Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

~*~Mixed Bag of Problems~*~

This is a discussion on ~*~Mixed Bag of Problems~*~ within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. As a matter of fact, I'm getting there...


Reply
 
Thread Tools Search this Thread
Old 07-02-2012, 07:19 PM   #101
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



As a matter of fact, I'm getting there...

__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 07-02-2012, 07:53 PM   #102
Registered Member
 
Join Date: Jan 2012
Location: Colorado
Posts: 148
OS: Windows 7



Aww! I'm sorry! But on the bright side, we now have a ComboFix log:

ComboFix 12-07-02.01 - Maria Tabitha 07/02/2012 20:21:48.4.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1911.1183 [GMT -6:00]
Running from: c:\users\Maria Tabitha\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-07-03 02:40 . 2012-07-03 02:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-03 02:40 . 2012-07-03 02:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-03 02:18 . 2012-07-03 02:18 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68BAC94A-AE57-4E59-88EB-4F0DC8CC75A0}\offreg.dll
2012-07-02 23:30 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68BAC94A-AE57-4E59-88EB-4F0DC8CC75A0}\mpengine.dll
2012-06-30 19:39 . 2012-02-09 20:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E868032-2749-4B57-AC20-838B3C52136C}\gapaengine.dll
2012-06-30 15:21 . 2012-06-30 19:36 65 ----a-w- C:\query netbt.bat
2012-06-30 02:55 . 2012-06-30 03:46 -------- d-----w- c:\program files\Common Files\Java
2012-06-30 02:44 . 2012-06-30 03:46 -------- d-----w- c:\program files\Oracle
2012-06-30 02:21 . 2012-06-30 02:21 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-30 02:19 . 2012-06-30 02:19 -------- d-----w- c:\programdata\McAfee
2012-06-30 02:14 . 2012-06-30 02:14 -------- d-----w- c:\users\Maria Tabitha\AppData\Local\Macromedia
2012-06-28 05:46 . 2012-06-29 20:22 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{88D675A6-AE7C-41BE-A89A-674E627E9522}\offreg.dll
2012-06-28 05:34 . 2012-06-30 03:54 -------- d-----w- c:\windows\system32\SPReview
2012-06-28 04:52 . 2010-11-20 10:21 198144 ----a-w- c:\windows\system32\sysclass.dll
2012-06-28 04:33 . 2012-06-28 04:33 -------- d-----w- c:\windows\system32\EventProviders
2012-06-27 04:08 . 2012-06-27 04:08 -------- d-----w- c:\program files\Common Files\xing shared
2012-06-27 04:07 . 2012-06-27 04:07 129144 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2012-06-26 10:45 . 2012-06-18 09:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{88D675A6-AE7C-41BE-A89A-674E627E9522}\mpengine.dll
2012-06-19 07:04 . 2012-06-19 07:04 85472 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-06-19 07:04 . 2012-06-19 07:04 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-06-19 07:04 . 2012-06-19 07:04 18912 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-06-19 07:04 . 2012-06-19 07:04 117728 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2012-06-19 07:04 . 2012-06-19 07:04 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-06-19 07:04 . 2012-06-19 07:04 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-19 07:04 . 2012-06-19 07:04 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-11 01:58 . 2012-06-11 01:58 -------- d-----w- c:\users\Maria Tabitha\AppData\Local\Ilivid Player
2012-06-11 01:47 . 2012-06-11 01:47 -------- d-----w- c:\users\Maria Tabitha\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-30 02:14 . 2012-04-03 17:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-30 02:14 . 2011-07-30 06:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-28 05:27 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-06-27 04:07 . 2011-12-13 22:56 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-27 04:07 . 2011-12-13 22:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-31 03:41 . 2012-01-12 02:37 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-05 01:29 . 2010-11-18 17:38 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 21:56 . 2012-01-11 02:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-19 07:04 . 2012-06-19 07:04 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-08-21 18:47 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-08-21 18:47 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-16 6276408]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-08 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-08 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-08 170008]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-08-02 726640]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2012-04-03 5249024]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-08-24 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-08-24 95544]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-06-27 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R1 MpKsl6de5363f;MpKsl6de5363f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FD2E748-5113-4B27-922A-AFF331F0F9AE}\MpKsl6de5363f.sys [x]
R1 MpKsl9346043a;MpKsl9346043a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8CE9F11-07FD-4089-8F53-DF6FFA47CEFC}\MpKsl9346043a.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:14]
.
.
------- Supplementary Scan -------
.
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: convergysworkathome.com\www
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - c:\users\Maria Tabitha\AppData\Roaming\Mozilla\Firefox\Profiles\i5cwg6d1.default-1341042064726\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1749685330-1117841376-509585274-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1749685330-1117841376-509585274-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(560)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(4428)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2012-07-02 20:44:02
ComboFix-quarantined-files.txt 2012-07-03 02:44
ComboFix2.txt 2012-07-02 23:21
ComboFix3.txt 2012-06-28 01:03
ComboFix4.txt 2012-02-12 00:42
.
Pre-Run: 195,253,194,752 bytes free
Post-Run: 194,972,647,424 bytes free
.
- - End Of File - - 081E23CDADD1CCC9C3CBFBC0C5B4A277

__________________
TabbyCat725 is offline   Reply With Quote
Old 07-02-2012, 08:12 PM   #103
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



Thanks.

Everything is in place as far as our logs can see. I take it you still cannot run Windows Update?

If so, try creating a new Admin user account and see if Windows Updates work in that account.

Click Start>Control Panel>User Accounts>Manage another account>Create New Account.

Be sure to give it Administrative priveleges.

=====================================

Log into that new account and try Windows Update. Let me know what happens.

Look in the left side panel and click Manage
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 07-02-2012, 08:34 PM   #104
Registered Member
 
Join Date: Jan 2012
Location: Colorado
Posts: 148
OS: Windows 7



I received the same error as I do on this account. :(
__________________
TabbyCat725 is offline   Reply With Quote
Old 07-02-2012, 08:56 PM   #105
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



Odd question for you - is this machine connected to the internet wirelessly via a router, or is it connected directly to the modem.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 07-02-2012, 09:28 PM   #106
Registered Member
 
Join Date: Jan 2012
Location: Colorado
Posts: 148
OS: Windows 7



It's wireless.
__________________
TabbyCat725 is offline   Reply With Quote
Old 07-02-2012, 09:30 PM   #107
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



How difficult would it be for you to connect it directly to the modem?

One more thing -- please navigate to C:\Qoobox and post the ComboFix2.txt
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 07-02-2012, 09:45 PM   #108
Registered Member
 
Join Date: Jan 2012
Location: Colorado
Posts: 148
OS: Windows 7



Umm, probably not too difficult. I can look for the cord tomorrow, if you'd like.

Here's ComboFix2:


ComboFix 12-07-02.01 - Maria Tabitha 07/02/2012 16:58:16.3.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1911.1101 [GMT -6:00]
Running from: c:\users\Maria Tabitha\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 )))))))))))))))))))))))))))))))
.
.
2012-07-02 23:16 . 2012-07-02 23:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-02 23:16 . 2012-07-02 23:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-01 09:38 . 2012-07-01 09:38 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D333FA37-E6F0-48A6-A907-C3CBD5AA1F69}\offreg.dll
2012-06-30 19:39 . 2012-02-09 20:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E868032-2749-4B57-AC20-838B3C52136C}\gapaengine.dll
2012-06-30 19:38 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D333FA37-E6F0-48A6-A907-C3CBD5AA1F69}\mpengine.dll
2012-06-30 15:21 . 2012-06-30 19:36 65 ----a-w- C:\query netbt.bat
2012-06-30 02:55 . 2012-06-30 03:46 -------- d-----w- c:\program files\Common Files\Java
2012-06-30 02:44 . 2012-06-30 03:46 -------- d-----w- c:\program files\Oracle
2012-06-30 02:21 . 2012-06-30 02:21 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-30 02:19 . 2012-06-30 02:19 -------- d-----w- c:\programdata\McAfee
2012-06-30 02:14 . 2012-06-30 02:14 -------- d-----w- c:\users\Maria Tabitha\AppData\Local\Macromedia
2012-06-28 05:46 . 2012-06-29 20:22 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{88D675A6-AE7C-41BE-A89A-674E627E9522}\offreg.dll
2012-06-28 05:34 . 2012-06-30 03:54 -------- d-----w- c:\windows\system32\SPReview
2012-06-28 04:52 . 2010-11-20 10:21 198144 ----a-w- c:\windows\system32\sysclass.dll
2012-06-28 04:33 . 2012-06-28 04:33 -------- d-----w- c:\windows\system32\EventProviders
2012-06-27 04:08 . 2012-06-27 04:08 -------- d-----w- c:\program files\Common Files\xing shared
2012-06-27 04:07 . 2012-06-27 04:07 129144 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2012-06-26 10:45 . 2012-06-18 09:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{88D675A6-AE7C-41BE-A89A-674E627E9522}\mpengine.dll
2012-06-19 07:04 . 2012-06-19 07:04 85472 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-06-19 07:04 . 2012-06-19 07:04 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-06-19 07:04 . 2012-06-19 07:04 18912 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-06-19 07:04 . 2012-06-19 07:04 117728 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2012-06-19 07:04 . 2012-06-19 07:04 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-06-19 07:04 . 2012-06-19 07:04 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-19 07:04 . 2012-06-19 07:04 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-11 01:58 . 2012-06-11 01:58 -------- d-----w- c:\users\Maria Tabitha\AppData\Local\Ilivid Player
2012-06-11 01:47 . 2012-06-11 01:47 -------- d-----w- c:\users\Maria Tabitha\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-30 02:14 . 2012-04-03 17:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-30 02:14 . 2011-07-30 06:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-28 05:27 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-06-27 04:07 . 2011-12-13 22:56 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-27 04:07 . 2011-12-13 22:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-31 03:41 . 2012-01-12 02:37 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-05 01:29 . 2010-11-18 17:38 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 21:56 . 2012-01-11 02:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 23:28 . 2010-11-18 17:43 52224 ----a-w- c:\windows\system32\wltrynt.dll
2012-04-03 23:28 . 2010-11-18 17:43 457 ----a-w- c:\windows\system32\vcredist_x86.bat
2012-04-03 23:28 . 2010-11-18 17:43 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
2012-04-03 23:28 . 2010-11-18 17:43 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-04-03 23:28 . 2010-11-18 17:43 1032192 ----a-w- c:\windows\system32\BCMLogon.dll
2012-04-03 23:28 . 2010-11-18 17:43 7489024 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2012-04-03 23:28 . 2010-11-18 17:43 58368 ----a-w- c:\windows\system32\bcmwlrmt.dll
2012-04-03 23:28 . 2010-11-18 17:43 4517888 ----a-w- c:\windows\system32\bcmttls.dll
2012-04-03 23:28 . 2010-11-18 17:43 18424 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2012-06-19 07:04 . 2012-06-19 07:04 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-08-21 18:47 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-08-21 18:47 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-16 6276408]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-08 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-08 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-08 170008]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-08-02 726640]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2012-04-03 5249024]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-08-24 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-08-24 95544]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-06-27 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R1 MpKsl6de5363f;MpKsl6de5363f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FD2E748-5113-4B27-922A-AFF331F0F9AE}\MpKsl6de5363f.sys [x]
R1 MpKsl9346043a;MpKsl9346043a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8CE9F11-07FD-4089-8F53-DF6FFA47CEFC}\MpKsl9346043a.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:14]
.
.
------- Supplementary Scan -------
.
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: convergysworkathome.com\www
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - c:\users\Maria Tabitha\AppData\Roaming\Mozilla\Firefox\Profiles\i5cwg6d1.default-1341042064726\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1749685330-1117841376-509585274-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1749685330-1117841376-509585274-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(560)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(8472)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2012-07-02 17:21:04
ComboFix-quarantined-files.txt 2012-07-02 23:21
ComboFix2.txt 2012-06-28 01:03
ComboFix3.txt 2012-02-12 00:42
.
Pre-Run: 195,758,190,592 bytes free
Post-Run: 195,350,360,064 bytes free
.
- - End Of File - - 50B8878F1B07915790708EB0CBC480C5
__________________
TabbyCat725 is offline   Reply With Quote
Old 07-02-2012, 09:59 PM   #109
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



It was just a thought - I had seen some people resolve this issue by connecting directly to the modem, but honestly, I don't think that will make any difference for you due to the infection you had on this machine. ZAccess is known to damage the Operating System and sometimes we just cannot locate exactly what it did to mess up the Windows Update feature. You may end up having to reinstall Windows 7.

Before we do that, I'd like to get a look at several more registry keys. If these appear as they should, then a reinstall would be the quickest and safest way for you to proceed.

Open SystemLook and copy/paste the following into the open field:

Code:
:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{11c058e0-9f3e-4c90-a459-2553f2f9e011}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{653C5148-4DCE-4905-9CFD-1B23662D3D9E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B366DEBE-645B-43A5-B865-DDD82C345492}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{e30984f1-b02b-4c27-a40f-23d11b8c1212}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{f62fdd2e-66d2-423b-9a04-f71ea00f892a}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36eef7db-88ad-4e81-ad49-0e313f0c35f8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfbc05bc-1b9e-4693-a49c-4e7181d69e0a}
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3DE\52C64B7E
Click the Look button. The log will pop open for you, and will also be saved on the desktop as SystemLook.txt (if that's where SystemLook.exe is located)

Please attach that log to your next reply. I'll look it over tomorrow.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 07-02-2012, 10:10 PM   #110
Registered Member
 
Join Date: Jan 2012
Location: Colorado
Posts: 148
OS: Windows 7



Aww. I so hope I don't need to reinstall Windows!! <~*~ Pardon me while I throw a temper tantrum.

I've attached the log.
Attached Files
File Type: txt SystemLook.txt (11.7 KB, 10 views)
__________________
TabbyCat725 is offline   Reply With Quote
Old 07-03-2012, 01:43 PM   #111
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



Thanks. :)

A bit my fault on that last script - I need to find out the full registry key path on your machine.

Open SystemLook and copy/paste the following into the open field and click the Look button.

Quote:
:regfind
52C64B7E
Post the log for me, then I'll have you do another SystemLook once I see the path to that folder.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 07-03-2012, 01:54 PM   #112
Registered Member
 
Join Date: Jan 2012
Location: Colorado
Posts: 148
OS: Windows 7



This looks bad...lol

SystemLook 30.07.11 by jpshortstuff
Log created at 14:50 on 03/07/2012 by Maria Tabitha
Administrator - Elevation successful

========== regfind ==========

Searching for "52C64B7E "
No data found.

-= EOF =-
__________________
TabbyCat725 is offline   Reply With Quote
Old 07-03-2012, 02:24 PM   #113
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



Let's try it another way just to be sure it is really missing.

Open SystemLook and copy/paste the following, click Look button and post or attach.the log.

Quote:
:reg
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache /s
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 07-03-2012, 02:44 PM   #114
Registered Member
 
Join Date: Jan 2012
Location: Colorado
Posts: 148
OS: Windows 7



Wow. That took like .2 seconds. As soon as I clicked "look," the log popped up. Here it is:

SystemLook 30.07.11 by jpshortstuff
Log created at 15:41 on 03/07/2012 by Maria Tabitha
Administrator - Elevation successful

========== reg ==========

[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache]
(No values found)

[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\1A9]
(No values found)

[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\1A9\52C64B7E]
"LanguageList"="en-US en"
"@%SystemRoot%\system32\p2pcollab.dll,-8042"="Peer to Peer Trust"
"@%SystemRoot%\system32\qagentrt.dll,-10"="System Health Authentication"
"@%SystemRoot%\system32\dnsapi.dll,-103"="Domain Name System (DNS) Server Trust"
"@%SystemRoot%\System32\fveui.dll,-843"="BitLocker Drive Encryption"
"@%SystemRoot%\System32\fveui.dll,-844"="BitLocker Data Recovery Agent"
"@C:\Windows\system32\prnfldr.dll,-8036"="Printers"
"@C:\Windows\system32\netshell.dll,-1200"="Network Connections"
"@C:\Windows\System32\ie4uinit.exe,-731"="Internet Explorer"
"@C:\Windows\system32\SNTSearch.dll,-505"="Sticky Notes"
"@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100"="Bing Bar"
"@gameux.dll,-10102"="Internet Backgammon"
"@gameux.dll,-10054"="Chess Titans"
"@gameux.dll,-10060"="Solitaire"
"@gameux.dll,-10103"="Internet Spades"
"@gameux.dll,-10055"="FreeCell"
"@gameux.dll,-10101"="Internet Checkers"
"@gameux.dll,-10059"="Mahjong Titans"
"@gameux.dll,-10061"="Spider Solitaire"
"@gameux.dll,-10058"="Purble Place"
"@gameux.dll,-10057"="Minesweeper"
"@gameux.dll,-10209"="More Games from Microsoft"
"@gameux.dll,-10056"="Hearts"
"@C:\Windows\System32\wpccpl.dll,-100"="Parental Controls"
"@"%systemroot%\system32\windowspowershell\v1.0\powershell.exe",-111"="Performs object-based (command-line) functions"
"@C:\Windows\system32\bcmwlrc.dll,-4049"="DW WLAN Card Readme"
"@C:\Windows\system32\bcmwlrc.dll,-4001"="DW WLAN Card Utility"
"@C:\Program Files\Intel\Intel Control Center\Uninstaller\SetupICC.exe,-102"="View and open Intel applications."
"@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1000"="Blog like a pro, with photos, videos, maps, and more"
"@C:\Program Files\Windows Live\Mail\maillang.dll,-100"="Send and receive email and manage your contacts and calendars."
"@C:\Program Files\Windows Live\Messenger\msgslang.dll,-2140"="Stay in touch with the people you care about most from your PC, phone, or web."
"@C:\Program Files\Windows Live\Photo Gallery\MovieMakerLang.dll,-1135"="Turn your videos and photos into a movie and share it with others."
"@C:\Program Files\Windows Live\Photo Gallery\WLXPhotoLibraryDuiResourcesLocalized.dll,-3100"="View, edit, organize, and share your photos"
"@"%windir%\System32\ie4uinit.exe",-738"="Start Internet Explorer without ActiveX controls or browser extensions."
"@"%windir%\System32\ie4uinit.exe",-732"="Finds and displays information and Web sites on the Internet."
"@gameux.dll,-10301"="Enjoy the classic strategy game of Backgammon. Compete against players online and race to be the first to remove all your playing pieces from the board."
"@gameux.dll,-10308"="Mahjong Titans is a form of solitaire played with tiles instead of cards. Match pairs of tiles until all have been removed from the board in this classic game."
"@gameux.dll,-10307"="Purble Place is an educational and entertaining game that comprises three distinct games that help teach colors, shapes and pattern recognition."
"@C:\Windows\system32\sud.dll,-1"="Default Programs"
"@C:\Windows\ehome\ehres.dll,-100"="Windows Media Center"
"@C:\Windows\system32\WindowsAnytimeUpgradeUI.exe,-1"="Windows Anytime Upgrade"
"@C:\Program Files\Windows Sidebar\sidebar.exe,-1005"="Desktop Gadget Gallery"
"@C:\Windows\system32\FXSRESM.dll,-114"="Windows Fax and Scan"
"@C:\Program Files\DVD Maker\DVDMaker.exe,-61403"="Windows DVD Maker"
"@C:\PROGRA~1\WIC4A1~1\PHOTOG~1\MOVIEM~2.DLL,-1131"="Windows Live Movie Maker"
"@C:\PROGRA~1\WIC4A1~1\Mail\maillang.dll,-21159"="Windows Live Mail"
"@C:\Windows\system32\unregmp2.exe,-4"="Windows Media Player"
"@C:\Windows\system32\wucltux.dll,-1"="Windows Update"
"@C:\PROGRA~1\WIC4A1~1\PHOTOG~1\WL09BB~1.DLL,-3098"="Windows Live Photo Gallery"
"@C:\Windows\system32\XpsRchVw.exe,-102"="XPS Viewer"
"@C:\Windows\system32\DeviceCenter.dll,-2000"="View and manage devices, printers, and print jobs"
"@explorer.exe,-7001"="Find Help topics, tutorials, troubleshooting, and other support services."
"@C:\Windows\System32\ie4uinit.exe,-737"="Internet Explorer (No Add-ons)"
"@C:\Windows\system32\AccessibilityCpl.dll,-10"="Ease of Access Center"
"@C:\PROGRA~1\WIC4A1~1\Writer\WI68BE~1.DLL,-1001"="Windows Live Writer"
"@C:\Windows\system32\sdcpl.dll,-101"="Backup and Restore"
"@C:\Windows\system32\recdisc.exe,-2000"="Create a System Repair Disc"
"@C:\Windows\system32\msra.exe,-100"="Windows Remote Assistance"
"@C:\PROGRA~1\Intel\INTELC~1\UNINST~1\SetupICC.exe,-100"="Intel® Control Center"
"@C:\Windows\system32\gameux.dll,-10054"="Chess Titans"
"@C:\Windows\system32\gameux.dll,-10055"="FreeCell"
"@C:\Windows\system32\gameux.dll,-10082"="Games Explorer"
"@C:\Windows\system32\gameux.dll,-10056"="Hearts"
"@C:\Windows\system32\gameux.dll,-10102"="Internet Backgammon"
"@C:\Windows\system32\gameux.dll,-10101"="Internet Checkers"
"@C:\Windows\system32\gameux.dll,-10103"="Internet Spades"
"@C:\Windows\system32\gameux.dll,-10059"="Mahjong Titans"
"@C:\Windows\system32\gameux.dll,-10057"="Minesweeper"
"@C:\Windows\system32\gameux.dll,-10209"="More Games from Microsoft"
"@C:\Windows\system32\gameux.dll,-10058"="Purble Place"
"@C:\Windows\system32\gameux.dll,-10060"="Solitaire"
"@C:\Windows\system32\gameux.dll,-10061"="Spider Solitaire"
"@C:\Windows\system32\comres.dll,-3410"="Component Services"
"@C:\Windows\system32\mycomput.dll,-300"="Computer Management"
"@C:\Windows\system32\odbcint.dll,-1310"="Data Sources (ODBC)"
"@C:\Windows\system32\miguiresource.dll,-101"="Event Viewer"
"@C:\Windows\system32\iscsicpl.dll,-5001"="iSCSI Initiator"
"@C:\Windows\system32\MdSched.exe,-4001"="Windows Memory Diagnostic"
"@C:\Windows\system32\wdc.dll,-10021"="Performance Monitor"
"@C:\Windows\system32\filemgmt.dll,-2204"="Services"
"@C:\Windows\system32\msconfig.exe,-126"="System Configuration"
"@C:\Windows\system32\miguiresource.dll,-201"="Task Scheduler"
"@C:\Windows\System32\AuthFWGP.dll,-20"="Windows Firewall with Advanced Security"
"@C:\Windows\system32\displayswitch.exe,-320"="Connect to a Projector"
"@C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe,-291"="Math Input Panel"
"@C:\Windows\system32\mblctr.exe,-1008"="Windows Mobility Center"
"@C:\Windows\system32\mstsc.exe,-4000"="Remote Desktop Connection"
"@C:\Windows\system32\SnippingTool.exe,-15051"="Snipping Tool"
"@C:\Windows\system32\SoundRecorder.exe,-100"="Sound Recorder"
"@C:\Windows\System32\SyncCenter.dll,-3000"="Sync Center"
"@C:\Program Files\windows journal\journal.exe,-62005"="Tablet PC"
"@C:\Windows\system32\OobeFldr.dll,-33056"="Getting Started"
"@C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe,-101"="Windows PowerShell ISE"
"@C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe,-298"="Personalize Handwriting Recognition"
"@C:\Program Files\Common Files\Microsoft Shared\Ink\TipTsf.dll,-80"="Tablet PC Input Panel"
"@C:\Program Files\Windows Journal\Journal.exe,-3074"="Windows Journal"
"@C:\Windows\system32\dfrgui.exe,-103"="Disk Defragmenter"
"@C:\Windows\system32\wdc.dll,-10030"="Resource Monitor"
"@C:\Windows\system32\msinfo32.exe,-100"="System Information"
"@C:\Windows\system32\rstrui.exe,-100"="System Restore"
"@C:\Windows\system32\migwiz\wet.dll,-591"="Windows Easy Transfer Reports"
"@C:\Windows\system32\migwiz\wet.dll,-588"="Windows Easy Transfer"
"@C:\Windows\system32\Speech\SpeechUX\sapi.cpl,-5555"="Windows Speech Recognition"
"@%ProgramFiles%\DVD Maker\DVDMaker.exe,-63385"="Burn pictures and video to DVD."
"@C:\Program Files\Common Files\system\wab32res.dll,-10100"="Contacts"
"@C:\Windows\system32\NetworkExplorer.dll,-1"="Network"
"@C:\Windows\System32\powercpl.dll,-1"="Power Options"
"@C:\Windows\System32\powercpl.dll,-2"="Conserve energy or maximize performance by choosing how your computer manages power."
"@C:\Windows\System32\taskbarcpl.dll,-1"="Notification Area Icons"
"@C:\Windows\System32\taskbarcpl.dll,-2"="Select which icons and notifications appear in the notification area."
"@C:\Windows\system32\Vault.dll,-1"="Credential Manager"
"@C:\Windows\system32\Vault.dll,-2"="Manage your Windows Credentials."
"@C:\Windows\System32\sud.dll,-10"="Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."
"@C:\Windows\System32\tsworkspace.dll,-15300"="RemoteApp and Desktop Connections"
"@C:\Windows\System32\tsworkspace.dll,-15301"="Manage your RemoteApp and Desktop Connections"
"@C:\Program Files\windows live\installer\LangSelectorLang.dll,-10000"="Windows Live Language Setting"
"@C:\Program Files\windows live\installer\LangSelectorLang.dll,-10050"="Change the language used for Windows Live programs."
"@C:\Windows\system32\wucltux.dll,-4"="Check for software and driver updates, choose automatic updating settings, or view installed updates."
"@C:\Program Files\Windows Sidebar\sidebar.exe,-11003"="Desktop Gadgets"
"@C:\Program Files\Windows Sidebar\sidebar.exe,-11002"="View the desktop gadgets installed on your computer."
"@C:\Windows\system32\FirewallControlPanel.dll,-12122"="Windows Firewall"
"@C:\Windows\system32\FirewallControlPanel.dll,-12123"="Set firewall security options to help protect your computer from hackers and malicious software."
"@C:\Windows\System32\telephon.cpl,-1"="Phone and Modem"
"@C:\Windows\System32\telephon.cpl,-2"="Configure your telephone dialing rules and modem settings."
"@C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\javacpl.exe,-2"="Java(TM) Control Panel"
"@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1"="Speech Recognition"
"@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2"="Configure how speech recognition works on your computer."
"@C:\Windows\system32\mblctr.exe,-1002"="Windows Mobility Center"
"@C:\Windows\system32\mblctr.exe,-1003"="Adjust display brightness, volume, power options, and other commonly used mobile PC settings."
"@C:\Windows\System32\usercpl.dll,-1"="User Accounts"
"@C:\Windows\System32\usercpl.dll,-2"="Change user account settings and passwords for people who share this computer."
"@C:\Windows\System32\intl.cpl,-1"="Region and Language"
"@C:\Windows\System32\intl.cpl,-2"="Customize settings for the display of languages, numbers, times, and dates."
"@C:\Windows\System32\hgcpl.dll,-1"="HomeGroup"
"@C:\Windows\System32\hgcpl.dll,-2"="View HomeGroup settings, choose sharing options, and view or change the password."
"@C:\Windows\System32\main.cpl,-100"="Mouse"
"@C:\Windows\System32\main.cpl,-101"="Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."
"@C:\Windows\System32\main.cpl,-102"="Keyboard"
"@C:\Windows\System32\main.cpl,-103"="Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."
"@C:\Windows\System32\devmgr.dll,-4"="Device Manager"
"@C:\Windows\System32\devmgr.dll,-5"="View and update your hardware's settings and driver software."
"@C:\Windows\System32\icardres.dll,-4097"="Windows CardSpace"
"@C:\Windows\System32\icardres.dll,-4098"="Manage Information Cards used to log on and register with websites and online services."
"@C:\Windows\System32\PerfCenterCPL.dll,-1"="Performance Information and Tools"
"@C:\Windows\System32\PerfCenterCPL.dll,-2"="Get information about your computer's speed and performance. If solutions to performance problems are available, Windows lets you know."
"@C:\Windows\system32\appwiz.cpl,-159"="Programs and Features"
"@C:\Windows\system32\appwiz.cpl,-160"="Uninstall or change programs on your computer."
"@C:\Windows\System32\srchadmin.dll,-601"="Indexing Options"
"@C:\Windows\System32\srchadmin.dll,-602"="Change how Windows indexes items for faster searching"
"@C:\Windows\System32\netcenter.dll,-1"="Network and Sharing Center"
"@C:\Windows\System32\netcenter.dll,-2"="Check network status, change network settings and set preferences for sharing files and printers."
"@C:\Windows\System32\wpccpl.dll,-101"="Change Parental Controls settings."
"@C:\Windows\System32\autoplay.dll,-1"="AutoPlay"
"@C:\Windows\System32\autoplay.dll,-2"="Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."
"@C:\Windows\System32\SyncCenter.dll,-3001"="Sync files between your computer and network folders"
"@C:\Windows\System32\recovery.dll,-101"="Recovery"
"@C:\Windows\System32\recovery.dll,-2"="Restore your system to an earlier time without affecting your files, or replace everything on your computer and reinstall Windows."
"@C:\Windows\System32\inetcpl.cpl,-4312"="Internet Options"
"@C:\Windows\System32\inetcpl.cpl,-4313"="Configure your Internet display and connection settings."
"@C:\Windows\system32\DeviceCenter.dll,-1000"="Devices and Printers"
"@C:\Windows\system32\colorcpl.exe,-6"="Color Management"
"@C:\Windows\system32\colorcpl.exe,-7"="Change advanced color management settings for displays, scanners, and printers."
"@C:\Windows\System32\sdcpl.dll,-100"="Backup and restore your files and system. Monitor latest backup status and configuration."
"@C:\Windows\System32\systemcpl.dll,-1"="System"
"@C:\Windows\System32\systemcpl.dll,-2"="View information about your computer, and change settings for hardware, performance, and remote connections."
"@C:\Windows\System32\ActionCenterCPL.dll,-1"="Action Center"
"@C:\Windows\System32\ActionCenterCPL.dll,-2"="Review recent messages and resolve problems with your computer."
"@C:\Windows\System32\windowsanytimeupgradeui.exe,-2"="A convenient and affordable way to upgrade Windows"
"@C:\Windows\System32\Display.dll,-1"="Display"
"@C:\Windows\System32\Display.dll,-2"="Change your display settings and make it easier to read what's on your screen."
"@C:\Windows\System32\DiagCpl.dll,-1"="Troubleshooting"
"@C:\Windows\System32\DiagCpl.dll,-15"="Troubleshoot and fix common computer problems."
"@C:\Windows\system32\OobeFldr.dll,-33057"="Learn about Windows features and start using them."
"@C:\Windows\System32\accessibilitycpl.dll,-45"="Make your computer easier to use."
"@C:\Program Files\Windows Defender\MsMpRes.dll,-104"="Windows Defender"
"@C:\Program Files\Windows Defender\MsMpRes.dll,-1176"="Protection against spyware and potentially unwanted software"
"@C:\Windows\System32\timedate.cpl,-51"="Date and Time"
"@C:\Windows\System32\timedate.cpl,-52"="Set the date, time, and time zone for your computer."
"@C:\Windows\System32\SensorsCpl.dll,-1"="Location and Other Sensors"
"@C:\Windows\System32\SensorsCpl.dll,-701"="Configure your sensor settings."
"@C:\Windows\System32\themecpl.dll,-1"="Personalization"
"@C:\Windows\System32\themecpl.dll,-2"="Change the pictures, colors, and sounds for this computer."
"@C:\Windows\System32\mmsys.cpl,-300"="Sound"
"@C:\Windows\System32\mmsys.cpl,-301"="Configure your audio devices or change the sound scheme for your computer."
"@netcenter.dll,-1"="Network and Sharing Center"
"@C:\Windows\system32\wlanpref.dll,-20001"="Manage Wireless Networks"
"@C:\Windows\system32\NetworkMap.dll,-1"="Network Map"
"@van.dll,-2401"="Shows available wireless networks and dial-up and VPN connections that you can connect to."
"@netshell.dll,-12026"="View and connect to Bluetooth Personal Area Network devices and computers."
"@netshell.dll,-12027"="Temporarily inactivate the selected connection so that it cannot be used."
"@netshell.dll,-12002"="Activate the selected connection."
"@netshell.dll,-12003"="Temporarily inactivate the selected connection so that it cannot be used."
"@netshell.dll,-12016"="Prepare the selected network device for use."
"@netshell.dll,-12017"="Inactivate the selected network device so that it cannot be used."
"@netshell.dll,-12023"="Correct problems that prevent you from connecting to the network."
"@netshell.dll,-12007"="Give the connection a different name."
"@netshell.dll,-12004"="View the connection, duration, speed, activity, and other status settings for this connection."
"@netshell.dll,-12006"="Remove the selected connection(s) so that it can no longer be used. "
"@netshell.dll,-12008"="Change settings for this connection, such as adapter or protocol configuration settings."
"@van.dll,-2400"="Connect To"
"@netshell.dll,-1700"="View Bluetooth network devices"
"@netshell.dll,-1712"="Disconnect this connection"
"@netshell.dll,-1530"="Start this connection"
"@netshell.dll,-1535"="Disconnect this connection"
"@netshell.dll,-1565"="Enable this network device"
"@netshell.dll,-1570"="Disable this network device"
"@netshell.dll,-1540"="Diagnose this connection"
"@netshell.dll,-1550"="Rename this connection"
"@netshell.dll,-1555"="View status of this connection"
"@netshell.dll,-1560"="Delete this connection"
"@netshell.dll,-1575"="Change settings of this connection"
"@gameux.dll,-10304"="Move all the cards to the home cells using the free cells as placeholders. Stack the cards by suit and rank from lowest (ace) to highest (king)."
"@gameux.dll,-10302"="Compete with - and against - online opponents at the classic trick-taking, partnership card game of Spades. Score the most points to win."
"@gameux.dll,-10305"="Hearts is a trick-based card game in which the goal is to get rid of cards while avoiding points. The player with the lowest number of points wins."
"@C:\Windows\explorer.exe,-7021"="Help and Support"
"@%SystemRoot%\system32\netshell.dll,-1200"="Network Connections"
"@netcfgx.dll,-50002"="Allows your computer to access resources on a Microsoft network."
"@%SystemRoot%\System32\drivers\pacer.sys,-100"="Quality of Service Packet Scheduler. This component provides network traffic control, including rate-of-flow and prioritization services."
"@netcfgx.dll,-50003"="Allows other computers to access resources on your computer using a Microsoft network."
"@tcpipcfg.dll,-50002"="TCP/IP version 6. The latest version of the internet protocol that provides communication across diverse interconnected networks."
"@%SystemRoot%\system32\tcpipcfg.dll,-50001"="Transmission Control Protocol/Internet Protocol. The default wide area network protocol that provides communication across diverse interconnected networks."
"@%SystemRoot%\system32\lltdres.dll,-4"="Used to discover and locate other PCs, devices, and network infrastructure components on the network. Also used to determine network bandwidth."
"@%SystemRoot%\system32\lltdres.dll,-3"="Allows this PC to be discovered and located on the network."
"@%systemroot%\system32\rascfg.dll,-32010"="Provides the abilitiy to connect a host to a Remote Access Concentrator that supports RFC2516."
"@%systemroot%\system32\rascfg.dll,-32009"="Allows you to securely connect to a private network using the Internet."
"@%systemroot%\system32\rascfg.dll,-32008"="Allows you to securely connect to a private network using the Internet."
"@%systemroot%\system32\sstpsvc.dll,-203"="Allows you to securely connect to a private network using the Internet."
"@FirewallControlPanel.dll,-1"="Windows Firewall"
"@ActionCenterCPL.dll,-1"="Action Center"
"@PerfCenterCPL.dll,-1"="Performance Information and Tools"
"@hgcpl.dll,-4"="Advanced sharing settings"
"@%SystemRoot%\system32\wlanui.dll,-17301"="Wireless Network Properties"
"@%systemroot%\system32\mspaint.exe,-59418"="Paintbrush Picture"
"@sendmail.dll,-21"="Desktop (create shortcut)"
"@C:\Windows\system32\ntshrui.dll,-103"="S&hare with"
"@zipfldr.dll,-10148"="Compressed (zipped) folder"
"@btrez.dll,-4001"="Bluetooth"
"@C:\Windows\system32\FXSRESM.dll,-120"="Fax recipient"
"@sendmail.dll,-4"="Mail recipient"
"@C:\Program Files\Windows Photo Viewer\photoviewer.dll,-3043"="Pre&view"
"@C:\Windows\system32\stobject.dll,-417"="Set as desktop &background"
"@C:\Windows\system32\ntshrui.dll,-5112"="Share the selected items with other people on the network."
"@C:\Windows\system32\ntshrui.dll,-5108"="Makes the selected items private so other people can’t access them."
"@C:\Windows\system32\ntshrui.dll,-5104"="Nobody"
"@C:\Windows\system32\wmploc.dll,-128"="Microsoft Windows Media Player"
"@C:\Windows\System32\ie4uinit.exe,-21"="Internet Explorer"
"@C:\Windows\system32\themeui.dll,-2682"="Themes Setup"
"@DiagCpl.dll,-1"="Troubleshooting"
"@DiagCpl.dll,-23"="Network and Internet"
"@FirewallControlPanel.dll,-32"="Allowed Programs"
"@FirewallAPI.dll,-28502"="File and Printer Sharing"
"@FirewallAPI.dll,-38502"="This feature is used for sharing local files and printers with other users on the network. (Uses NetBIOS, LLMNR, SMB and RPC)"
"@FirewallAPI.dll,-31252"="Windows Media Player Network Sharing Service"
"@FirewallAPI.dll,-41252"="This feature enables users to share media over a network. (Uses UPnP, SSDP and qWave)"
"@FirewallAPI.dll,-31002"="Windows Media Player"
"@FirewallAPI.dll,-41002"="This feature allows users to receive streaming media over UDP."
"@FirewallAPI.dll,-30502"="Wireless Portable Devices"
"@FirewallAPI.dll,-40502"="This feature allows the transfer of media from your network enabled camera or media device to your computer using the Media Transfer Protocol (MTP). (Uses UPnP and SSDP)"
"@FirewallAPI.dll,-30752"="Media Center Extenders"
"@FirewallAPI.dll,-40752"="This feature allows Media Center Extenders to communicate with a computer running Windows Media Center. (Uses SSDP and qWave)"
"@FirewallAPI.dll,-31752"="Connect to a Network Projector"
"@FirewallAPI.dll,-41752"="This feature enables users to connect to projectors over wired or wireless networks to project presentations. (Uses WSDAPI)"
"@FirewallAPI.dll,-34501"="Remote Volume Management"
"@FirewallAPI.dll,-44501"="This feature provides remote software and hardware disk volume management. (Uses RPC)"
"@FirewallAPI.dll,-33752"="Routing and Remote Access"
"@FirewallAPI.dll,-43752"="This feature is used to allow incoming VPN and RAS connections."
"@FirewallAPI.dll,-30002"="Windows Firewall Remote Management"
"@FirewallAPI.dll,-40002"="This feature allows remote management of the local Windows Firewall. (Uses RPC)"
"@FirewallAPI.dll,-30252"="Windows Remote Management"
"@FirewallAPI.dll,-40252"="This feature allows remote management of the system via WS-Management, a web services-based protocol for remote management of operating systems and devices."
"@FirewallAPI.dll,-33252"="Remote Scheduled Tasks Management"
"@FirewallAPI.dll,-43252"="This feature allows remote management of the local task scheduling service. (Uses RPC)"
"@FirewallAPI.dll,-29252"="Remote Event Log Management"
"@FirewallAPI.dll,-39252"="This feature allows remote viewing and management of the local event log. (Uses Named Pipes and RPC)"
"@FirewallAPI.dll,-34002"="Windows Collaboration Computer Name Registration Service"
"@FirewallAPI.dll,-44002"="This feature allows other computers to find and communicate with your computer using the Peer Name Resolution Protocol. (Uses SSDP and PNRP)"
"@FirewallAPI.dll,-34251"="Windows Management Instrumentation (WMI)"
"@FirewallAPI.dll,-44251"="This feature allows remote management of Windows by exposing a set of manageable components in a set of classes defined by the Common Information Model (CIM) of the distributed management task force. (Uses DCOM)"
"@FirewallAPI.dll,-34752"="Performance Logs and Alerts"
"@FirewallAPI.dll,-44752"="This feature allows remote management of the Performance Logs and Alerts service. (Uses RPC)"
"@FirewallAPI.dll,-29502"="Remote Service Management"
"@FirewallAPI.dll,-39502"="This feature allows remote management of local services. (Uses Named Pipes and RPC)"
"@FirewallAPI.dll,-33502"="Distributed Transaction Coordinator"
"@FirewallAPI.dll,-43502"="This feature coordinates transactions that update transaction-protected resources, such as databases, message queues and file systems."
"@FirewallAPI.dll,-29002"="iSCSI Service"
"@FirewallAPI.dll,-39002"="This feature is used for connecting to iSCSI target servers and devices."
"@FirewallAPI.dll,-32752"="Network Discovery"
"@FirewallAPI.dll,-42752"="This feature allows this computer to discover other devices and be discovered by other devices on the network. (Uses Function Discovery Host and Publication Services, UPnP, SSDP, NetBIOS and LLMNR)"
"@FirewallAPI.dll,-25000"="Core Networking"
"@FirewallAPI.dll,-35000"="The firewall rules that are part of Core Networking are required for reliable IPv4 and IPv6 connectivity."
"@FirewallAPI.dll,-33002"="Remote Assistance"
"@FirewallAPI.dll,-43002"="This feature allows users of this computer to request remote assistance from other users on the network. (Uses UPnP, SSDP, PNRP and Teredo)"
"@FirewallAPI.dll,-32002"="Windows Peer to Peer Collaboration Foundation"
"@FirewallAPI.dll,-42002"="This feature is required to enable various peer-to-peer programs and technologies. (Uses SSDP and PNRP)"
"@%systemroot%\system32\provsvc.dll,-202"="HomeGroup"
"@FirewallAPI.dll,-31500"="Windows Media Player Network Sharing Service (Internet)"
"@FirewallAPI.dll,-41500"="This feature allows users to share out home media over the Internet"
"@snmptrap.exe,-3"="SNMP Trap"
"@snmptrap.exe,-10003"="This feature allows SNMP Trap service traffic to be received by this computer."
"@netlogon.dll,-1010"="Netlogon Service"
"@netlogon.dll,-11010"="This feature is used to maintain a secure channel between domain clients and a domain controller for authenticating users and services. (Uses RPC)"
"@sstpsvc.dll,-35001"="Secure Socket Tunneling Protocol"
"@sstpsvc.dll,-45001"="This feature is used to allow incoming VPN connections using Secure Socket Tunneling Protocol (SSTP). (Uses HTTPS)"
"@%SystemRoot%\System32\FirewallControlPanel.dll,-1"="Windows Firewall"
"@DiagCpl.dll,-48"="Additional Information"
"@C:\Windows\System32\DiagCpl.dll,-82"="Online Support"
"@C:\Windows\System32\DiagCpl.dll,-83"="For technical assistance, contact Customer Support online."
"@C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe,-101"="FlashBroker"
"@C:\Windows\System32\acppage.dll,-6002"="Windows Batch File"
"@C:\Windows\system32\mycomput.dll,-400"="Mana&ge"
"@C:\Windows\System32\BdeUnlockWizard.exe,-100"="&Unlock Drive..."
"@C:\Windows\system32\notepad.exe,-469"="Text Document"
"@%SystemRoot%\system32\shell32.dll,-50176"="File Operation"
"@%SystemRoot%\system32\aelupsvc.dll,-2"="Processes application compatibility cache requests for applications as they are launched"
"@%SystemRoot%\system32\Alg.exe,-113"="Provides support for 3rd party protocol plug-ins for Internet Connection Sharing"
"@%systemroot%\system32\appidsvc.dll,-101"="Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced."
"@%systemroot%\system32\appinfo.dll,-101"="Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks."
"@%SystemRoot%\System32\audiosrv.dll,-205"="Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start"
"@%SystemRoot%\System32\audiosrv.dll,-201"="Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start"
"@%SystemRoot%\system32\AxInstSV.dll,-104"="Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings."
"@%SystemRoot%\system32\bdesvc.dll,-101"="BDESVC hosts the BitLocker Drive Encryption service. BitLocker Drive Encryption provides secure startup for the operating system, as well as full volume encryption for OS, fixed or removable volumes. This service allows BitLocker to prompt users for various actions related to their volumes when mounted, and unlocks volumes automatically without user interaction. Additionally, it stores recovery information to Active Directory, if available, and, if necessary, ensures the most recent recovery certificates are used. Stopping or disabling the service would prevent users from leveraging this functionality."
"@%SystemRoot%\system32\bfe.dll,-1002"="The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications."
"@%SystemRoot%\system32\qmgr.dll,-1001"="Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information."
"@%systemroot%\system32\browser.dll,-101"="Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\System32\bthserv.dll,-102"="The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated."
"@%SystemRoot%\System32\certprop.dll,-12"="Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver."
"@comres.dll,-948"="Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\cryptsvc.dll,-1002"="Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start."
"@oleres.dll,-5013"="The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running."
"@%SystemRoot%\system32\defragsvc.dll,-102"="Provides Disk Defragmentation Capabilities."
"@%SystemRoot%\system32\dhcpcore.dll,-101"="Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\System32\dnsapi.dll,-102"="The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start."
"@%systemroot%\system32\dot3svc.dll,-1103"="The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service."
"@%systemroot%\system32\dps.dll,-501"="The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function."
"@%systemroot%\system32\eapsvc.dll,-2"="The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication."
"@%SystemRoot%\system32\efssvc.dll,-101"="Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files."
"@%SystemRoot%\ehome\ehrecvr.exe,-102"="Windows Media Center Service for TV and FM broadcast reception"
"@%SystemRoot%\ehome\ehsched.exe,-102"="Starts and stops recording of TV programs within Windows Media Center"
"@%SystemRoot%\system32\wevtsvc.dll,-201"="This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system."
"@comres.dll,-2451"="Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%systemroot%\system32\fxsresm.dll,-122"="Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network."
"@%systemroot%\system32\fdPHost.dll,-101"="The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services – Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources."
"@%systemroot%\system32\fdrespub.dll,-101"="Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network."
"@%systemroot%\system32\FntCache.dll,-101"="Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance."
"@%SystemRoot%\system32\PresentationHost.exe,-3310"="Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications."
"@gpapi.dll,-113"="The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is stopped or disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is stopped or disabled."
"@%SystemRoot%\System32\hidserv.dll,-102"="Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\kmsvc.dll,-7"="Provides X.509 certificate and key management services for the Network Access Protection Agent (NAPAgent). Enforcement technologies that use X.509 certificates may not function properly without this service"
"@%SystemRoot%\System32\ListSvc.dll,-101"="Makes local computer changes associated with configuration and maintenance of the homegroup-joined computer. If this service is stopped or disabled, your computer will not work properly in a homegroup and your homegroup might not work properly. It is recommended that you keep this service running."
"@%SystemRoot%\System32\provsvc.dll,-101"="Performs networking tasks associated with configuration and maintenance of homegroups. If this service is stopped or disabled, your computer will be unable to detect other homegroups and your homegroup might not work properly. It is recommended that you keep this service running."
"@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192"="Securely enables the creation, management, and disclosure of digital identities."
"@%SystemRoot%\system32\ikeext.dll,-502"="The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running."
"@%systemroot%\system32\IPBusEnum.dll,-103"="The PnP-X bus enumerator service manages the virtual network bus. It discovers network connected devices using the SSDP/WS discovery protocols and gives them presence in PnP. If this service is stopped or disabled, presence of NCD devices will not be maintained in PnP. All pnpx based scenarios will stop functioning."
"@%SystemRoot%\system32\iphlpsvc.dll,-501"="Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer."
"@keyiso.dll,-101"="The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements."
"@comres.dll,-2947"="Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start."
"@%systemroot%\system32\srvsvc.dll,-101"="Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%systemroot%\system32\wkssvc.dll,-101"="Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\lltdres.dll,-2"="Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly."
"@%SystemRoot%\system32\lmhsvc.dll,-102"="Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\ehome\ehres.dll,-15502"="Allows Media Center Extenders to locate and connect to the computer."
"@%systemroot%\system32\mmcss.dll,-101"="Enables relative prioritization of work based on system-wide task priorities. This is intended mainly for multimedia applications. If this service is stopped, individual tasks resort to their default priority."
"@%SystemRoot%\system32\FirewallAPI.dll,-23091"="Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network."
"@comres.dll,-2798"="Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\iscsidsc.dll,-5001"="Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\msimsg.dll,-32"="Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start."
"@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-240"="Helps protect users from malware and other potentially unwanted software"
"@%SystemRoot%\system32\qagentrt.dll,-7"="The Network Access Protection (NAP) agent service collects and manages health information for client computers on a network. Information collected by NAP agent is used to make sure that the client computer has the required software and settings. If a client computer is not compliant with health policy, it can be provided with restricted network access until its configuration is updated. Depending on the configuration of health policy, client computers might be automatically updated so that users quickly regain full network access without having to manually update their computer."
"@%SystemRoot%\System32\netlogon.dll,-103"="Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\netman.dll,-110"="Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections."
"@%SystemRoot%\system32\netprofm.dll,-203"="Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change."
"@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8200"="Provides ability to share TCP ports over the net.tcp protocol."
"@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-242"="Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols"
"@%SystemRoot%\System32\nlasvc.dll,-2"="Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\nsisvc.dll,-201"="This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start."
"@%SystemRoot%\system32\pnrpsvc.dll,-8005"="Provides identity services for the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services. If disabled, the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services may not function, and some applications, such as HomeGroup and Remote Assistance, may not function correctly."
"@%SystemRoot%\system32\p2psvc.dll,-8007"="Enables multi-party communication using Peer-to-Peer Grouping. If disabled, some applications, such as HomeGroup, may not function."
"@%SystemRoot%\system32\pcasvc.dll,-2"="This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly."
"@%systemroot%\system32\pla.dll,-501"="Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\umpnpmgr.dll,-101"="Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability."
"@%SystemRoot%\system32\pnrpauto.dll,-8003"="This service publishes a machine name using the Peer Name Resolution Protocol. Configuration is managed via the netsh context 'p2p pnrp peer' "
"@%SystemRoot%\system32\pnrpsvc.dll,-8001"="Enables serverless peer name resolution over the Internet using the Peer Name Resolution Protocol (PNRP). If disabled, some peer-to-peer and collaborative applications, such as Remote Assistance, may not function."
"@%SystemRoot%\system32\polstore.dll,-5011"="Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool "netsh ipsec". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Firewall is not available when this service is stopped."
"@%SystemRoot%\system32\umpo.dll,-101"="Manages power policy and power policy notification delivery."
"@%systemroot%\system32\profsvc.dll,-301"="This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully logon or logoff, applications may have problems getting to users' data, and components registered to receive profile event notifications will not receive them."
"@%systemroot%\system32\psbase.dll,-301"="Provides protected storage for sensitive data, such as passwords, to prevent access by unauthorized services, processes, or users."
"@%SystemRoot%\system32\qwave.dll,-2"="Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization."
"@%Systemroot%\system32\rasauto.dll,-201"="Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address."
"@%Systemroot%\system32\rasmans.dll,-201"="Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%Systemroot%\system32\mprdim.dll,-201"="Offers routing services to businesses in local area and wide area network environments."
"@regsvc.dll,-2"="Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%windir%\system32\RpcEpMap.dll,-1002"="Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly."
"@%systemroot%\system32\Locator.exe,-3"="In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility."
"@oleres.dll,-5011"="The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running"
"@%SystemRoot%\system32\samsrv.dll,-2"="The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled."
"@%SystemRoot%\System32\SCardSvr.dll,-5"="Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\schedsvc.dll,-101"="Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\System32\certprop.dll,-14"="Allows the system to be configured to lock the user desktop upon smart card removal."
"@%SystemRoot%\system32\sdrsvc.dll,-102"="Provides Windows Backup and Restore capabilities."
"@%SystemRoot%\system32\seclogon.dll,-7000"="Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\Sens.dll,-201"="Monitors system events and notifies subscribers to COM+ Event System of these events."
"@%SystemRoot%\System32\sensrsvc.dll,-1001"="Monitors ambient light sensors to detect changes in ambient light and adjust the display brightness. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions."
"@%SystemRoot%\System32\SessEnv.dll,-1027"="Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates."
"@%SystemRoot%\system32\ipnathlp.dll,-107"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network."
"@%SystemRoot%\System32\shsvcs.dll,-12289"="Provides notifications for AutoPlay hardware events."
"@%SystemRoot%\system32\snmptrap.exe,-4"="Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%systemroot%\system32\spoolsv.exe,-2"="Loads files to memory for later printing"
"@%SystemRoot%\system32\sppsvc.exe,-100"="Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service."
"@%SystemRoot%\system32\sppuinotify.dll,-102"="Provides Software Licensing activation and notification"
"@%systemroot%\system32\ssdpsrv.dll,-101"="Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\sstpsvc.dll,-201"="Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers."
"@%SystemRoot%\system32\wiaservc.dll,-10"="Provides image acquisition services for scanners and cameras"
"@%SystemRoot%\System32\swprv.dll,-102"="Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\sysmain.dll,-1001"="Maintains and improves system performance over time."
"@%SystemRoot%\system32\TabSvc.dll,-101"="Enables Tablet PC pen and ink functionality"
"@%SystemRoot%\system32\tapisrv.dll,-10101"="Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service."
"@%SystemRoot%\system32\tbssvc.dll,-101"="Enables access to the Trusted Platform Module (TPM), which provides hardware-based cryptographic services to system components and applications. If this service is stopped or disabled, applications will be unable to use keys protected by the TPM."
"@%SystemRoot%\System32\termsrv.dll,-267"="Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item."
"@%SystemRoot%\System32\themeservice.dll,-8193"="Provides user experience theme management."
"@%systemroot%\system32\mmcss.dll,-103"="Provides ordered execution for a group of threads within a specific period of time."
"@%SystemRoot%\system32\trkwks.dll,-2"="Maintains links between NTFS files within a computer or across computers in a network."
"@%SystemRoot%\servicing\TrustedInstaller.exe,-101"="Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer."
"@%SystemRoot%\system32\ui0detect.exe,-102"="Enables user notification of user input for interactive services, which enables access to dialogs created by interactive services when they appear. If this service is stopped, notifications of new interactive service dialogs will no longer function and there might not be access to interactive service dialogs. If this service is disabled, both notifications of and access to new interactive service dialogs will no longer function."
"@%systemroot%\system32\upnphost.dll,-214"="Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\dwm.exe,-2001"="Provides Desktop Window Manager startup and maintenance services"
"@%SystemRoot%\system32\vaultsvc.dll,-1004"="Provides secure storage and retrieval of credentials to users, applications and security service packages."
"@%SystemRoot%\system32\vds.exe,-112"="Provides management services for disks, volumes, file systems, and storage arrays."
"@%systemroot%\system32\vssvc.exe,-101"="Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\w32time.dll,-201"="Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\Wat\WatUX.exe,-602"="Performs Windows 7 Validation."
"@%systemroot%\system32\wbengine.exe,-105"="The WBENGINE service is used by Windows Backup to perform backup and recovery operations. If this service is stopped by a user, it may cause the currently running backup or recovery operation to fail. Disabling this service may disable backup and recovery operations using Windows Backup on this computer."
"@%systemroot%\system32\wbiosrvc.dll,-101"="The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process."
"@%SystemRoot%\system32\wcncsvc.dll,-4"="WCNCSVC hosts the Windows Connect Now Configuration which is Microsoft's Implementation of Wi-Fi Protected Setup (WPS) protocol. This is used to configure Wireless LAN settings for an Access Point (AP) or a Wi-Fi Device. The service is started programmatically as needed."
"@%SystemRoot%\system32\WcsPlugInService.dll,-201"="The WcsPlugInService service hosts third-party Windows Color System color device model and gamut map model plug-in modules. These plug-in modules are vendor-specific extensions to the Windows Color System baseline color device and gamut map models. Stopping or disabling the WcsPlugInService service will disable this extensibility feature, and the Windows Color System will use its baseline model processing rather than the vendor's desired processing. This might result in inaccurate color rendering."
"@%systemroot%\system32\wdi.dll,-503"="The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function."
"@%systemroot%\system32\wdi.dll,-501"="The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function."
"@%systemroot%\system32\webclnt.dll,-101"="Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\wecsvc.dll,-201"="This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted."
"@%SystemRoot%\System32\wercplsupport.dll,-100"="This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel."
"@%SystemRoot%\System32\wersvc.dll,-101"="Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed."
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176"="Protection against spyware and potentially unwanted software"
"@%SystemRoot%\system32\winhttp.dll,-101"="WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol."
"@%Systemroot%\system32\wbem\wmisvc.dll,-204"="Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%Systemroot%\system32\wsmsvc.dll,-102"="Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix."
"@%SystemRoot%\System32\wlansvc.dll,-258"="The WLANSVC service provides the logic required to configure, discover, connect to, and disconnect from a wireless local area network (WLAN) as defined by IEEE 802.11 standards. It also contains the logic to turn your computer into a software access point so that other devices or computers can connect to your computer wirelessly using a WLAN adapter that can support this. Stopping or disabling the WLANSVC service will make all WLAN adapters on your computer inaccessible from the Windows networking UI. It is strongly recommended that you have the WLANSVC service running if your computer has a WLAN adapter."
"@%Systemroot%\system32\wbem\wmiapsrv.exe,-111"="Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated."
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-102"="Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"
"@%SystemRoot%\system32\wpcsvc.dll,-101"="This service is a stub for Windows Parental Control functionality that existed in Vista. It is provided for backward compatibility only."
"@%SystemRoot%\system32\wpdbusenum.dll,-101"="Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices."
"@%SystemRoot%\System32\wscsvc.dll,-201"="The WSCSVC (Windows Security Center) service monitors and reports security health settings on the computer. The health settings include firewall (on/off), antivirus (on/off/out of date), antispyware (on/off/out of date), Windows Update (automatically/manually download and install updates), User Account Control (on/off), and Internet settings (recommended/not recommended). The service provides COM APIs for independent software vendors to register and record the state of their products to the Security Center service. The Action Center (AC) UI uses the service to provide systray alerts and a graphical view of the security health states in the AC control panel. Network Access Protection (NAP) uses the service to report the security health states of clients to the NAP Network Policy Server to make network quarantine decisions. The service also has a public API that allows external consumers to programmatically retrieve the aggregated security health state of the system."
"@%systemroot%\system32\SearchIndexer.exe,-104"="Provides content indexing, property caching, and search results for files, e-mail, and other content."
"@%SystemRoot%\system32\wudfsvc.dll,-1001"="Manages user-mode driver host processes."
"@%SystemRoot%\System32\wwansvc.dll,-258"="This service manages mobile broadband (GSM & CDMA) data card/embedded module adapters and connections by auto-configuring the networks. It is strongly recommended that this service be kept running for best user experience of mobile broadband devices."
"@C:\Program Files\Microsoft Security Client\EppManifest.dll,-1000"="Microsoft Security Essentials"
"@C:\Windows\system32\zipfldr.dll,-10195"="Compressed (zipped) Folder"
"@%systemroot%\system32\wuaueng.dll,-106"="Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API."
"@%systemroot%\system32\rstrui.exe,-102"="Restore system to a chosen restore point."
"@shell32,-10162"="Screen saver"
"@C:\Windows\System32\msimsg.dll,-34"="Windows Installer Package"
"@C:\Windows\System32\display.dll,-4"="S&creen resolution"
"@C:\Program Files\Windows Sidebar\sidebar.exe,-11100"="&Gadgets"
"@C:\Windows\system32\themecpl.dll,-10"="Pe&rsonalize"
"@%SystemRoot%\system32\powrprof.dll,-14"="Automatically balances performance with energy consumption on capable hardware."
"@%SystemRoot%\system32\powrprof.dll,-11"="Power saver"
"@%SystemRoot%\system32\powrprof.dll,-10"="Saves energy by reducing your computer’s performance where possible."
"@%windir%\system32\wucltux.dll,-2"="Delivers software updates and drivers, and provides automatic updating options."
"@wucltux.dll,-71"="Windows Update"
"@usercpl.dll,-45"="User Accounts"
"@usercpl.dll,-54"="Manage Accounts"
"@%SystemRoot%\System32\usercpl.dll,-71"="User Accounts Control Panel"
"@usercpl.dll,-48"="Create New Account"
"@usercpl.dll,-49"="Change an Account"
"@usercpl.dll,-62"="Create Password"
"@C:\Windows\explorer.exe,-7022"="Windows Security"
"@%systemroot%\ehome\ehres.dll,-116"="Opens your home entertainment option for digital and on-demand media, including TV, movies, music and pictures."
"@%systemroot%\system32\unregmp2.exe,-155"="Play digital media including music, videos, CDs, and DVDs."
"@%systemroot%\system32\recdisc.exe,-2001"="Creates a disc you can use to access system recovery options."


-= EOF =-
__________________
TabbyCat725 is offline   Reply With Quote
Old 07-03-2012, 03:16 PM   #115
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



The good/bad news is that I see all the related Windows Update services being called. This is 'bad' because it means I'm out of ideas and I'd like for you to try a Repair install.

Problem is, we upgraded to SP1 and your install disk is not. If you try to do a repair or 'in place upgrade' (as it is referred to in Win7), it will give you an error message about newer version installed, than what is on disc.

What we can do is uninstall Service Pack 1 via command prompt. Click Start>Accessories>Command Prompt. Right click the Command Prompt to run as Administrator.

Type in the following and press Enter:

wusa.exe /uninstall /kb:976932

(there is a space after wusa.exe and another space after /uninstall

If that completed successfully, then follow these step by step instructions for performing a repair install for Windows 7 Repair Install - Windows 7
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 07-05-2012, 01:15 PM   #116
Registered Member
 
Join Date: Jan 2012
Location: Colorado
Posts: 148
OS: Windows 7



I'm sorry I didn't get back to you sooner. The past couple days have been busy. I hope you had a lovely Independence Day!

If I run the Repair Install, will that do anything to my files? I'm about to uninstall the service pack.
__________________
TabbyCat725 is offline   Reply With Quote
Old 07-05-2012, 01:19 PM   #117
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



Had a great Holiday, thanks.

The 'in place upgrade' should preserve your files. Read through and follow that link step by step and you'll see.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 07-05-2012, 01:34 PM   #118
Registered Member
 
Join Date: Jan 2012
Location: Colorado
Posts: 148
OS: Windows 7



Okay. I'm still waiting for the uninstall to finish. It's going very slow.
__________________
TabbyCat725 is offline   Reply With Quote
Old 07-05-2012, 02:01 PM   #119
Registered Member
 
Join Date: Jan 2012
Location: Colorado
Posts: 148
OS: Windows 7



Well, it didn't uninstall. It says: Installer encountered an error: 0x80073712 The component store has been corrupted.
__________________
TabbyCat725 is offline   Reply With Quote
Old 07-05-2012, 02:09 PM   #120
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



Please run dds.scr (the tool you ran when you first started this thread) and post only the Attach.txt for me.

__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Laptop bag size
I couldn't find anywhere else to ask this than here in the laptop section. So here i go. I am going to buy myself a laptop and a laptop bag, i stand between two laptops so far: Toshiba Satellite C660-14X 15.6" HD Have 38.1 cm width, 25.4 cm depth, 3.6 cm height Toshiba Satellite L650D-155...
Strauts Laptop Support 2 08-01-2011 10:50 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 04:40 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts