c:\program files\outlook express\setup50.exe
+ Microsoft Windows Media Player	Microsoft Windows Media Player Setup Utility	Microsoft Corporation	c:\windows\inf\unregmp2.exe
+ Microsoft Windows Media Player	ADVPACK	Microsoft Corporation	c:\windows\system32\advpack.dll
+ n/a	Microsoft .NET IE SECURITY REGISTRATION	Microsoft Corporation	c:\windows\system32\mscories.dll
+ NetMeeting 3.01	ADVPACK	Microsoft Corporation	c:\windows\system32\advpack.dll
+ Outlook Express	Windows NT User Data Migration Tool	Microsoft Corporation	c:\windows\system32\shmgrate.exe
+ Themes Setup	Microsoft(C) Register Server	Microsoft Corporation	c:\windows\system32\regsvr32.exe
+ Windows Desktop Update	Microsoft(C) Register Server	Microsoft Corporation	c:\windows\system32\regsvr32.exe
+ Windows Messenger 4.7	ADVPACK	Microsoft Corporation	c:\windows\system32\advpack.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler			
+ Browseui preloader	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Component Categories cache daemon	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad			
+ CDBurn	Windows Shell Common Dll	Microsoft Corporation	c:\windows\system32\shell32.dll
+ PostBootReminder	Windows Shell Common Dll	Microsoft Corporation	c:\windows\system32\shell32.dll
+ SysTray	Systray shell service object	Microsoft Corporation	c:\windows\system32\stobject.dll
+ WebCheck	Web Site Monitor	Microsoft Corporation	c:\windows\system32\webcheck.dll
+ WPDShServiceObj	Windows Portable Device Shell Service Object	Microsoft Corporation	c:\windows\system32\wpdshserviceobj.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks			
+ URL Exec Hook	Windows Shell Common Dll	Microsoft Corporation	c:\windows\system32\shell32.dll
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers			
+ Adobe.Acrobat.ContextMenu	Adobe Acrobat Context Menu	Adobe Systems Inc.	c:\program files\adobe\acrobat 8.0\acrobat elements\contextmenu.dll
+ BUContextMenu	Backup Shell	Symantec Corporation	c:\program files\common files\symantec shared\backup\bushell.dll
+ ContMenu			c:\windows\system32\contmenu.dll
+ Cover Designer	Cover Designer	Nero AG	c:\program files\nero\nero 7\nero coverdesigner\coveredextension.dll
+ NamipanExt			c:\program files\namirobot\data\namipanext1.dll
+ NBShellHook Class	Nero BackItUp	Nero AG	c:\program files\nero\nero 7\nero backitup\nbshell.dll
+ Offline Files	Client Side Caching UI	Microsoft Corporation	c:\windows\system32\cscui.dll
+ Open With	Windows Shell Common Dll	Microsoft Corporation	c:\windows\system32\shell32.dll
+ Open With EncryptionMenu	Windows Shell Common Dll	Microsoft Corporation	c:\windows\system32\shell32.dll
+ RExpCtxU	RExpCtx DLL		c:\program files\resco\pocket encryption\rexpctxu.dll
+ Start Menu Pin	Windows Shell Common Dll	Microsoft Corporation	c:\windows\system32\shell32.dll
+ TPContextMenu	TP Shell Extension	Symantec Corporation	c:\program files\norton 360\tpshell.dll
+ WinRAR			c:\program files\winrar\rarext.dll
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers			
+ Send To	Windows Shell Common Dll	Microsoft Corporation	c:\windows\system32\shell32.dll
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers			
+ EncryptionMenu	Windows Shell Common Dll	Microsoft Corporation	c:\windows\system32\shell32.dll
+ Offline Files	Client Side Caching UI	Microsoft Corporation	c:\windows\system32\cscui.dll
+ RExpCtxU	RExpCtx DLL		c:\program files\resco\pocket encryption\rexpctxu.dll
+ Sharing	Shell extensions for sharing	Microsoft Corporation	c:\windows\system32\ntshrui.dll
+ WinRAR			c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Directory\Shellex\DragDropHandlers			
+ WinRAR			c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers			
+ DfsShell Class	Distributed File System shell extension	Microsoft Corporation	c:\windows\system32\dfsshlex.dll
+ Folder Customization Tab	Windows Shell Common Dll	Microsoft Corporation	c:\windows\system32\shell32.dll
+ Previous Versions Property Page	Previous Versions property page	Microsoft Corporation	c:\windows\system32\twext.dll
+ Security Shell Extension	Security Shell Extension	Microsoft Corporation	c:\windows\system32\rshx32.dll
+ Sharing	Shell extensions for sharing	Microsoft Corporation	c:\windows\system32\ntshrui.dll
HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers			
+ CDF	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ FileSystem	Windows Shell Common Dll	Microsoft Corporation	c:\windows\system32\shell32.dll
+ MyDocuments	My Documents Folder UI	Microsoft Corporation	c:\windows\system32\mydocs.dll
+ Sharing	Shell extensions for sharing	Microsoft Corporation	c:\windows\system32\ntshrui.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers			
+ NeroDigitalColumnHandler Class	Nero Digital Shell Extension	Nero AG	c:\program files\common files\ahead\lib\nerodigitalext.dll
+ PDF Shell Extension	PDF Shell Extension	Adobe Systems, Inc.	c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871}	Windows Shell Common Dll	Microsoft Corporation	c:\windows\system32\shell32.dll
+ {24F14F01-7B1C-11d1-838f-0000F80461CF}	Windows Shell Common Dll	Microsoft Corporation	c:\windows\system32\shell32.dll
+ {24F14F02-7B1C-11d1-838f-0000F80461CF}	Windows Shell Common Dll	Microsoft Corporation	c:\windows\system32\shell32.dll
+ {66742402-F9B9-11D1-A202-0000F81FEDEE}	Windows Shell Common Dll	Microsoft Corporation	c:\windows\system32\shell32.dll
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers			
+ Adobe.Acrobat.ContextMenu	Adobe Acrobat Context Menu	Adobe Systems Inc.	c:\program files\adobe\acrobat 8.0\acrobat elements\contextmenu.dll
+ BUContextMenu	Backup Shell	Symantec Corporation	c:\program files\common files\symantec shared\backup\bushell.dll
+ ContMenu			c:\windows\system32\contmenu.dll
+ NBShellHook Class	Nero BackItUp	Nero AG	c:\program files\nero\nero 7\nero backitup\nbshell.dll
+ TPContextMenu	TP Shell Extension	Symantec Corporation	c:\program files\norton 360\tpshell.dll
+ WinRAR			c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers			
+ igfxcui	igfxpph Module	Intel Corporation	c:\windows\system32\igfxpph.dll
+ New	Windows Shell Common Dll	Microsoft Corporation	c:\windows\system32\shell32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers			
+ Offline Files	Client Side Caching UI	Microsoft Corporation	c:\windows\system32\cscui.dll
+ OverlayExcluded	Backup Shell	Symantec Corporation	c:\program files\common files\symantec shared\backup\bushell.dll
+ OverlayPending	Backup Shell	Symantec Corporation	c:\program files\common files\symantec shared\backup\bushell.dll
+ OverlayProtected	Backup Shell	Symantec Corporation	c:\program files\common files\symantec shared\backup\bushell.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved			
+ %DESC_PublishDropTarget%	Photo Printing Wizard	Microsoft Corporation	c:\windows\system32\photowiz.dll
+ &Address	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ &Links	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ .CAB file viewer	Cabinet File Viewer Shell Extension	Microsoft Corporation	c:\windows\system32\cabview.dll
+ Accessible	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ ActiveX Cache Folder	Object Control Viewer	Microsoft Corporation	c:\windows\system32\occache.dll
+ Address EditBox	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Administrative Tools	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Adobe.Acrobat.ContextMenu	Adobe Acrobat Context Menu	Adobe Systems Inc.	c:\program files\adobe\acrobat 8.0\acrobat elements\contextmenu.dll
+ Audio Media Properties Handler	Media File Property Extractor Shell Extension	Microsoft Corporation	c:\windows\system32\shmedia.dll
+ Augmented Shell Folder	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Augmented Shell Folder 2	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Auto Update Property Sheet Extension	Automatic Updates Control Panel	Microsoft Corporation	c:\windows\system32\wuaucpl.cpl
+ Avi Properties Handler	Media File Property Extractor Shell Extension	Microsoft Corporation	c:\windows\system32\shmedia.dll
+ BandProxy	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Briefcase	Windows Briefcase	Microsoft Corporation	c:\windows\system32\syncui.dll
+ CDF Extension Copy Hook	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Channel File	Channel Definition File Viewer	Microsoft Corporation	c:\windows\system32\cdfview.dll
+ Channel Handler Object	Channel Definition File Viewer	Microsoft Corporation	c:\windows\system32\cdfview.dll
+ Channel Menu	Channel Definition File Viewer	Microsoft Corporation	c:\windows\system32\cdfview.dll
+ Channel Properties	Channel Definition File Viewer	Microsoft Corporation	c:\windows\system32\cdfview.dll
+ Channel Shortcut	Channel Definition File Viewer	Microsoft Corporation	c:\windows\system32\cdfview.dll
+ Code Download Agent	Web Site Monitor	Microsoft Corporation	c:\windows\system32\webcheck.dll
+ Compatibility Page	Compatibility Tab Shell Extension DLL	Microsoft Corporation	c:\windows\system32\slayerxp.dll
+ Compressed (zipped) Folder	Compressed (zipped) Folders	Microsoft Corporation	c:\windows\system32\zipfldr.dll
+ Compressed (zipped) Folder Right Drag Handler	Compressed (zipped) Folders	Microsoft Corporation	c:\windows\system32\zipfldr.dll
+ Compressed (zipped) Folder SendTo Target	Compressed (zipped) Folders	Microsoft Corporation	c:\windows\system32\zipfldr.dll
+ ConnectionAgent	Web Site Monitor	Microsoft Corporation	c:\windows\system32\webcheck.dll
+ Crypto PKO Extension	Crypto Shell Extensions	Microsoft Corporation	c:\windows\system32\cryptext.dll
+ Crypto Sign Extension	Crypto Shell Extensions	Microsoft Corporation	c:\windows\system32\cryptext.dll
+ Custom MRU AutoCompleted List	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Darwin App Publisher	Shell Application Manager	Microsoft Corporation	c:\windows\system32\appwiz.cpl
+ DfsShell	Distributed File System shell extension	Microsoft Corporation	c:\windows\system32\dfsshlex.dll
+ Directory Context Menu Verbs	Directory Service Common UI	Microsoft Corporation	c:\windows\system32\dsuiext.dll
+ Directory Object Find	Directory Service Find	Microsoft Corporation	c:\windows\system32\dsquery.dll
+ Directory Property UI	Directory Service Common UI	Microsoft Corporation	c:\windows\system32\dsuiext.dll
+ Directory Query UI	Directory Service Find	Microsoft Corporation	c:\windows\system32\dsquery.dll
+ Directory Start/Search Find	Directory Service Find	Microsoft Corporation	c:\windows\system32\dsquery.dll
+ Disk Copy Extension	Windows DiskCopy	Microsoft Corporation	c:\windows\system32\diskcopy.dll
+ Disk Quota UI	Windows Shell Disk Quota UI DLL	Microsoft Corporation	c:\windows\system32\dskquoui.dll
+ Display Adapter CPL Extension	Advanced display adapter properties	Microsoft Corporation	c:\windows\system32\deskadp.dll
+ Display Monitor CPL Extension	Advanced display monitor properties	Microsoft Corporation	c:\windows\system32\deskmon.dll
+ Display TroubleShoot CPL Extension	Advanced display performance properties	Microsoft Corporation	c:\windows\system32\deskperf.dll
+ Download Status	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ DS Security Page	Directory Service Security UI	Microsoft Corporation	c:\windows\system32\dssec.dll
+ E-mail	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Explorer Band	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Extensions Manager Folder	Extensions Manager	Microsoft Corporation	c:\windows\system32\extmgr.dll
+ Favorites Band	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Fonts	Windows Font Folder	Microsoft Corporation	c:\windows\system32\fontext.dll
+ Fonts	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ For &People...	Find People	Microsoft Corporation	c:\program files\outlook express\wabfind.dll
+ FTP Folders Webview	Microsoft Internet Explorer FTP Folder Shell Extension	Microsoft Corporation	c:\windows\system32\msieftp.dll
+ Fusion Cache	Microsoft .NET Runtime Execution Engine	Microsoft Corporation	c:\windows\system32\mscoree.dll
+ GDI+ file thumbnail extractor	Windows Picture and Fax Viewer	Microsoft Corporation	c:\windows\system32\shimgvw.dll
+ Get a Passport Wizard	Map Network Drives/Network Places Wizard	Microsoft Corporation	c:\windows\system32\netplwiz.dll
+ Global Folder Settings	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Help and Support	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Help and Support	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ History	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ HTML Thumbnail Extractor	Windows Picture and Fax Viewer	Microsoft Corporation	c:\windows\system32\shimgvw.dll
+ HyperTerminal Icon Ext	HyperTerminal Applet Library	Hilgraeve, Inc.	c:\windows\system32\hticons.dll
+ ICC Profile	Microsoft Color Matching System User Interface DLL	Microsoft Corporation	c:\windows\system32\icmui.dll
+ ICM Monitor Management	Microsoft Color Matching System User Interface DLL	Microsoft Corporation	c:\windows\system32\icmui.dll
+ ICM Printer Management	Microsoft Color Matching System User Interface DLL	Microsoft Corporation	c:\windows\system32\icmui.dll
+ ICM Scanner Management	Microsoft Color Matching System User Interface DLL	Microsoft Corporation	c:\windows\system32\icmui.dll
+ IE AutoComplete	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ IE BandProxy	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ IE Custom MRU AutoCompleted List	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ IE Fade Task	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ IE IShellFolderBand	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ IE Menu Band	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ IE Menu Desk Bar	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ IE Menu Site	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ IE Microsoft BrowserBand	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ IE Microsoft History AutoComplete List	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ IE Microsoft Multiple AutoComplete List Container	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ IE Microsoft Shell Folder AutoComplete List	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ IE MRU AutoComplete List	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ IE Navigation Bar	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ IE Registry Tree Options Utility	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ IE RSS Feeder Folder	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ IE Search Band	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ IE Shell Band Site Menu	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ IE Shell Rebar BandSite	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ IE Tracking Shell Menu	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ IE User Assist	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ IE4 Suite Splash Screen	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ In-pane search	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Installed Apps Enumerator	Shell Application Manager	Microsoft Corporation	c:\windows\system32\appwiz.cpl
+ IntelliPoint Activities Control Panel Property Page	ipcplact.dll	Microsoft Corporation	c:\program files\microsoft intellipoint\ipcplact.dll
+ IntelliPoint Buttons Control Panel Property Page	ipcplbtn.dll	Microsoft Corporation	c:\program files\microsoft intellipoint\ipcplbtn.dll
+ IntelliPoint Wheel Control Panel Property Page	ipcplwhl.dll	Microsoft Corporation	c:\program files\microsoft intellipoint\ipcplwhl.dll
+ IntelliPoint Wireless Control Panel Property Page	ipcplwir.dll	Microsoft Corporation	c:\program files\microsoft intellipoint\ipcplwir.dll
+ IntelliType Pro Key Settings Control Panel Property Page	itcplkey.dll	Microsoft Corporation	c:\program files\microsoft intellitype pro\itcplkey.dll
+ IntelliType Pro Scrolling Control Panel Property Page	itcplwhl	Microsoft Corporation	c:\program files\microsoft intellitype pro\itcplwhl.dll
+ IntelliType Pro Touchpad Control Property Page	itcpltp.dll	Microsoft Corporation	c:\program files\microsoft intellitype pro\itcpltp.dll
+ IntelliType Pro Wireless Control Panel Property Page	itcplwir	Microsoft Corporation	c:\program files\microsoft intellitype pro\itcplwir.dll
+ IntelliType Pro Zooming Control Panel Property Page	itcplzm.dll	Microsoft Corporation	c:\program files\microsoft intellitype pro\itcplzm.dll
+ Internet	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Internet Name Space	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ InternetShortcut	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ ISFBand OC	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ iTunes	iTunes Mini Player DLL	Apple Inc.	c:\program files\itunes\itunesminiplayer.dll
+ Messenger Sharing Folders	Messenger File Sharing Shell Extensions	Microsoft Corporation	c:\program files\windows live\messenger\fsshext.8.5.1302.1018.dll
+ Microsoft Agent Character Property Sheet Handler	Microsoft Agent Property Sheet Handler	Microsoft Corporation	c:\windows\msagent\agentpsh.dll
+ Microsoft AutoComplete	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Microsoft Browser Architecture	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Microsoft Browser Architecture	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ Microsoft BrowserBand	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Microsoft Data Link	Microsoft Data Access - OLE DB Core Services	Microsoft Corporation	c:\program files\common files\system\ole db\oledb32.dll
+ Microsoft DocProp Inplace Calendar Control	Microsoft DocProp Shell Ext	Microsoft Corporation	c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Droplist Combo Control	Microsoft DocProp Shell Ext	Microsoft Corporation	c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Edit Box Control	Microsoft DocProp Shell Ext	Microsoft Corporation	c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace ML Edit Box Control	Microsoft DocProp Shell Ext	Microsoft Corporation	c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Time Control	Microsoft DocProp Shell Ext	Microsoft Corporation	c:\windows\system32\docprop2.dll
+ Microsoft DocProp Shell Ext	Microsoft DocProp Shell Ext	Microsoft Corporation	c:\windows\system32\docprop2.dll
+ Microsoft History AutoComplete List	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Microsoft Internet Toolbar	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Microsoft Multiple AutoComplete List Container	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Microsoft Office HTML Icon Handler	Microsoft Office 2003 component	Microsoft Corporation	c:\program files\microsoft office\office11\msohev.dll
+ Microsoft Office Metadata Handler	Microsoft Office Shell Extension Handlers	Microsoft Corporation	c:\program files\common files\microsoft shared\office12\msoshext.dll
+ Microsoft Office Outlook Custom Icon Handler	Outlook Shell Hook for Start/Find	Microsoft Corporation	c:\program files\microsoft office\office11\olkfstub.dll
+ Microsoft Office Outlook Desktop Icon Handler	Microsoft Shell Extension Library	Microsoft Corporation	c:\program files\microsoft office\office11\mlshext.dll
+ Microsoft Office Thumbnail Handler	Microsoft Office Shell Extension Handlers	Microsoft Corporation	c:\program files\common files\microsoft shared\office12\msoshext.dll
+ Microsoft Shell Folder AutoComplete List	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Microsoft Url History Service	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ Microsoft Url Search Hook	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ Midi Properties Handler	Media File Property Extractor Shell Extension	Microsoft Corporation	c:\windows\system32\shmedia.dll
+ MMC Icon Handler	MMC Shell Extension DLL	Microsoft Corporation	c:\windows\system32\mmcshext.dll
+ Mobile Device	Mobile Devices Shell Extension	Microsoft Corporation	c:\program files\microsoft activesync\wcesview.dll
+ MRU AutoComplete List	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ MSNShell			c:\windows\system32\contmenu.dll
+ Multimedia File Property Sheet	Control Panel Drivers Applet	Microsoft Corporation	c:\windows\system32\mmsys.cpl
+ MyDocs Copy Hook	My Documents Folder UI	Microsoft Corporation	c:\windows\system32\mydocs.dll
+ MyDocs Drop Target	My Documents Folder UI	Microsoft Corporation	c:\windows\system32\mydocs.dll
+ MyDocs Properties	My Documents Folder UI	Microsoft Corporation	c:\windows\system32\mydocs.dll
+ NeroCoverEd Live Icons	Cover Designer	Nero AG	c:\program files\nero\nero 7\nero coverdesigner\coveredextension.dll
+ NeroDigitalIconHandler	Nero Digital Shell Extension	Nero AG	c:\program files\common files\ahead\lib\nerodigitalext.dll
+ NeroDigitalPropSheetHandler	Nero Digital Shell Extension	Nero AG	c:\program files\common files\ahead\lib\nerodigitalext.dll
+ Network Connections	Network Connections Shell	Microsoft Corporation	c:\windows\system32\netshell.dll
+ Network Connections	Network Connections Shell	Microsoft Corporation	c:\windows\system32\netshell.dll
+ NTFS Security Page	Security Shell Extension	Microsoft Corporation	c:\windows\system32\rshx32.dll
+ Offline Files Folder	Client Side Caching UI	Microsoft Corporation	c:\windows\system32\cscui.dll
+ Offline Files Folder Options	Client Side Caching UI	Microsoft Corporation	c:\windows\system32\cscui.dll
+ Offline Files Menu	Client Side Caching UI	Microsoft Corporation	c:\windows\system32\cscui.dll
+ OLE Docfile Property Page	OLE DocFile Property Page	Microsoft Corporation	c:\windows\system32\docprop.dll
+ PlusPack CPL Extension	Windows Theme API	Microsoft Corporation	c:\windows\system32\themeui.dll
+ Portable Devices	Portable Devices Shell Extension	Microsoft Corporation	c:\windows\system32\wpdshext.dll
+ Portable Devices Menu	Portable Devices Shell Extension	Microsoft Corporation	c:\windows\system32\wpdshext.dll
+ Portable Media Devices	Portable Media Devices Shell Extension	Microsoft Corporation	c:\windows\system32\audiodev.dll
+ PostAgent	Web Site Monitor	Microsoft Corporation	c:\windows\system32\webcheck.dll
+ Previous Versions	Previous Versions property page	Microsoft Corporation	c:\windows\system32\twext.dll
+ Previous Versions Property Page	Previous Versions property page	Microsoft Corporation	c:\windows\system32\twext.dll
+ Print Ordering via the Web	Map Network Drives/Network Places Wizard	Microsoft Corporation	c:\windows\system32\netplwiz.dll
+ Printers Security Page	Security Shell Extension	Microsoft Corporation	c:\windows\system32\rshx32.dll
+ Registry Tree Options Utility	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Remote Sessions CPL Extension	Remote Sessions CPL Extension	Microsoft Corporation	c:\windows\system32\remotepg.dll
+ RExpCtxU	RExpCtx DLL		c:\program files\resco\pocket encryption\rexpctxu.dll
+ Run...	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ SampleView	ShellvRTF	XSS	c:\windows\system32\shellvrtf.dll
+ Scanners & Cameras	Imaging Devices Shell Folder UI	Microsoft Corporation	c:\windows\system32\wiashext.dll
+ Scanners & Cameras	Imaging Devices Shell Folder UI	Microsoft Corporation	c:\windows\system32\wiashext.dll
+ Scanners & Cameras	Imaging Devices Shell Folder UI	Microsoft Corporation	c:\windows\system32\wiashext.dll
+ Scanners & Cameras	Imaging Devices Shell Folder UI	Microsoft Corporation	c:\windows\system32\wiashext.dll
+ Scanners & Cameras	Imaging Devices Shell Folder UI	Microsoft Corporation	c:\windows\system32\wiashext.dll
+ Scheduled Tasks	Task Scheduler interface DLL	Microsoft Corporation	c:\windows\system32\mstask.dll
+ Search	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Search Assistant OC	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Sendmail service	Send Mail	Microsoft Corporation	c:\windows\system32\sendmail.dll
+ Sendmail service	Send Mail	Microsoft Corporation	c:\windows\system32\sendmail.dll
+ Set Program Access and Defaults	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Shell Application Manager	Shell Application Manager	Microsoft Corporation	c:\windows\system32\appwiz.cpl
+ Shell Automation Inproc Service	Shell Doc Object and Control Library	Microsoft Corporation	c:\windows\system32\shdocvw.dll
+ Shell Band Site Menu	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Shell DeskBar	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Shell DeskBarApp	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Shell DocObject Viewer	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ Shell extension for Norton backup	Backup Shell	Symantec Corporation	c:\program files\common files\symantec shared\backup\bushell.dll
+ Shell extension for NTP	TP Shell Extension	Symantec Corporation	c:\program files\norton 360\tpshell.dll
+ Shell extensions for Microsoft Windows Network objects	Network object shell UI	Microsoft Corporation	c:\windows\system32\ntlanui2.dll
+ Shell extensions for sharing	Shell extensions for sharing	Microsoft Corporation	c:\windows\system32\ntshrui.dll
+ Shell extensions for sharing	Shell extensions for sharing	Microsoft Corporation	c:\windows\system32\ntshrui.dll
+ Shell extensions for Windows Script Host	Microsoft (R) Shell Extension for Windows Script Host	Microsoft Corporation	c:\windows\system32\wshext.dll
+ Shell Icon Handler for Application References	Application Deployment Support Library	Microsoft Corporation	c:\windows\system32\dfshim.dll
+ Shell Image Data Factory	Windows Picture and Fax Viewer	Microsoft Corporation	c:\windows\system32\shimgvw.dll
+ Shell Image Property Handler	Windows Picture and Fax Viewer	Microsoft Corporation	c:\windows\system32\shimgvw.dll
+ Shell Image Verbs	Windows Picture and Fax Viewer	Microsoft Corporation	c:\windows\system32\shimgvw.dll
+ Shell properties for a DS object	Directory Service Find	Microsoft Corporation	c:\windows\system32\dsquery.dll
+ Shell Publishing Wizard Object	Map Network Drives/Network Places Wizard	Microsoft Corporation	c:\windows\system32\netplwiz.dll
+ Shell Rebar BandSite	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Shell Scrap DataHandler	Shell scrap object handler	Microsoft Corporation	c:\windows\system32\shscrap.dll
+ Shell Search Band	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ ShellLink for Application References	Application Deployment Support Library	Microsoft Corporation	c:\windows\system32\dfshim.dll
+ Subscription Folder	Web Site Monitor	Microsoft Corporation	c:\windows\system32\webcheck.dll
+ Subscription Mgr	Web Site Monitor	Microsoft Corporation	c:\windows\system32\webcheck.dll
+ Summary Info Thumbnail handler (DOCFILES)	Windows Picture and Fax Viewer	Microsoft Corporation	c:\windows\system32\shimgvw.dll
+ Taskbar and Start Menu	Windows Shell Common Dll	Microsoft Corporation	c:\windows\system32\shell32.dll
+ Tasks Folder Icon Handler	Task Scheduler interface DLL	Microsoft Corporation	c:\windows\system32\mstask.dll
+ Tasks Folder Shell Extension	Task Scheduler interface DLL	Microsoft Corporation	c:\windows\system32\mstask.dll
+ Temporary Internet Files	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ Temporary Internet Files	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ The Internet	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
+ Track Popup Bar	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ TrayAgent	Web Site Monitor	Microsoft Corporation	c:\windows\system32\webcheck.dll
+ TridentImageExtractor	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ User Accounts	Map Network Drives/Network Places Wizard	Microsoft Corporation	c:\windows\system32\netplwiz.dll
+ User Assist	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ Video Media Properties Handler	Media File Property Extractor Shell Extension	Microsoft Corporation	c:\windows\system32\shmedia.dll
+ Video Thumbnail Extractor	Media File Property Extractor Shell Extension	Microsoft Corporation	c:\windows\system32\shmedia.dll
+ Wav Properties Handler	Media File Property Extractor Shell Extension	Microsoft Corporation	c:\windows\system32\shmedia.dll
+ Web Folders	Microsoft Web Folders	Microsoft Corporation	c:\program files\common files\microsoft shared\web folders\msonsext.dll
+ Web Printer Shell Extension	Print UI DLL	Microsoft Corporation	c:\windows\system32\printui.dll
+ Web Publishing Wizard	Map Network Drives/Network Places Wizard	Microsoft Corporation	c:\windows\system32\netplwiz.dll
+ Web Search	Shell Browser UI Library	Microsoft Corporation	c:\windows\system32\browseui.dll
+ WebCheck	Web Site Monitor	Microsoft Corporation	c:\windows\system32\webcheck.dll
+ WebCheck SyncMgr Handler	Web Site Monitor	Microsoft Corporation	c:\windows\system32\webcheck.dll
+ WebCheckChannelAgent	Web Site Monitor	Microsoft Corporation	c:\windows\system32\webcheck.dll
+ WebCheckWebCrawler	Web Site Monitor	Microsoft Corporation	c:\windows\system32\webcheck.dll
+ Windows Media Player Add to Playlist Context Menu Handler	Windows Media Player Launcher	Microsoft Corporation	c:\windows\system32\wmpshell.dll
+ Windows Media Player Burn Audio CD Context Menu Handler	Windows Media Player Launcher	Microsoft Corporation	c:\windows\system32\wmpshell.dll
+ Windows Media Player Play as Playlist Context Menu Handler	Windows Media Player Launcher	Microsoft Corporation	c:\windows\system32\wmpshell.dll
+ WinRAR shell extension			c:\program files\winrar\rarext.dll
+ WLMD Message Handler	Microsoft Internet Messaging API Resources	Microsoft Corporation	c:\program files\windows live\mail\mailcomm.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects			
+ Adobe PDF Conversion Toolbar Helper	Adobe PDF Toolbar for Internet Explorer	Adobe Systems Incorporated	c:\program files\adobe\acrobat 8.0\acrobat\acroiefavclient.dll
+ Adobe PDF Reader Link Helper	Adobe PDF Helper for Internet Explorer	Adobe Systems Incorporated	c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
+ BandIE Class			File not found: C:\PROGRA~1\baidu\bar\baidubar.dll
+ CBBrowerBuddy Class	Kingsoft PowerWord	Copyright (c) Kingsoft Corporation Limited. All rights reserved.	c:\program files\kingsoft\powerword lite\cbeband.dll
+ Google Toolbar Helper	Google IE Client Toolbar	Google Inc.	c:\program files\google\googletoolbar1.dll
+ Google Toolbar Notifier BHO	GoogleToolbarNotifier	Google Inc.	c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
+ Java(tm) Plug-In 2 SSV Helper	Java(TM) Platform SE binary	Sun Microsystems, Inc.	c:\program files\java\jre6\bin\jp2ssv.dll
+ Java(tm) Plug-In SSV Helper	Java(TM) Platform SE binary	Sun Microsystems, Inc.	c:\program files\java\jre6\bin\ssv.dll
+ JQSIEStartDetectorImpl Class	Java(TM) Quick Starter binary	Sun Microsystems, Inc.	c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
+ Symantec Intrusion Prevention	IPS Browser Helper DLL	Symantec Corporation	c:\program files\common files\symantec shared\ids\ipsbho.dll
+ Thunder Browser Helper	XunLeiBHO	Thunder Networking Technologies,LTD	c:\program files\thunder network\thunder\comdlls\xunleibho_now.dll
+ ThunderAtOnce Class	Å÷OÈhاy'/!W	Thunder Networking Technologies,LTD	c:\program files\thunder network\thunder\comdlls\tdatonce_now.dll
+ Windows Live Toolbar Helper	Windows Live Toolbar for Internet Explorer	Microsoft Corporation	c:\program files\windows live toolbar\msntb.dll
+ Windows Live {U.©	WindowsLiveLogin.dll	Microsoft Corporation	c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
+ {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}	coIEPlugIn	Symantec Corporation	c:\program files\common files\symantec shared\coshared\browser\2.6\coieplg.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks			
+ Microsoft Url Search Hook	Internet Explorer	Microsoft Corporation	c:\windows\system32\ieframe.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar			
+ &Google	Google IE Client Toolbar	Google Inc.	c:\program files\google\googletoolbar1.dll
+ Adobe PDF	Adobe PDF Toolbar for Internet Explorer	Adobe Systems Incorporated	c:\program files\adobe\acrobat 8.0\acrobat\acroiefavclient.dll
+ NCO Toolbar 2.0	coIEPlugIn	Symantec Corporation	c:\program files\common files\symantec shared\coshared\browser\2.6\coieplg.dll
+ Windows Live Toolbar	Windows Live Toolbar for Internet Explorer	Microsoft Corporation	c:\program files\windows live toolbar\msntb.dll
+ ~¦åw			File not found: C:\PROGRA~1\baidu\bar\baidubar.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions			
+ Diagnose Connection Problems...	Network Diagnostic for Windows XP	Microsoft Corporation	c:\windows\network diagnostic\xpnetdiag.exe
+ Windows Messenger	Windows Messenger	Microsoft Corporation	c:\program files\messenger\msmsgs.exe
+ ˆëÆ‘"			File not found: http://www.henkuai.com/?from=iebannel
+ /¨UUSee QÜ5Æ	UUPlayer		c:\program files\uusee\uuseeplayer.exe
+ /¨Å÷5		Thunder Networking Technologies,LTD	c:\program files\thunder network\thunder\thunder.exe
Task Scheduler			
+ AppleSoftwareUpdate.job	Apple Software Update	Apple Inc.	c:\program files\apple software update\softwareupdate.exe
+ å Windows Live Toolbar ô°.job	MSN Search Toolbar Scheduled Update Utility	Microsoft Corporation	c:\program files\windows live toolbar\msntbup.exe
HKLM\System\CurrentControlSet\Services			
+ APC UPS Service	Battery backup management service	American Power Conversion Corporation	c:\program files\apc\apc powerchute personal edition\mainserv.exe
+ Apple Mobile Device	Ù Apple û¨¾Л¥ã	Apple Inc.	c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
+ AudioSrv	Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.	Microsoft Corporation	c:\windows\system32\audiosrv.dll
+ Automatic LiveUpdate Scheduler	¡ùê¨ LiveUpdate Ý„¦	Symantec Corporation	c:\program files\symantec\liveupdate\aluschedulersvc.exe
+ Bonjour Service	Bonjour A¸ iTunes Œ Safari I”((@ßQ
JŒÑ°
¡ÐL Bonjour 難ޥ0 Apple TV Ilö¾åÊ iTunes q«Œ AirTunes Ioö
¡‚œ¨( BonjourûUnVƒ„QÜ
¡ýàÕ/	Apple Inc.	c:\program files\bonjour\mdnsresponder.exe
+ ccEvtMgr	‹ö ­å×°U
¡	Symantec Corporation	c:\program files\common files\symantec shared\ccsvchst.exe
+ ccosm	Contrl Center of Storm Media	¬´ÎQEÑ€	Plø	c:\program files\stormii\stormliv.exe
+ ccSetMgr	¾nX¨¡
¡	Symantec Corporation	c:\program files\common files\symantec shared\ccsvchst.exe
+ CLTNetCnService	Symantec Lic NetConnect Service	Symantec Corporation	c:\program files\common files\symantec shared\ccsvchst.exe
+ CryptSvc	Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.	Microsoft Corporation	c:\windows\system32\cryptsvc.dll
+ DcomLaunch	Provides launch functionality for DCOM services.	Microsoft Corporation	c:\windows\system32\rpcss.dll
+ Dhcp	Manages network configuration by registering and updating IP addresses and DNS names.	Microsoft Corporation	c:\windows\system32\dhcpcsvc.dll
+ Dnscache	Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.	Microsoft Corporation	c:\windows\system32\dnsrslvr.dll
+ ERSvc	Allows error reporting for services and applictions running in non-standard environments.	Microsoft Corporation	c:\windows\system32\ersvc.dll
+ Eventlog	Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.	Microsoft Corporation	c:\windows\system32\services.exe
+ gusvc	gusvc	Google	c:\program files\google\common\google updater\googleupdaterservice.exe
+ helpsvc	Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.	Microsoft Corporation	c:\windows\pchealth\helpctr\binaries\pchsvc.dll
+ HidServ	Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.	Microsoft Corporation	c:\windows\system32\hidserv.dll
+ HWSuperPowerTablet	I‹Ñ€ …ý V2.1	HanWang	c:\windows\system32\jwpen.exe
+ JavaQuickStarterService	Prefetches JRE files for faster startup of Java applets and applications	Sun Microsystems, Inc.	c:\program files\java\jre6\bin\jqs.exe
+ lanmanworkstation	Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.	Microsoft Corporation	c:\windows\system32\wkssvc.dll
+ LiveUpdate Notice	Manages Norton product notices	Symantec Corporation	c:\program files\common files\symantec shared\ccsvchst.exe
+ LmHosts	Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.	Microsoft Corporation	c:\windows\system32\lmhsvc.dll
+ MDM	Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly.	Microsoft Corporation	c:\program files\common files\microsoft shared\vs7debug\mdm.exe
+ Messenger	Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.	Microsoft Corporation	c:\windows\system32\msgsvc.dll
+ PLFlash DeviceIoControl Service	PLFlash DeviceIoControl Service	Prolific Technology Inc.	c:\windows\system32\ioctlsvc.exe
+ PlugPlay	Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.	Microsoft Corporation	c:\windows\system32\services.exe
+ PolicyAgent	Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.	Microsoft Corporation	c:\windows\system32\lsass.exe
+ ProtectedStorage	Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.	Microsoft Corporation	c:\windows\system32\lsass.exe
+ RpcSs	Provides the endpoint mapper and other miscellaneous RPC services.	Microsoft Corporation	c:\windows\system32\rpcss.dll
+ SamSs	Stores security information for local user accounts.	Microsoft Corporation	c:\windows\system32\lsass.exe
+ SCardSvr	Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.	Microsoft Corporation	c:\windows\system32\scardsvr.exe
+ Schedule	Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.	Microsoft Corporation	c:\windows\system32\schedsvc.dll
+ sdAuxService	Provides auxiliary PC Tools Security services. If this service is disabled spyware protection will be reduced.	PC Tools	c:\program files\spyware doctor\pctsauxs.exe
+ sdCoreService	Provides spyware and malware protection for the system. If this service is disabled spyware protection will be disabled.	PC Tools	c:\program files\spyware doctor\pctssvc.exe
+ SDJB Manager	sdjbmgr	~ûh#m*>	c:\program files\panasonic\sd-jukeboxv3\sdjbmgr.exe
+ SDPASVC	SDPAUMS server service.	 Matsushita Electric Industrial Co.,Ltd.	c:\windows\system32\sdpasvc.exe
+ seclogon	Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.	Microsoft Corporation	c:\windows\system32\seclogon.dll
+ SENS	Tracks system events such as Windows logon, network, and power events.  Notifies COM+ Event System subscribers of these events.	Microsoft Corporation	c:\windows\system32\sens.dll
+ SharedAccess	Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.	Microsoft Corporation	c:\windows\system32\ipnathlp.dll
+ ShellHWDetection	Provides notifications for AutoPlay hardware events.	Microsoft Corporation	c:\windows\system32\shsvcs.dll
+ Spooler	Loads files to memory for later printing.	Microsoft Corporation	c:\windows\system32\spoolsv.exe
+ srservice	Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties	Microsoft Corporation	c:\windows\system32\srsvc.dll
+ stisvc	Provides image acquisition services for scanners and cameras.	Microsoft Corporation	c:\windows\system32\wiaservc.dll
+ Themes	Provides user experience theme management.	Microsoft Corporation	c:\windows\system32\shsvcs.dll
+ TrkWks	Maintains links between NTFS files within a computer or across computers in a network domain.	Microsoft Corporation	c:\windows\system32\trkwks.dll
+ W32Time	Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.	Microsoft Corporation	c:\windows\system32\w32time.dll
+ WebClient	Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.	Microsoft Corporation	c:\windows\system32\webclnt.dll
+ winmgmt	Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.	Microsoft Corporation	c:\windows\system32\wbem\wmisvc.dll
+ wscsvc	Monitors system security settings and configurations.	Microsoft Corporation	c:\windows\system32\wscsvc.dll
+ wuauserv	Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.	Microsoft Corporation	c:\windows\system32\wuauserv.dll
+ WZCSVC	Provides automatic configuration for the 802.11 adapters	Microsoft Corporation	c:\windows\system32\wzcsvc.dll
HKLM\System\CurrentControlSet\Services			
+ ACPI	ACPI Driver for NT	Microsoft Corporation	c:\windows\system32\drivers\acpi.sys
+ aec	Microsoft Acoustic Echo Canceller	Microsoft Corporation	c:\windows\system32\drivers\aec.sys
+ AFD	AFD Networking Support Environment	Microsoft Corporation	c:\windows\system32\drivers\afd.sys
+ AgereSoftModem	SoftModem Device Driver	Agere Systems	c:\windows\system32\drivers\agrsm.sys
+ ALCXWDM	Realtek AC'97 Audio Driver (WDM)	Realtek Semiconductor Corp.	c:\windows\system32\drivers\alcxwdm.sys
+ Alidevice	Windows NT alipay kernel module	alipay.com	c:\windows\system32\drivers\alidevice.sys
+ ALIEHCD	ULi Ehci Host Controller Driver	ULi Corporation	c:\windows\system32\drivers\aliehci.sys
+ aligp	ULi Composite Device Driver	ULi Corporation	c:\windows\system32\drivers\aligp.sys
+ aliroothub	ULi Roothub Driver for USB2.0	ULi Corporation	c:\windows\system32\drivers\alirthub.sys
+ AmdK7	Processor Device Driver	Microsoft Corporation	c:\windows\system32\drivers\amdk7.sys
+ Arp1394	1394 ARP Client Protocol	Microsoft Corporation	c:\windows\system32\drivers\arp1394.sys
+ Aspi32	ASPI for WIN32 Kernel Driver	Adaptec	c:\windows\system32\drivers\aspi32.sys
+ AsyncMac	RAS Asynchronous Media Driver	Microsoft Corporation	c:\windows\system32\drivers\asyncmac.sys
+ atapi	IDE/ATAPI Port Driver	Microsoft Corporation	c:\windows\system32\drivers\atapi.sys
+ Atmarpc	ATM ARP Client Protocol	Microsoft Corporation	c:\windows\system32\drivers\atmarpc.sys
+ audstub	AudStub Driver	Microsoft Corporation	c:\windows\system32\drivers\audstub.sys
+ Beep	BEEP Driver	Microsoft Corporation	c:\windows\system32\drivers\beep.sys
+ bjjkiu18			File not found: System32\DRIVERS\bjjkiu18.sys
+ BrScnUsb	Brother USB Scanner Driver	Brother Industries Ltd.	c:\windows\system32\drivers\brscnusb.sys
+ BrSerIf	Brotehr Serial I/F Driver (WDM)	Brother Industries Ltd.	c:\windows\system32\drivers\brserif.sys
+ BrUsbSer	Brother USB Serial Driver	Brother Industries Ltd.	c:\windows\system32\drivers\brusbser.sys
+ bxxgyq07			File not found: System32\DRIVERS\bxxgyq07.sys
+ CCDECODE	WDM Closed Caption VBI Codec	Microsoft Corporation	c:\windows\system32\drivers\ccdecode.sys
+ Cdaudio	CD-ROM Audio Filter Driver	Microsoft Corporation	c:\windows\system32\drivers\cdaudio.sys
+ Cdrom	SCSI CD-ROM Driver	Microsoft Corporation	c:\windows\system32\drivers\cdrom.sys
+ Changer			File not found: C:\WINDOWS\System32\Drivers\Changer.sys
+ CO_Mon	Behavior Blocker v2007.1 WDM driver (2007.1.1.99)	Symantec Corporation	c:\windows\system32\drivers\co_mon.sys
+ COH_Mon	Confidence Online v6.1 WDM driver (6,1,4,10)	Symantec Corporation	c:\windows\system32\drivers\coh_mon.sys
+ Compbatt	Composite Battery Driver	Microsoft Corporation	c:\windows\system32\drivers\compbatt.sys
+ CYGF32X	CygF32x_USB.sys	Cygnal Integrated Products	c:\windows\system32\drivers\cygf32x.sys
+ dblapdrv			c:\windows\system32\drivers\dblapdrv.sys
+ Disk	PnP Disk Driver	Microsoft Corporation	c:\windows\system32\drivers\disk.sys
+ DMusic	Microsoft Kernel DLS Synthesizer	Microsoft Corporation	c:\windows\system32\drivers\dmusic.sys
+ drmkaud	Microsoft Kernel DRM Audio Descrambler Filter	Microsoft Corporation	c:\windows\system32\drivers\drmkaud.sys
+ eeCtrl	Symantec Eraser Control Driver	Symantec Corporation	c:\program files\common files\symantec shared\eengine\eectrl.sys
+ EraserUtilRebootDrv	Symantec Eraser Utility Driver	Symantec Corporation	c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys
+ Faireir			c:\windows\system32\drivers\faireir.sys
+ fasttx2k	Promise FastTrak Series Driver for WindowsXP	Promise Technology, Inc.	c:\windows\system32\drivers\fasttx2k.sys
+ Fdc	Floppy Disk Controller Driver	Microsoft Corporation	c:\windows\system32\drivers\fdc.sys
+ Fips	FIPS Crypto Driver	Microsoft Corporation	c:\windows\system32\drivers\fips.sys
+ Flpydisk	Floppy Driver	Microsoft Corporation	c:\windows\system32\drivers\flpydisk.sys
+ FltMgr	File System Filter Manager Driver	Microsoft Corporation	c:\windows\system32\drivers\fltmgr.sys
+ FsVga	Full Screen Video Driver	Microsoft Corporation	c:\windows\system32\drivers\fsvga.sys
+ Ftdisk	FT Disk Driver	Microsoft Corporation	c:\windows\system32\drivers\ftdisk.sys
+ GEARAspiWDM	CD DVD Filter	GEAR Software Inc.	c:\windows\system32\drivers\gearaspiwdm.sys
+ GKeyUSB	USB Key Smart Card Reader Driver	Gemplus	c:\windows\system32\drivers\gkeyusb.sys
+ Gpc	Generic Packet Classifier	Microsoft Corporation	c:\windows\system32\drivers\msgpc.sys
+ HDAudBus	High Definition Audio Bus Driver v1.0a	Windows (R) Server 2003 DDK provider	c:\windows\system32\drivers\hdaudbus.sys
+ HidBatt	Hid Battery Driver	Microsoft Corporation	c:\windows\system32\drivers\hidbatt.sys
+ HidUsb	USB Miniport Driver for Input Devices	Microsoft Corporation	c:\windows\system32\drivers\hidusb.sys
+ HTTP	This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.	Microsoft Corporation	c:\windows\system32\drivers\http.sys
+ HYCtl	Wdm1	PHD Computer Consultants Ltd	c:\windows\system32\drivers\hyctl.sys
+ hypen			c:\windows\system32\drivers\hypen.sys
+ i2omgmt			File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys
+ i8042prt	i8042 Port Driver	Microsoft Corporation	c:\windows\system32\drivers\i8042prt.sys
+ ialm	Intel Graphics Miniport Driver	Intel Corporation	c:\windows\system32\drivers\igxpmp32.sys
+ IKFileSec	File Security Device Driver	PCTools Research Pty Ltd.	c:\windows\system32\drivers\ikfilesec.sys
+ IKSysFlt	System Filter Device Driver	PCTools Research Pty Ltd.	c:\windows\system32\drivers\iksysflt.sys
+ IKSysSec	System Security Device Driver	PCTools Research Pty Ltd.	c:\windows\system32\drivers\iksyssec.sys
+ Imapi	IMAPI Kernel Driver	Microsoft Corporation	c:\windows\system32\drivers\imapi.sys
+ IntcAzAudAddService	Realtek(r) High Definition Audio Function Driver	Realtek Semiconductor Corp.	c:\windows\system32\drivers\rtkhdaud.sys
+ IntelIde	Intel PCI IDE Driver	Microsoft Corporation	c:\windows\system32\drivers\intelide.sys
+ intelppm	Processor Device Driver	Microsoft Corporation	c:\windows\system32\drivers\intelppm.sys
+ Ip6Fw	Provides intrusion prevention service for a home or small office network.	Microsoft Corporation	c:\windows\system32\drivers\ip6fw.sys
+ ipdbldrv			File not found: System32\DRIVERS\ipdbldrv.sys
+ IPFilter	Microsoft IntelliPoint	Microsoft Corporation	c:\windows\system32\drivers\ipfilter.sys
+ IpFilterDriver	IP Traffic Filter Driver	Microsoft Corporation	c:\windows\system32\drivers\ipfltdrv.sys
+ IpInIp	IP in IP Tunnel Driver	Microsoft Corporation	c:\windows\system32\drivers\ipinip.sys
+ IpNat	IP Network Address Translator	Microsoft Corporation	c:\windows\system32\drivers\ipnat.sys
+ IPSec	IPSEC driver	Microsoft Corporation	c:\windows\system32\drivers\ipsec.sys
+ IRENUM	Infra-Red Bus Enumerator	Microsoft Corporation	c:\windows\system32\drivers\irenum.sys
+ isapnp	PNP ISA Bus Driver	Microsoft Corporation	c:\windows\system32\drivers\isapnp.sys
+ Iviaspi	InterVideo ASPI Shell	InterVideo, Inc.	c:\windows\system32\drivers\iviaspi.sys
+ Kbdclass	Keyboard Class Driver	Microsoft Corporation	c:\windows\system32\drivers\kbdclass.sys
+ kbdhid	HID Mouse Filter Driver	Microsoft Corporation	c:\windows\system32\drivers\kbdhid.sys
+ kmixer	Kernel Mode Audio Mixer	Microsoft Corporation	c:\windows\system32\drivers\kmixer.sys
+ KSecDD	Kernel Security Support Provider Interface	Microsoft Corporation	c:\windows\system32\drivers\ksecdd.sys
+ lbrtfdc			File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
+ mnmdd	Frame buffer simulator	Microsoft Corporation	c:\windows\system32\drivers\mnmdd.sys
+ Modem	Modem Device Driver	Microsoft Corporation	c:\windows\system32\drivers\modem.sys
+ MODEMCSA	Unimodem CSA Filter	Microsoft Corporation	c:\windows\system32\drivers\modemcsa.sys
+ Mouclass	Mouse Class Driver	Microsoft Corporation	c:\windows\system32\drivers\mouclass.sys
+ mouhid	HID Mouse Filter Driver	Microsoft Corporation	c:\windows\system32\drivers\mouhid.sys
+ MountMgr	Mount Manager	Microsoft Corporation	c:\windows\system32\drivers\mountmgr.sys
+ MRxDAV	WebDav Client Redirector	Microsoft Corporation	c:\windows\system32\drivers\mrxdav.sys
+ MRxSmb	MRXSMB	Microsoft Corporation	c:\windows\system32\drivers\mrxsmb.sys
+ Msfs	Mailslot driver	Microsoft Corporation	c:\windows\system32\drivers\msfs.sys
+ MSKSSRV	MS KS Server	Microsoft Corporation	c:\windows\system32\drivers\mskssrv.sys
+ MSPCLOCK	MS Proxy Clock	Microsoft Corporation	c:\windows\system32\drivers\mspclock.sys
+ MSPQM	MS Proxy Quality Manager	Microsoft Corporation	c:\windows\system32\drivers\mspqm.sys
+ mssmbios	System Management BIOS Driver	Microsoft Corporation	c:\windows\system32\drivers\mssmbios.sys
+ MSTEE	WDM Tee/Communication Transform Filter 	Microsoft Corporation	c:\windows\system32\drivers\mstee.sys
+ Mup	Multiple UNC Provider driver	Microsoft Corporation	c:\windows\system32\drivers\mup.sys
+ mxnic	Macronix MX987xx Family Fast Ethernet Adapter Window Driver                    	Macronix International Co., Ltd.                                               	c:\windows\system32\drivers\mxnic.sys
+ NABTSFEC	WDM NABTS/FEC VBI Codec	Microsoft Corporation	c:\windows\system32\drivers\nabtsfec.sys
+ NAVENG	AV Engine	Symantec Corporation	c:\program files\common files\symantec shared\virusdefs\20090207.021\naveng.sys
+ NAVEX15	AV Engine	Symantec Corporation	c:\program files\common files\symantec shared\virusdefs\20090207.021\navex15.sys
+ NDIS	NDIS 5.1 wrapper driver	Microsoft Corporation	c:\windows\system32\drivers\ndis.sys
+ NdisIP	Microsoft IP Driver	Microsoft Corporation	c:\windows\system32\drivers\ndisip.sys
+ NdisTapi	Remote Access NDIS TAPI Driver	Microsoft Corporation	c:\windows\system32\drivers\ndistapi.sys
+ Ndisuio	NDIS Usermode I/O Protocol	Microsoft Corporation	c:\windows\system32\drivers\ndisuio.sys
+ NdisWan	Remote Access NDIS WAN Driver	Microsoft Corporation	c:\windows\system32\drivers\ndiswan.sys
+ NDProxy	NDIS Proxy	Microsoft Corporation	c:\windows\system32\drivers\ndproxy.sys
+ NetBIOS	NetBIOS Interface	Microsoft Corporation	c:\windows\system32\drivers\netbios.sys
+ NetBT	NetBios over Tcpip	Microsoft Corporation	c:\windows\system32\drivers\netbt.sys
+ NIC1394	IEEE1394 Ndis Miniport and Call Manager	Microsoft Corporation	c:\windows\system32\drivers\nic1394.sys
+ Npfs	NPFS Driver	Microsoft Corporation	c:\windows\system32\drivers\npfs.sys
+ Null	NULL Driver	Microsoft Corporation	c:\windows\system32\drivers\null.sys
+ NwlnkFlt	IPX Traffic Filter Driver	Microsoft Corporation	c:\windows\system32\drivers\nwlnkflt.sys
+ NwlnkFwd	IPX Traffic Forwarder Driver	Microsoft Corporation	c:\windows\system32\drivers\nwlnkfwd.sys
+ ohci1394	1394 OpenHCI Port Driver	Microsoft Corporation	c:\windows\system32\drivers\ohci1394.sys
+ Parport	Parallel Port Driver	Microsoft Corporation	c:\windows\system32\drivers\parport.sys
+ PartMgr	Partition Manager	Microsoft Corporation	c:\windows\system32\drivers\partmgr.sys
+ PartMsg			File not found: C:\WINDOWS\System32\Drivers\PartMsg.sys
+ PCI	NT Plug and Play PCI Enumerator	Microsoft Corporation	c:\windows\system32\drivers\pci.sys
+ PCIDump			File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
+ PD0620VID	Video streaming and Capture Device Driver	Creative Technology Ltd.	c:\windows\system32\drivers\p0620vid.sys
+ PDCOMP			File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
+ PDFRAME			File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
+ PDRELI			File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
+ PDRFRAME			File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
+ Pfc	Padus(R) ASPI Shell	Padus, Inc.	c:\windows\system32\drivers\pfc.sys
+ Point32	Point32.sys	Microsoft Corporation	c:\windows\system32\drivers\point32.sys
+ PptpMiniport	WAN Miniport (PPTP)	Microsoft Corporation	c:\windows\system32\drivers\raspptp.sys
+ Processor	Processor Device Driver	Microsoft Corporation	c:\windows\system32\drivers\processr.sys
+ Ps2	PS2 SYS	Hewlett-Packard Company	c:\windows\system32\drivers\ps2.sys
+ Ptilink	Direct Parallel Link Driver	Parallel Technologies, Inc.	c:\windows\system32\drivers\ptilink.sys
+ PxHelp20	Px Engine Device Driver for Windows 2000/XP	Sonic Solutions	c:\windows\system32\drivers\pxhelp20.sys
+ RasAcd	Remote Access Auto Connection Driver	Microsoft Corporation	c:\windows\system32\drivers\rasacd.sys
+ Rasl2tp	WAN Miniport (L2TP)	Microsoft Corporation	c:\windows\system32\drivers\rasl2tp.sys
+ RasPppoe	Remote Access PPPOE Driver	Microsoft Corporation	c:\windows\system32\drivers\raspppoe.sys
+ Raspti	Direct Parallel	Microsoft Corporation	c:\windows\system32\drivers\raspti.sys
+ Rdbss	Rdbss	Microsoft Corporation	c:\windows\system32\drivers\rdbss.sys
+ RDPCDD	RDP Miniport	Microsoft Corporation	c:\windows\system32\drivers\rdpcdd.sys
+ RDPWD	RDP Terminal Stack Driver (US/Canada Only, Not for Export)	Microsoft Corporation	c:\windows\system32\drivers\rdpwd.sys
+ redbook	Redbook Audio Filter Driver	Microsoft Corporation	c:\windows\system32\drivers\redbook.sys
+ RTL8023xp	Realtek 10/100/1000 NDIS 5.1 Driver                         	Realtek Semiconductor Corporation                           	c:\windows\system32\drivers\rtnicxp.sys
+ rtl8139	Realtek RTL8139/810x Family NDIS 5.1 Drv	Realtek Semiconductor Corporation       	c:\windows\system32\drivers\r8139n51.sys
+ SafeBoxKrnl	360‰hkë - Ýi±	360‰h-Ã	c:\windows\system32\drivers\safeboxkrnl.sys
+ sdjbsys			File not found: C:\WINDOWS\system32\drivers\sdjbsys.sys
+ Secdrv	SafeDisc driver	Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.	c:\windows\system32\drivers\secdrv.sys
+ Serenum	Serial Port Enumerator	Microsoft Corporation	c:\windows\system32\drivers\serenum.sys
+ Serial	Serial Device Driver	Microsoft Corporation	c:\windows\system32\drivers\serial.sys
+ Sfloppy	SCSI Floppy Driver	Microsoft Corporation	c:\windows\system32\drivers\sfloppy.sys
+ Sipihao5			c:\windows\system32\drivers\sipihao5.sys
+ SiS315	SiS Compatible Super VGA Driver	Silicon Integrated Systems Corporation	c:\windows\system32\drivers\sisgrp.sys
+ SISAGP	SiS AGPv3.5 Filter	Silicon Integrated Systems Corporation	c:\windows\system32\drivers\sisagpx.sys
+ SiSkp	SiS VGA Driver Manager	Silicon Integrated Systems Corporation	c:\windows\system32\drivers\srvkp.sys
+ SLIP	Microsoft Slip Deframing Filter Minidriver	Microsoft Corporation	c:\windows\system32\drivers\slip.sys
+ SPBBCDrv	SPBBC Driver	Symantec Corporation	c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys
+ splitter	Microsoft Kernel Audio Splitter	Microsoft Corporation	c:\windows\system32\drivers\splitter.sys
+ sr	System Restore Filesystem Filter Driver	Microsoft Corporation	c:\windows\system32\drivers\sr.sys
+ SRTSP	Symantec AutoProtect	Symantec Corporation	c:\windows\system32\drivers\srtsp.sys
+ SRTSPL	Symantec AutoProtect	Symantec Corporation	c:\windows\system32\drivers\srtspl.sys
+ SRTSPX	Symantec AutoProtect	Symantec Corporation	c:\windows\system32\drivers\srtspx.sys
+ streamip	Microsoft IP Driver	Microsoft Corporation	c:\windows\system32\drivers\streamip.sys
+ swenum	Plug and Play Software Device Enumerator	Microsoft Corporation	c:\windows\system32\drivers\swenum.sys
+ swmidi	Microsoft GS Wavetable Synthesizer	Microsoft Corporation	c:\windows\system32\drivers\swmidi.sys
+ SYMDNS	DNS Filter Driver	Symantec Corporation	c:\windows\system32\drivers\symdns.sys
+ SymEvent	Symantec Event Library	Symantec Corporation	c:\windows\system32\drivers\symevent.sys
+ SYMFW	Firewall Filter Driver	Symantec Corporation	c:\windows\system32\drivers\symfw.sys
+ SYMIDS	IDS Filter Driver	Symantec Corporation	c:\windows\system32\drivers\symids.sys
+ SYMIDSCO	IDS Core Driver	Symantec Corporation	c:\program files\common files\symantec shared\symcdata\ipsdefs\20090129.001\symidsco.sys
+ SymIM	NDIS Intermediate Driver	Symantec Corporation	c:\windows\system32\drivers\symim.sys
+ SymIMMP	NDIS Intermediate Driver	Symantec Corporation	c:\windows\system32\drivers\symim.sys
+ SYMNDIS	NDIS Filter Driver	Symantec Corporation	c:\windows\system32\drivers\symndis.sys
+ SYMREDRV	Redirector Filter Driver	Symantec Corporation	c:\windows\system32\drivers\symredrv.sys
+ SYMTDI	Network Dispatch Driver	Symantec Corporation	c:\windows\system32\drivers\symtdi.sys
+ sysaudio	System Audio WDM Filter	Microsoft Corporation	c:\windows\system32\drivers\sysaudio.sys
+ SysTdSvr			File not found: system32\drivers\SysTdSvr.sys
+ Tcpip	TCP/IP Protocol Driver	Microsoft Corporation	c:\windows\system32\drivers\tcpip.sys
+ TDPIPE	Named Pipe Transport Driver	Microsoft Corporation	c:\windows\system32\drivers\tdpipe.sys
+ TDTCP	TCP Transport Driver	Microsoft Corporation	c:\windows\system32\drivers\tdtcp.sys
+ TermDD	Terminal Server Driver	Microsoft Corporation	c:\windows\system32\drivers\termdd.sys
+ ubohci	UBOHCI WDM Miniport Driver (XP)	Unibrain S.A.	c:\windows\system32\drivers\ubohci.sys
+ ubsbm	FireAPI? Serial Bus Manager (XP)	Unibrain S.A.	c:\windows\system32\drivers\ubsbm.sys
+ ubumapi	FireAPI? User Mode Support (XP)	Unibrain S.A.	c:\windows\system32\drivers\ubumapi.sys
+ Update	Update Driver	Microsoft Corporation	c:\windows\system32\drivers\update.sys
+ usb_rndisx	Remote NDIS USB Driver	Microsoft Corporation	c:\windows\system32\drivers\usb8023x.sys
+ usbccgp	USB Common Class Generic Parent Driver	Microsoft Corporation	c:\windows\system32\drivers\usbccgp.sys
+ usbehci	EHCI eUSB Miniport Driver	Microsoft Corporation	c:\windows\system32\drivers\usbehci.sys
+ usbhub	Default Hub Driver for USB	Microsoft Corporation	c:\windows\system32\drivers\usbhub.sys
+ usbohci	OHCI USB Miniport Driver	Microsoft Corporation	c:\windows\system32\drivers\usbohci.sys
+ usbprint	USB Printer driver	Microsoft Corporation	c:\windows\system32\drivers\usbprint.sys
+ usbscan	USB Scanner Driver	Microsoft Corporation	c:\windows\system32\drivers\usbscan.sys
+ USBSTOR	USB Mass Storage Class Driver	Microsoft Corporation	c:\windows\system32\drivers\usbstor.sys
+ usbuhci	UHCI USB Miniport Driver	Microsoft Corporation	c:\windows\system32\drivers\usbuhci.sys
+ VgaSave	Controls the VGA display adapter to provide basic display capabilities.	Microsoft Corporation	c:\windows\system32\drivers\vga.sys
+ viaagp1	VIA NT AGP Filter	VIA Technologies, Inc.	c:\windows\system32\drivers\viaagp1.sys
+ viagfx	VIA/S3G Miniport Driver	Copyright (C) VIA/S3 Graphics Co, Ltd.	c:\windows\system32\drivers\vtmini.sys
+ VolSnap	Volume Shadow Copy Driver	Microsoft Corporation	c:\windows\system32\drivers\volsnap.sys
+ Wanarp	Remote Access IP ARP Driver	Microsoft Corporation	c:\windows\system32\drivers\wanarp.sys
+ wceusbsh	Windows CE USB Serial Host	Microsoft Corporation	c:\windows\system32\drivers\wceusbsh.sys
+ WDICA			File not found: C:\WINDOWS\System32\Drivers\WDICA.sys
+ wdmaud	MMSYSTEM Wave/Midi API mapper	Microsoft Corporation	c:\windows\system32\drivers\wdmaud.sys
+ WmaCDriverV32	Support Device	Windows (R) 2000/XP	c:\windows\system32\drivers\wmacdriverv32.sys
+ WMP11V27	NDIS 5.0 Driver	The Linksys Group, Inc	c:\windows\system32\drivers\wmp11v27.sys
+ WSTCODEC	WDM WST Codec Driver	Microsoft Corporation	c:\windows\system32\drivers\wstcodec.sys
+ WudfPf	Provide communciation services for UMDF components.	Microsoft Corporation	c:\windows\system32\drivers\wudfpf.sys
+ WudfRd	Reflect device requests to user-mode driver drivers	Microsoft Corporation	c:\windows\system32\drivers\wudfrd.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute			
+ autocheck autochk *	Auto Check Utility	Microsoft Corporation	c:\windows\system32\autochk.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options			
+ Your Image File Name Here without a path	Symbolic Debugger for Windows 2000	Microsoft Corporation	c:\windows\system32\ntsd.exe
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls			
+ advapi32	Advanced Windows 32 Base API	Microsoft Corporation	c:\windows\system32\advapi32.dll
+ comdlg32	Common Dialogs DLL	Microsoft Corporation	c:\windows\system32\comdlg32.dll
+ gdi32	GDI Client DLL	Microsoft Corporation	c:\windows\system32\gdi32.dll
+ imagehlp	Windows NT Image Helper	Microsoft Corporation	c:\windows\system32\imagehlp.dll
+ kernel32	Windows NT BASE API Client DLL	Microsoft Corporation	c:\windows\system32\kernel32.dll
+ lz32	LZ Expand/Compress API DLL	Microsoft Corporation	c:\windows\system32\lz32.dll
+ ole32	Microsoft OLE for Windows	Microsoft Corporation	c:\windows\system32\ole32.dll
+ oleaut32		Microsoft Corporation	c:\windows\system32\oleaut32.dll
+ olecli32	Object Linking and Embedding Client Library	Microsoft Corporation	c:\windows\system32\olecli32.dll
+ olecnv32	Microsoft OLE for Windows	Microsoft Corporation	c:\windows\system32\olecnv32.dll
+ olesvr32	Object Linking and Embedding Server Library	Microsoft Corporation	c:\windows\system32\olesvr32.dll
+ olethk32	Microsoft OLE for Windows	Microsoft Corporation	c:\windows\system32\olethk32.dll
+ rpcrt4	Remote Procedure Call Runtime	Microsoft Corporation	c:\windows\system32\rpcrt4.dll
+ shell32	Windows Shell Common Dll	Microsoft Corporation	c:\windows\system32\shell32.dll
+ url	Internet Shortcut Shell Extension DLL	Microsoft Corporation	c:\windows\system32\url.dll
+ urlmon	OLE32 Extensions for Win32	Microsoft Corporation	c:\windows\system32\urlmon.dll
+ user32	Windows XP USER API Client DLL	Microsoft Corporation	c:\windows\system32\user32.dll
+ version	Version Checking and File Installation Libraries	Microsoft Corporation	c:\windows\system32\version.dll
+ wininet	Internet Extensions for Win32	Microsoft Corporation	c:\windows\system32\wininet.dll
+ wldap32	Win32 LDAP API DLL	Microsoft Corporation	c:\windows\system32\wldap32.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost			
+ logonui.exe	Windows Logon UI	Microsoft Corporation	c:\windows\system32\logonui.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify			
+ crypt32chain	Crypto API32	Microsoft Corporation	c:\windows\system32\crypt32.dll
+ cryptnet	Crypto Network Related API	Microsoft Corporation	c:\windows\system32\cryptnet.dll
+ cscdll	Offline Network Agent	Microsoft Corporation	c:\windows\system32\cscdll.dll
+ dimsntfy	DIMS Notification Handler	Microsoft Corporation	c:\windows\system32\dimsntfy.dll
+ igfxcui	igfxdev Module	Intel Corporation	c:\windows\system32\igfxdev.dll
+ ScCertProp	Common DLL to receive Winlogon notifications	Microsoft Corporation	c:\windows\system32\wlnotify.dll
+ Schedule	Common DLL to receive Winlogon notifications	Microsoft Corporation	c:\windows\system32\wlnotify.dll
+ sclgntfy	Secondary Logon Service Notification DLL	Microsoft Corporation	c:\windows\system32\sclgntfy.dll
+ SensLogn	Common DLL to receive Winlogon notifications	Microsoft Corporation	c:\windows\system32\wlnotify.dll
+ termsrv	Common DLL to receive Winlogon notifications	Microsoft Corporation	c:\windows\system32\wlnotify.dll
+ WgaLogon	Windows Genuine Advantage Notification	Microsoft Corporation	c:\windows\system32\wgalogon.dll
+ wlballoon	Common DLL to receive Winlogon notifications	Microsoft Corporation	c:\windows\system32\wlnotify.dll
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries			
+ 000000000001	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\windows\system32\mswsock.dll
+ 000000000002	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\windows\system32\mswsock.dll
+ 000000000003	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\windows\system32\mswsock.dll
+ 000000000004	Microsoft Windows Rsvp 1.0 Service Provider	Microsoft Corporation	c:\windows\system32\rsvpsp.dll
+ 000000000005	Microsoft Windows Rsvp 1.0 Service Provider	Microsoft Corporation	c:\windows\system32\rsvpsp.dll
+ 000000000006	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\windows\system32\mswsock.dll
+ 000000000007	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\windows\system32\mswsock.dll
+ 000000000008	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\windows\system32\mswsock.dll
+ 000000000009	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\windows\system32\mswsock.dll
+ 000000000010	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\windows\system32\mswsock.dll
+ 000000000011	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\windows\system32\mswsock.dll
+ 000000000012	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\windows\system32\mswsock.dll
+ 000000000013	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\windows\system32\mswsock.dll
+ 000000000014	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\windows\system32\mswsock.dll
+ 000000000015	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\windows\system32\mswsock.dll
+ 000000000016	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\windows\system32\mswsock.dll
+ 000000000017	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\windows\system32\mswsock.dll
+ 000000000018	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\windows\system32\mswsock.dll
+ 000000000019	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\windows\system32\mswsock.dll
+ 000000000020	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\windows\system32\mswsock.dll
+ 000000000021	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\windows\system32\mswsock.dll
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries			
+ mdnsNSP	Bonjour Namespace Provider	Apple Inc.	c:\program files\bonjour\mdnsnsp.dll
+ Network Location Awareness (NLA) Namespace	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\windows\system32\mswsock.dll
+ NTDS	LDAP RnR Provider DLL	Microsoft Corporation	c:\windows\system32\winrnr.dll
+ Tcpip	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\windows\system32\mswsock.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors			
+ Adobe PDF Port	Acrobat ? PDF Port	Adobe Systems Incorporated.	c:\windows\system32\adobepdf.dll
+ APFMON40	Local Monitor DLL	TurboPower Software Company	c:\windows\system32\apfmon40.dll
+ BJ Language Monitor	Langage Monitor for Canon Bubble-Jet Printer	Microsoft Corporation	c:\windows\system32\cnbjmon.dll
+ EPSON V6 2KMonitor	EPSON Bi-directional Monitor	SEIKO EPSON CORPORATION	c:\windows\system32\ebpmon24.dll
+ Local Port	Local Spooler DLL	Microsoft Corporation	c:\windows\system32\localspl.dll
+ Microsoft Document Imaging Writer Monitor	Microsoft? Document Imaging	Microsoft Corporation	c:\windows\system32\mdimon.dll
+ Microsoft Shared Fax Monitor	Microsoft  Fax Print Monitor	Microsoft Corporation	c:\windows\system32\fxsmon.dll
+ PJL Language Monitor	PJL Language monitor	Microsoft Corporation	c:\windows\system32\pjlmon.dll
+ Standard TCP/IP Port	Standard TCP/IP Port Monitor DLL	Microsoft Corporation	c:\windows\system32\tcpmon.dll
+ USB Monitor	Standard Dynamic Printing Port Monitor DLL	Microsoft Corporation	c:\windows\system32\usbmon.dll
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders			
+ digest.dll	Digest SSPI Authentication Package	Microsoft Corporation	c:\windows\system32\digest.dll
+ msapsspc.dll	DPA Client for 32 bit platforms	Microsoft Corporation	c:\windows\system32\msapsspc.dll
+ msnsspc.dll	MSN Internet Access	Microsoft Corporation	c:\windows\system32\msnsspc.dll
+ schannel.dll	TLS / SSL Security Provider	Microsoft Corporation	c:\windows\system32\schannel.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages			
+ msv1_0	Microsoft Authentication Package v1.0	Microsoft Corporation	c:\windows\system32\msv1_0.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages			
+ scecli	Windows Security Configuration Editor Client Engine	Microsoft Corporation	c:\windows\system32\scecli.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages			
+ kerberos	Kerberos Security Package	Microsoft Corporation	c:\windows\system32\kerberos.dll
+ msv1_0	Microsoft Authentication Package v1.0	Microsoft Corporation	c:\windows\system32\msv1_0.dll
+ schannel	TLS / SSL Security Provider	Microsoft Corporation	c:\windows\system32\schannel.dll
+ wdigest	Microsoft Digest Access	Microsoft Corporation	c:\windows\system32\wdigest.dll
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order			
+ LanmanWorkstation	Microsoft Windows Network	Microsoft Corporation	c:\windows\system32\ntlanman.dll
+ RDPNP	Microsoft Terminal Services	Microsoft Corporation	c:\windows\system32\drprov.dll
+ WebClient	Web Client Network	Microsoft Corporation	c:\windows\system32\davclnt.dll

Open in new window

Avatar of johnb6767
johnb6767
Flag of United States of America image
Can you redo the AutoRuns log, and save it as a .ARN file? Makes it easier to load in Autoruns, instead of a huge text file....

And what about this one.....

Looks to possibly be viral.....
O4 - HKLM\..\Run: [Ð5Æ:QuH] C:\Program Files\sohutv_web\SysTrayIcon.exe "C:\Program Files\sohutv_web" "683ae79bab452e0534bc66723d728881" "1.0.0.10" ""

Did you get the scan results form the Jotti link I sent?

And that RunDLL32.exe is fine if you have a Creative Webcam....
Avatar of orangutang
orangutang
Also, have you checked your event viewer for anything related to your problem?
Avatar of johnb6767
johnb6767
Flag of United States of America image
BTW, whats the output of the following command?

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" /s
Avatar of orangutang
orangutang
It says right here:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify                  
+ crypt32chain      Crypto API32      Microsoft Corporation      c:\windows\system32\crypt32.dll
+ cryptnet      Crypto Network Related API      Microsoft Corporation      c:\windows\system32\cryptnet.dll
+ cscdll      Offline Network Agent      Microsoft Corporation      c:\windows\system32\cscdll.dll
+ dimsntfy      DIMS Notification Handler      Microsoft Corporation      c:\windows\system32\dimsntfy.dll
+ igfxcui      igfxdev Module      Intel Corporation      c:\windows\system32\igfxdev.dll
+ ScCertProp      Common DLL to receive Winlogon notifications      Microsoft Corporation      c:\windows\system32\wlnotify.dll
+ Schedule      Common DLL to receive Winlogon notifications      Microsoft Corporation      c:\windows\system32\wlnotify.dll
+ sclgntfy      Secondary Logon Service Notification DLL      Microsoft Corporation      c:\windows\system32\sclgntfy.dll
+ SensLogn      Common DLL to receive Winlogon notifications      Microsoft Corporation      c:\windows\system32\wlnotify.dll
+ termsrv      Common DLL to receive Winlogon notifications      Microsoft Corporation      c:\windows\system32\wlnotify.dll
+ WgaLogon      Windows Genuine Advantage Notification      Microsoft Corporation      c:\windows\system32\wgalogon.dll
+ wlballoon      Common DLL to receive Winlogon notifications      Microsoft Corporation      c:\windows\system32\wlnotify.dll
Avatar of johnb6767
johnb6767
Flag of United States of America image
TY.... Didnt really feel like digin through therre to look, much less even think about it..... Looks good to me.... Might try unchcking everything but the WGA related ones and see if the errors go away. Not sure if you can uncheck the WGA ones and still boot, which is why I am suggesting this with caution....
Avatar of rscsei
rscsei

ASKER

Sorry john6767, the ARN of auturun files with extension not accepted here, so I can't upload it. For the output of command. it initially worked. but then an error message shows with different memory address. I thought I can finally get rid of it, so I run the command in normal system, but after restart the system, the old error message came back!
Avatar of rscsei
rscsei

ASKER

orangutang:

I checked the event viewer, and this entry sems the cause of the problem. Its happened during yesterday when I shut down the computer.

Windows saved user YOUR-03667082DE\HP_Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

 This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Avatar of rscsei
rscsei

ASKER

the above event viewer source is Userenv. maybe from userenv.dll
Avatar of orangutang
orangutang
That is a very common event and probably isn't related to your problem. Did you try johnb6767's suggestion?
Avatar of johnb6767
johnb6767
Flag of United States of America image
*waiting for the results of the requested virus scan of systrayicon.exe........****

And the .arn file can be renamed to .txt, then uploaded...
Avatar of rscsei
rscsei

ASKER

Hi, john6767 scan result of c\program files\sohu webtv\trayicon.exe
This program is a flash TV program from a wellknown Chinese website www.sohu.com 
The ARN file is attached.

Scan taken on 08 Feb 2009 06:35:11 (GMT)  
A-Squared  Found nothing
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
CPsecure  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
F-Secure Anti-Virus  Found nothing
G DATA  Found nothing
Ikarus  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
Panda Antivirus  Found nothing
Sophos Antivirus  Found nothing
VirusBuster  Found nothing
VBA32  Found nothing
   

AutoRuns1.txt
Avatar of johnb6767
johnb6767
Flag of United States of America image
Ok. Thats the problem with a lot of Chinese apps, on the normal sites, they dont get alot of exposure, so when they are referenced, alot of them might come up as a threat.....

You have WAAAAY too much starting with Windows. You really need to do some maintenance in the Logon section in AutoRuns. Anything not critical to the operation of your PC and apps, should be unchecked so they dont sit there and waste memory when not being used.....

Same thing for Internet Explorer tab. Any no longer needed BHO's should be unchecked.

Your system will really appreciate it.....
Avatar of orangutang
orangutang
Or maybe do something extremely risky by disabling all notify keys and restart to see if you still get the error.
Avatar of Paranormastic
Paranormastic
Flag of United States of America image
I see you have some smartcard stuff - sometimes they will install a GiNA stub that interacts heavily with the winlogon process to pass the smartcard logon events to Windows, etc.

Is there anything here:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Look for "GinaDLL" and see if there is anything present.  If allowed, you can try renaming that to 'OLDGinaDLL" and reboot.  Note: this will not disable the smartcard functionality for your applications in general, but will impact smartcard logon events (e.g. if you have it set to lock or log out upon card removal, smartcard logon to the OS, etc.).  Sounds like you dont do this anyways, so you should be safe to test this.  As always, backup your registry prior to change, etc.etc.

Shouldn't need to mess with the smartcard logon service or any of that.
Avatar of rscsei
rscsei

ASKER

Hi: I am glad that so many experts leave their knowledge and suggestions for my problem.  Actually, after 2 days research and tests, I found the problem is in the Chinese language input software. When my problems happened, the language bar with Chinese input were also disappeared, because they were minor to be noticed, and the error message were in English, so I never thought the Chinese input software would be a problem, and I didn't mention this in the problem description as well.  The problem is due to a log file get corrupt, and seems Windows will only fully start after process this file. Since this fgile was corrupt, the problem occured. The crrupted file is C:\program\Sogou Input\4.00.2088\ErrorLog\2009_02_07|ErrorAsset.log

The Chinese Input Software I currently use is Sougou Pinyin, its very popular in China and its a free softgware. The solution is easy, just upgrade the Sougou Pinyin to latest version. Now my problem get solved.

Up to now, I am very thankful for thoses give me comments & suggestions, especially john6767 and orangutang. Thanks for all your time anf effort.
Avatar of johnb6767
johnb6767
Flag of United States of America image
Been out of town this weekend, but glad to come back and see you resolved this one....