samhfoley
asked on
Explorer.exe crashes....I am having deja vu
I am having an issue with msiupdater.exe, I think that's the root of this. Not sure. My Trend Micro scanner is stalling out at 75% and whenever I try to access C/windows explorer.exe crashes and I have to restart it via task mgr. I have included a Hijack this log. Let me know if you have any suggestions. Thanks.
Running Windows Vista Ultimate
Running Windows Vista Ultimate
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:05 PM, on 1/23/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Proxure\MCE Tunes Pro\MCETunesExtenderSupport.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logicool\Qcam\Qcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Proxure\MCE Tunes Pro\ProxureQTHost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F:\Utorrent\utorrent.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\explorer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: (no name) - {5BE92300-3F82-4DE0-8813-86017B4228C6} - C:\Windows\system32\gebyAqpm.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing)
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logicool\Qcam\Qcam.exe" /hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [svchosts] C:\Windows\system32\svchosts.exe
O4 - HKLM\..\Run: [GroupManager] C:\Windows\msiUpdate.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ssqRLFus.dll,#1
O4 - HKLM\..\RunOnce: [MCE Tunes Extender Support] "C:\Program Files\Proxure\MCE Tunes Pro\LaunchExtenderSupport.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAD81DFC-DF6E-4F0A-AA36-B4178E96B9E0}: NameServer = 192.168.3.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logicool Co., Ltd - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logicool Co., Ltd - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\Vista\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SlingAgent Service (SlingAgentService) - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Transcoding and Broadcast Service (Transcode360) - Unknown owner - C:\Program Files\Transcode360\Transcode360.exe
--
End of file - 11983 bytes
ASKER
no installation media available. running sysinternals, here's the log file from "EVERYTHING" If you want another log let me know
HKLM\SOFTWARE\Microsoft\Wi ndows NT\CurrentVersion\Winlogon \Userinit
+ C:\Windows\system32\userin it.exe Userinit Logon Application Microsoft Corporation c:\windows\system32\userin it.exe
HKLM\SOFTWARE\Microsoft\Wi ndows NT\CurrentVersion\Winlogon \Shell
+ Explorer.exe Windows Explorer Microsoft Corporation c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \Run
+ AdobeCS4ServiceManager Adobe CS4 Service Manager Adobe Systems Incorporated c:\program files\common files\adobe\cs4servicemana ger\cs4ser vicemanage r.exe
+ AppleSyncNotifier AppleSyncNotifier Apple Inc. c:\program files\common files\apple\mobile device support\bin\applesyncnotif ier.exe
+ GroupManager c:\windows\msiupdate.exe
+ iTunesHelper iTunesHelper Module Apple Inc. c:\program files\itunes\ituneshelper. exe
+ JMB36X IDE Setup c:\windows\raidtool\xinsid e.exe
+ LogitechCommunicationsMana ger Communications Manager Logicool Co., Ltd c:\program files\common files\logishrd\lcommgr\com munication s_helper.e xe
+ LogitechQuickCamRibbon Camera Software Logicool Co., Ltd c:\program files\logicool\qcam\qcam.e xe
+ MSServer c:\windows\system32\ssqrlf us.dll
+ NBKeyScan File not found: C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
+ QuickTime Task QuickTime Task Apple Inc. c:\program files\quicktime\qttask.exe
+ SoundMAXPnP SMax4PNP Analog Devices, Inc. c:\program files\analog devices\core\smax4pnp.exe
+ SoundTray SoundTray.exe Sonic Focus, Inc. c:\program files\analog devices\soundmax\soundtray .exe
+ StartCCC Catalyst® Control Center Launcher Advanced Micro Devices, Inc. c:\program files\ati technologies\ati.ace\core- static\cli start.exe
+ SunJavaUpdateSched Java(TM) Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre6\bin\jusche d.exe
+ svchosts c:\windows\system32\svchos ts.exe
+ TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\program files\common files\real\update_ob\reals ched.exe
+ UfSeAgnt.exe Trend Micro Server Agent Trend Micro Inc. c:\program files\trend micro\internet security\ufseagnt.exe
HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \RunOnce
+ MCE Tunes Extender Support LaunchExtenderSupport Module c:\program files\proxure\mce tunes pro\launchextendersupport. exe
C:\Users\Vista\AppData\Roa ming\Micro soft\Windo ws\Start Menu\Programs\Startup
+ Stardock ObjectDock.lnk ObjectDock Plus Stardock c:\program files\stardock\objectdock\ objectdock .exe
HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Run
+ ehTray.exe Media Center Tray Applet Microsoft Corporation c:\windows\ehome\ehtray.ex e
+ IndxStoreSvr_{79662E04-7C6 C-4d9f-84C 7-88D8A56B 10AA} File not found: C:\Program Files\Common Files\Nero\Lib\NMIndexStor eSvr.exe
+ OE Trend Micro Anti-Spam Toolbar Trend Micro Inc. c:\program files\trend micro\internet security\tmas_oe\tmas_oemo n.exe
+ Sidebar Windows Sidebar Microsoft Corporation c:\program files\windows sidebar\sidebar.exe
+ Steam Steam Valve Corporation c:\program files\steam\steam.exe
+ WMPNSCFG Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation c:\program files\windows media player\wmpnscfg.exe
HKLM\SOFTWARE\Classes\Prot ocols\Filt er
+ application/octet-stream Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscore e.dll
+ application/x-complus Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscore e.dll
+ application/x-msdownload Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscore e.dll
+ deflate OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon .dll
+ gzip OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon .dll
+ text/xml Microsoft Office XML MIME Filter Microsoft Corporation c:\program files\common files\microsoft shared\office12\msoxmlmf.d ll
HKLM\SOFTWARE\Classes\Prot ocols\Hand ler
+ about Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml .dll
+ cdl OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon .dll
+ dvd ActiveX control for streaming video Microsoft Corporation c:\windows\system32\msvidc tl.dll
+ file OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon .dll
+ ftp OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon .dll
+ gopher OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon .dll
+ http OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon .dll
+ https OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon .dll
+ its Microsoft® InfoTech Storage System Library Microsoft Corporation c:\windows\system32\itss.d ll
+ javascript Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml .dll
+ local OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon .dll
+ mailto Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml .dll
+ mhtml Microsoft Internet Messaging API Resources Microsoft Corporation c:\windows\system32\inetco mm.dll
+ mk OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon .dll
+ ms-help Microsoft® Help Data Services Module Microsoft Corporation c:\program files\common files\microsoft shared\help\hxds.dll
+ ms-its Microsoft® InfoTech Storage System Library Microsoft Corporation c:\windows\system32\itss.d ll
+ res Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml .dll
+ skype4com Skype for COM API Skype Technologies c:\program files\common files\skype\skype4com.dll
+ tmtb Trend Micro TrendSecure Trend Micro Inc. c:\program files\trend micro\trendsecure\tisproto olbar\tsto olbar.dll
+ tv ActiveX control for streaming video Microsoft Corporation c:\windows\system32\msvidc tl.dll
+ vbscript Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml .dll
HKLM\SOFTWARE\Microsoft\Ac tive Setup\Installed Components
+ Browser Customizations IEAK branding Microsoft Corporation c:\windows\system32\iedkcs 32.dll
+ Internet Explorer IE Per-User Initialization Utility Microsoft Corporation c:\windows\system32\ie4uin it.exe
+ Internet Explorer IE Per-User Initialization Utility Microsoft Corporation c:\windows\system32\ie4uin it.exe
+ LightScribe Control Panel Hewlett-Packard Company c:\program files\common files\lightscribe\lsrunonc e.exe
+ Microsoft Windows Mail 7 Windows Mail Microsoft Corporation c:\program files\windows mail\winmail.exe
+ Microsoft Windows Media Player Microsoft Windows Media Player Setup Utility Microsoft Corporation c:\windows\system32\unregm p2.exe
+ Microsoft Windows Media Player Microsoft Windows Media Player Setup Utility Microsoft Corporation c:\windows\system32\unregm p2.exe
+ n/a c:\windows\system32\svchos ts.exe
+ n/a Microsoft .NET IE SECURITY REGISTRATION Microsoft Corporation c:\windows\system32\mscori es.dll
+ Themes Setup Microsoft(C) Register Server Microsoft Corporation c:\windows\system32\regsvr 32.exe
+ Windows Desktop Update Microsoft(C) Register Server Microsoft Corporation c:\windows\system32\regsvr 32.exe
+ Windows Ultimate Extras Ultimate Extras Helper Utility Microsoft Corporation c:\windows\system32\sounds chemes.exe
+ Windows Ultimate Extras Ultimate Extras Helper Utility Microsoft Corporation c:\windows\system32\sounds chemes2.ex e
HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \Explorer\ SharedTask Scheduler
+ Component Categories cache daemon Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ Windows DreamScene Microsoft Windows Vista Ultimate Extra: Windows DreamScene Microsoft Corporation c:\windows\system32\dreams cene.dll
HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \ShellServ iceObjectD elayLoad
+ 0aMCPClient Stardock MCP API Dll Stardock c:\program files\common files\stardock\mcpcore.dll
+ IconPackager Repair IconPackager Repair Module Stardock.net, Inc c:\program files\stardock\object desktop\iconpackager\iprep air.dll
+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webche ck.dll
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \Explorer\ ShellExecu teHooks
+ ssqrlfus.dll c:\windows\system32\ssqrlf us.dll
HKLM\Software\Classes\*\Sh ellEx\Cont extMenuHan dlers
+ BriefcaseMenu Windows Briefcase Microsoft Corporation c:\windows\system32\syncui .dll
+ Cover Designer Cover Designer Nero AG c:\program files\nero\nero 9\nero coverdesigner\coveredexten sion.dll
+ EPPShellEx SEIKO EPSON CORPORATION c:\program files\epson\creativity suite\easy photo print\eppshell.dll
+ IconPackager IconPackager Shell Extension Stardock.net, Inc c:\program files\stardock\object desktop\iconpackager\shell ext.dll
+ MagicISO MagicISO Shell Extension Module MagicISO, Inc. c:\program files\magiciso\misosh.dll
+ moveonboot_delete GiPo@MoveOnBoot Shell Extension that used for deleting or moving files during OS reboot Gibin Software House (http://www.gibinsoft.net) c:\program files\gipo@utilities\gipo@ moveonboot \mboot.dll
+ Open With Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
+ Open With EncryptionMenu Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
+ Sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshru i.dll
+ Start Menu Pin Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
+ TMD Shell Extension Tmdshell Dynamic Link Library Trend Micro Inc. c:\program files\trend micro\internet security\tmdshell.dll
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Classes\AllF ileSystemO bjects\She llEx\Conte xtMenuHand lers
+ Client Side Caching UI Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui. dll
+ CopyAsPathMenu Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
+ Previous Versions Property Page Previous Versions property page Microsoft Corporation c:\windows\system32\twext. dll
+ Send To Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
HKLM\Software\Classes\Dire ctory\Shel lEx\Contex tMenuHandl ers
+ EncryptionMenu Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
+ MagicISO MagicISO Shell Extension Module MagicISO, Inc. c:\program files\magiciso\misosh.dll
+ Offline Files Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui. dll
+ Previous Versions Property Page Previous Versions property page Microsoft Corporation c:\windows\system32\twext. dll
+ Sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshru i.dll
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Dire ctory\Shel lex\DragDr opHandlers
+ HardLinkShlExt GiPo@MoveOnBoot Shell Extension that used for deleting or moving files during OS reboot Gibin Software House (http://www.gibinsoft.net) c:\program files\gipo@utilities\gipo@ moveonboot \mboot.dll
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Dire ctory\Shel lex\Proper tySheetHan dlers
+ DfsShell Class Distributed File System shell extension Microsoft Corporation c:\windows\system32\dfsshl ex.dll
+ Folder Customization Tab Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
+ GiPoPPShellEx GiPo@Utilities Shell (Property Page) Gibin Software House (http://www.gibinsoft.net) c:\program files\common files\gibinsoft shared\gu_shell.dll
+ MyFolder menu and properties My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs .dll
+ Offline Files Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui. dll
+ Previous Versions Property Page Previous Versions property page Microsoft Corporation c:\windows\system32\twext. dll
+ Security Shell Extension Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32 .dll
+ Sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshru i.dll
HKLM\Software\Classes\Dire ctory\Shel lex\CopyHo okHandlers
+ FileSystem Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
+ Nokia Phone Browser Nokia c:\program files\nokia\nokia pc suite 7\phonebrowser.dll
+ Sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshru i.dll
HKLM\Software\Classes\Fold er\ShellEx \ContextMe nuHandlers
+ BriefcaseMenu Windows Briefcase Microsoft Corporation c:\windows\system32\syncui .dll
+ MagicISO MagicISO Shell Extension Module MagicISO, Inc. c:\program files\magiciso\misosh.dll
+ Offline Files Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui. dll
+ TMD Shell Extension Tmdshell Dynamic Link Library Trend Micro Inc. c:\program files\trend micro\internet security\tmdshell.dll
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Dire ctory\Back ground\She llEx\Conte xtMenuHand lers
+ ACE ACE Context Menu c:\program files\ati technologies\ati.ace\core- static\ati acmxx.dll
+ DreamScene Microsoft Windows Vista Ultimate Extra: Windows DreamScene Microsoft Corporation c:\windows\system32\dreams cene.dll
+ New Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \Explorer\ ShellIconO verlayIden tifiers
+ Offline Files Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui. dll
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \Shell Extensions\Approved
+ &Address Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ &Links Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ .CAB file viewer Cabinet File Viewer Shell Extension Microsoft Corporation c:\windows\system32\cabvie w.dll
+ .contact shell extension handler Microsoft (R) Contacts DLL Microsoft Corporation c:\program files\common files\system\wab32.dll
+ .cpl, .dll, .exe, .ocx, .rll or .sys files Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
+ .fon, .otf, .ttc or .ttf files Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
+ .group shell extension handler Microsoft (R) Contacts DLL Microsoft Corporation c:\program files\common files\system\wab32.dll
+ ActiveX Cache Folder Object Control Viewer Microsoft Corporation c:\windows\system32\occach e.dll
+ Add New Hardware Add Hardware Wizard Microsoft Corporation c:\windows\system32\hdwwiz .exe
+ Address EditBox Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ Administrative Tools Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Alphabetical Categorizer Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
+ Audio Media Properties Handler Media Metadata Handler Microsoft Corporation c:\windows\system32\mediam etadatahan dler.dll
+ AutoPlay Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Backup and Restore Center Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ BandProxy Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ BitLocker Drive Encryption CPL Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Briefcase Windows Briefcase Microsoft Corporation c:\windows\system32\syncui .dll
+ Catalyst Context Menu extension ACE Context Menu c:\program files\ati technologies\ati.ace\core- static\ati acmxx.dll
+ Client application shell extension Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
+ Client Side Cache Namespace Extension MSSearch Vista Platform Microsoft Corporation c:\windows\system32\mssvp. dll
+ Code Download Agent Web Site Monitor Microsoft Corporation c:\windows\system32\webche ck.dll
+ Color Control Panel Applet Microsoft Color Control Panel Microsoft Corporation c:\windows\system32\colorc pl.exe
+ Command Folder Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
+ Common Places Folder Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Compatibility Property Page Compatibility Tab Shell Extension Library Microsoft Corporation c:\windows\system32\acppag e.dll
+ Compressed (zipped) Folder Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfld r.dll
+ Compressed (zipped) Folder Context Menu Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfld r.dll
+ Compressed (zipped) Folder Drop Handler Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfld r.dll
+ Compressed (zipped) Folder Right Drag Handler Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfld r.dll
+ Compressed (zipped) Folder SendTo Target Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfld r.dll
+ Computers and Devices Network Explorer Microsoft Corporation c:\windows\system32\networ kexplorer. dll
+ contact_wab_auto_file Microsoft (R) Contacts DLL Microsoft Corporation c:\program files\common files\system\wab32.dll
+ Control Panel Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
+ Control Panel command object for Start menu Windows Control Panel Microsoft Corporation c:\windows\system32\contro l.exe
+ Crypto PKO Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\crypte xt.dll
+ Crypto Sign Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\crypte xt.dll
+ Custom MRU AutoCompleted List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ Darwin App Publisher Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz .cpl
+ Default Programs command object for Start menu Windows Control Panel Microsoft Corporation c:\windows\system32\contro l.exe
+ Desktop Shortcut Send Mail Microsoft Corporation c:\windows\system32\sendma il.dll
+ Device Manager Device Manager MMC Snapin Microsoft Corporation c:\windows\system32\devmgr .dll
+ DfsShell.DfsShell Property Sheet Distributed File System shell extension Microsoft Corporation c:\windows\system32\dfsshl ex.dll
+ Directory Context Menu Verbs Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiex t.dll
+ Directory Object Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquer y.dll
+ Directory Property UI Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiex t.dll
+ Directory Query UI Directory Service Find Microsoft Corporation c:\windows\system32\dsquer y.dll
+ Directory Start/Search Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquer y.dll
+ Disk Copy Extension Windows DiskCopy Microsoft Corporation c:\windows\system32\diskco py.dll
+ Disk Quota UI Windows Shell Disk Quota UI DLL Microsoft Corporation c:\windows\system32\dskquo ui.dll
+ Display Adapter CPL Extension Advanced display adapter properties Microsoft Corporation c:\windows\system32\deskad p.dll
+ Display Monitor CPL Extension Advanced display monitor properties Microsoft Corporation c:\windows\system32\deskmo n.dll
+ Display TroubleShoot CPL Extension Advanced display performance properties Microsoft Corporation c:\windows\system32\deskpe rf.dll
+ DropTarget Object for Photo Printing Wizard Photo Printing Wizard Microsoft Corporation c:\windows\system32\photow iz.dll
+ DS Security Page Directory Service Security UI Microsoft Corporation c:\windows\system32\dssec. dll
+ E-mail Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Ease of Access Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ EMDFileProperties ReadyBoost Service Microsoft Corporation c:\windows\system32\emdmgm t.dll
+ Execute Folder ExplorerFrame Microsoft Corporation c:\windows\system32\explor erframe.dl l
+ Explorer Browser Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
+ Explorer Navigation Bar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ Explorer Search Band Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ Explorer Travel Band Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ Extensions Manager Folder Extensions Manager Microsoft Corporation c:\windows\system32\extmgr .dll
+ File Backup Index Microsoft® Windows Backup Shell Extension Microsoft Corporation c:\windows\system32\sdshex t.dll
+ File Open Dialog Common Dialogs DLL Microsoft Corporation c:\windows\system32\comdlg 32.dll
+ File Save Dialog Common Dialogs DLL Microsoft Corporation c:\windows\system32\comdlg 32.dll
+ Folder Options Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
+ Fonts Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ For &People... Find People Microsoft Corporation c:\program files\windows mail\wabfind.dll
+ FTP Folders Webview Microsoft Internet Explorer FTP Folder Shell Extension Microsoft Corporation c:\windows\system32\msieftp.dll
+ Games Folder Games Explorer Microsoft Corporation c:\windows\system32\gameux .dll
+ GameUX.RichGameMediaThumbn ail Games Explorer Microsoft Corporation c:\windows\system32\gameux .dll
+ Get Programs Online Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz .cpl
+ Global Folder Settings Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ group_wab_auto_file Microsoft (R) Contacts DLL Microsoft Corporation c:\program files\common files\system\wab32.dll
+ Help and Support Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Help and Support Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ History Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ HTML Document Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml .dll
+ ICC Profile Microsoft Color Control Panel Microsoft Corporation c:\windows\system32\coloru i.dll
+ ICM Monitor Management Microsoft Color Control Panel Microsoft Corporation c:\windows\system32\coloru i.dll
+ ICM Printer Management Microsoft Color Control Panel Microsoft Corporation c:\windows\system32\coloru i.dll
+ ICM Scanner Management Microsoft Color Control Panel Microsoft Corporation c:\windows\system32\coloru i.dll
+ IconPackager Context Menu IconPackager Shell Extension Stardock.net, Inc c:\program files\stardock\object desktop\iconpackager\shell ext.dll
+ IconPackager Icon Handler IconPackager Shell Extension Stardock.net, Inc c:\program files\stardock\object desktop\iconpackager\shell ext.dll
+ IE AutoComplete Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ IE BandProxy Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ IE Custom MRU AutoCompleted List Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ IE Fade Task Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ IE IShellFolderBand Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ IE Menu Band Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ IE Menu Desk Bar Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ IE Menu Site Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ IE Microsoft BrowserBand Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ IE Microsoft History AutoComplete List Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ IE Microsoft Multiple AutoComplete List Container Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ IE Microsoft Shell Folder AutoComplete List Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ IE MRU AutoComplete List Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ IE Navigation Bar Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ IE Registry Tree Options Utility Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ IE RSS Feeder Folder Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ IE Search Band Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ IE Shell Band Site Menu Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ IE Shell Rebar BandSite Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ IE Tracking Shell Menu Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ IE User Assist Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ IGD Property Sheet Handler Internet Gateway Device properties Microsoft Corporation c:\windows\system32\icsigd .dll
+ In-pane search Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ Install New Programs Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz .cpl
+ Installed Updates Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz .cpl
+ Internet Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Internet Name Space Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ InternetShortcut Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ IPropertyStore Handler for Images Photo Metadata Handler Microsoft Corporation c:\windows\system32\photom etadatahan dler.dll
+ iSCSI Initiator Microsoft iSCSI Initiator Configuration Tool Microsoft Corporation c:\windows\system32\iscsic pl.exe
+ iTunes iTunes Mini Player DLL Apple Inc. c:\program files\itunes\itunesminipla yer.dll
+ Layout Folder Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
+ Mail Service Send Mail Microsoft Corporation c:\windows\system32\sendma il.dll
+ Manage Wireless Networks Wireless Preferred Networks Microsoft Corporation c:\windows\system32\wlanpr ef.dll
+ MAPI Search Namespace Extension MSSearch Vista Platform Microsoft Corporation c:\windows\system32\mssvp. dll
+ Microsoft Agent Character Property Sheet Handler Microsoft Agent Property Sheet Handler Microsoft Corporation c:\windows\msagent\agentps h.dll
+ Microsoft AutoComplete Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ Microsoft Breadcrumb Bar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ Microsoft Browser Architecture Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ Microsoft BrowserBand Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ Microsoft CommBand Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ Microsoft Data Link OLE DB Core Services Microsoft Corporation c:\program files\common files\system\ole db\oledb32.dll
+ Microsoft History AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ Microsoft Internet Toolbar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ Microsoft Multiple AutoComplete List Container Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ Microsoft Office HTML Icon Handler 2007 Microsoft Office component Microsoft Corporation c:\program files\microsoft office\office12\msohevi.dl l
+ Microsoft Office Metadata Handler Microsoft Office Shell Extension Handlers Microsoft Corporation c:\program files\common files\microsoft shared\office12\msoshext.d ll
+ Microsoft Office Outlook Custom Icon Handler Outlook Shell Hook for Start/Find Microsoft Corporation c:\program files\microsoft office\office12\olkfstub.d ll
+ Microsoft Office Outlook Desktop Icon Handler Microsoft Shell Extension Library Microsoft Corporation c:\program files\microsoft office\office12\mlshext.dl l
+ Microsoft Office Thumbnail Handler Microsoft Office Shell Extension Handlers Microsoft Corporation c:\program files\common files\microsoft shared\office12\msoshext.d ll
+ Microsoft Power Options Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Microsoft Shell Folder AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ Microsoft Url History Service Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ Microsoft Url Search Hook Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ Microsoft Web Browser Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ Microsoft Windows Font File Context Menu Handler Windows Font Folder Microsoft Corporation c:\windows\system32\fontex t.dll
+ Microsoft Windows Font File Icon Handler Windows Font Folder Microsoft Corporation c:\windows\system32\fontex t.dll
+ Microsoft Windows Font Folder Windows Font Folder Microsoft Corporation c:\windows\system32\fontex t.dll
+ Microsoft Windows Font Previewer Windows Font Folder Microsoft Corporation c:\windows\system32\fontex t.dll
+ Microsoft Windows Mail Html Preview Handler Microsoft Internet Messaging API Resources Microsoft Corporation c:\windows\system32\inetco mm.dll
+ Microsoft Windows Mail Html Preview Handler Microsoft Internet Messaging API Resources Microsoft Corporation c:\windows\system32\inetco mm.dll
+ Microsoft Windows Mail Html Preview Handler Microsoft Internet Messaging API Resources Microsoft Corporation c:\windows\system32\inetco mm.dll
+ Microsoft Windows MAPI Preview Handler MSSearch Vista Platform Microsoft Corporation c:\windows\system32\mssvp. dll
+ Microsoft Windows RTF Preview Handler Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
+ Microsoft XPS Properties Package Document Shell Extension Handler Microsoft Corporation c:\windows\system32\xpsshh dr.dll
+ Microsoft XPS Thumbnail Package Document Shell Extension Handler Microsoft Corporation c:\windows\system32\xpsshh dr.dll
+ Microsoft.ScannersAndCamer as Imaging Devices Control Panel Microsoft Corporation c:\program files\windows photo gallery\imagingdevices.exe
+ MMC Icon Handler MMC Shell Extension DLL Microsoft Corporation c:\windows\system32\mmcshe xt.dll
+ Mobility Center Control Panel Windows Mobility Center Microsoft Corporation c:\windows\system32\mblctr .exe
+ MRU AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ MSHTML Document Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml .dll
+ MyDocs Drop Target My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs .dll
+ MyDocuments menu and properties My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs .dll
+ MyFolder Properties My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs .dll
+ NeroCoverEd Live Icons Cover Designer Nero AG c:\program files\nero\nero 9\nero coverdesigner\coveredexten sion.dll
+ nethood delegate folder Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Network and Sharing Center Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Network Connections Network Connections Shell Microsoft Corporation c:\windows\system32\netshe ll.dll
+ Network Connections Network Connections Shell Microsoft Corporation c:\windows\system32\netshe ll.dll
+ Network Explorer Property Sheet Handler Advanced network device properties Microsoft Corporation c:\windows\system32\ncdpro p.dll
+ Network Map Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ New Shortcut Wizard Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz .cpl
+ New Shortcut Wizard Modal Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz .cpl
+ Nokia Phone Browser Phone Browser Nokia c:\program files\nokia\nokia pc suite 7\phonebrowser.dll
+ NTFS Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32 .dll
+ Office Document Property Handler Microsoft Property System Microsoft Corporation c:\windows\system32\propsy s.dll
+ Offline Files Context Menu Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui. dll
+ Offline Files Folder Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui. dll
+ Offline Files Folder Options Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui. dll
+ Offline Files Icon Overlay Handler Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui. dll
+ Offline Files Property Sheet Extension Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui. dll
+ OLE Docfile Property Page OLE DocFile Property Page Microsoft Corporation c:\windows\system32\docpro p.dll
+ OlePrn.PrinterURL Oleprn DLL Microsoft Corporation c:\windows\system32\oleprn .dll
+ Parental Controls Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Performance Information and Tools Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Personalization CPL Provider Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Photo Thumbnail Extractor Photo Metadata Handler Microsoft Corporation c:\windows\system32\photom etadatahan dler.dll
+ Photo Thumbnail Provider Photo Metadata Handler Microsoft Corporation c:\windows\system32\photom etadatahan dler.dll
+ PhotoAcqDropTarget Photo Acquisition Microsoft Corporation c:\program files\windows photo gallery\photoacq.dll
+ PlusPack CPL Extension Windows Theme API Microsoft Corporation c:\windows\system32\themeu i.dll
+ Portable Devices Portable Devices Shell Extension Microsoft Corporation c:\windows\system32\wpdshe xt.dll
+ Portable Devices Menu Portable Devices Shell Extension Microsoft Corporation c:\windows\system32\wpdshe xt.dll
+ Portable Media Devices Portable Media Devices Shell Extension Microsoft Corporation c:\windows\system32\audiod ev.dll
+ Previous Versions Previous Versions property page Microsoft Corporation c:\windows\system32\twext. dll
+ Previous Versions Property Page Previous Versions property page Microsoft Corporation c:\windows\system32\twext. dll
+ Print Ordering via the Web Windows Shell Web Services Microsoft Corporation c:\windows\system32\shwebs vc.dll
+ Printers Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32 .dll
+ printhood delegate folder Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Problem Reports and Solutions Problem Reports and Solutions Microsoft Corporation c:\windows\system32\wercon .exe
+ Programs and Features Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz .cpl
+ Programs Folder and Fast Items Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
+ Property Labels Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Public Folder Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Registry Tree Options Utility Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ Remote Sessions CPL Extension Remote Sessions CPL Extension Microsoft Corporation c:\windows\system32\remote pg.dll
+ RichGameMediaPropertyStore Class Games Explorer Microsoft Corporation c:\windows\system32\gameux .dll
+ Run... Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Search Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Search Band Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ Search Control Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ Search Execute Command ExplorerFrame Microsoft Corporation c:\windows\system32\explor erframe.dl l
+ Search Folder Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Search Folders Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
+ Set Program Access and Defaults Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Set User Defaults Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Shell Band Site Menu Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ Shell DeskBarApp Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ Shell DocObject Viewer Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ Shell extensions for Microsoft Windows Network objects Network object shell UI Microsoft Corporation c:\windows\system32\ntlanu i2.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\real\realplayer\rpsh ell.dll
+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshru i.dll
+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshru i.dll
+ Shell extensions for Windows Script Host Microsoft (R) Shell Extension for Windows Script Host Microsoft Corporation c:\windows\system32\wshext .dll
+ Shell Icon Handler for Application References Application Deployment Support Library Microsoft Corporation c:\windows\system32\dfshim .dll
+ Shell Message Handler Microsoft Internet Messaging API Resources Microsoft Corporation c:\windows\system32\inetco mm.dll
+ Shell properties for a DS object Directory Service Find Microsoft Corporation c:\windows\system32\dsquer y.dll
+ Shell Publishing Wizard Object Windows Shell Web Services Microsoft Corporation c:\windows\system32\shwebs vc.dll
+ Shell Rebar BandSite Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ ShellLink for Application References Application Deployment Support Library Microsoft Corporation c:\windows\system32\dfshim .dll
+ Shortcut Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
+ Show Desktop Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Speech Recognition Options Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Start Menu OEM Command Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Subscription Folder Web Site Monitor Microsoft Corporation c:\windows\system32\webche ck.dll
+ Subscription Mgr Web Site Monitor Microsoft Corporation c:\windows\system32\webche ck.dll
+ Summary Info Thumbnail handler (DOCFILES) Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
+ Sync Center Conflict Delegate Folder Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce nter.dll
+ Sync Center Conflict Folder Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce nter.dll
+ Sync Center Conflict Properties Extension Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce nter.dll
+ Sync Center Device Notification Sink Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce nter.dll
+ Sync Center Event Properties Extension Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce nter.dll
+ Sync Center Folder Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce nter.dll
+ Sync Center Handler Properties Extension Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce nter.dll
+ Sync Center Item Properties Extension Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce nter.dll
+ Sync Center Simple Conflict Presenter Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce nter.dll
+ Sync Results Delegate Folder Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce nter.dll
+ Sync Results Folder Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce nter.dll
+ Sync Setup Delegate Folder Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce nter.dll
+ Sync Setup Folder Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce nter.dll
+ System Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Tablet PC Input Panel Microsoft Tablet Input Band Microsoft Corporation c:\program files\common files\microsoft shared\ink\tipband.dll
+ Taskbar and Start Menu Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
+ Temporary Internet Files Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ Temporary Internet Files Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ The Internet Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
+ TMD Shell Extension Tmdshell Dynamic Link Library Trend Micro Inc. c:\program files\trend micro\internet security\tmdshell.dll
+ Touch Band Microsoft Tablet PC Touch Input Component Microsoft Corporation c:\windows\system32\touchx .dll
+ Tree property value folder Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
+ User Accounts Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ User Accounts Advanced User Accounts Control Panel Microsoft Corporation c:\windows\system32\netplw iz.exe
+ User Assist Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse ui.dll
+ users files delegate folder Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ VBPropSheet VBProp Dynamic Link Library Trend Micro Inc. c:\program files\trend micro\internet security\vbprop.dll
+ Video Media Properties Handler Media Metadata Handler Microsoft Corporation c:\windows\system32\mediam etadatahan dler.dll
+ Video Thumbnail Extractor Media Metadata Handler Microsoft Corporation c:\windows\system32\mediam etadatahan dler.dll
+ View Available Networks View Available Networks Microsoft Corporation c:\windows\system32\van.dl l
+ Web Printer Shell Extension Printer Settings User Interface Microsoft Corporation c:\windows\system32\printu i.dll
+ Web Publishing Wizard Windows Shell Web Services Microsoft Corporation c:\windows\system32\shwebs vc.dll
+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webche ck.dll
+ WebCheck SyncMgr Handler Web Site Monitor Microsoft Corporation c:\windows\system32\webche ck.dll
+ WebCheckWebCrawler Web Site Monitor Microsoft Corporation c:\windows\system32\webche ck.dll
+ Welcome Center Welcome Center Microsoft Corporation c:\windows\system32\oobefl dr.dll
+ Window Switcher Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Window TXT Preview Handler Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
+ Windows Contact Preview Handler Microsoft (R) Contacts DLL Microsoft Corporation c:\program files\common files\system\wab32.dll
+ Windows Defender Windows Defender User Interface Microsoft Corporation c:\program files\windows defender\msascui.exe
+ Windows Defender IOfficeAntiVirus implementation IOfficeAntiVirus Module Microsoft Corporation c:\program files\windows defender\mpoav.dll
+ Windows Features Windows Features Microsoft Corporation c:\windows\system32\option alfeatures .exe
+ Windows Firewall Windows Firewall Control Panel Microsoft Corporation c:\windows\system32\firewa llcontrolp anel.exe
+ Windows gadget DropTarget Sidebar droptarget Microsoft Corporation c:\program files\windows sidebar\sbdrop.dll
+ Windows Media Player Windows Media Player Deskband Microsoft Corporation c:\program files\windows media player\wmpband.dll
+ Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshe ll.dll
+ Windows Media Player Burn Audio CD Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshe ll.dll
+ Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshe ll.dll
+ Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshe ll.dll
+ Windows Media Player Shop Music Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshe ll.dll
+ Windows Photo Gallery Viewer Image Verbs Windows Photo Gallery Microsoft Corporation c:\program files\windows photo gallery\photoviewer.dll
+ Windows Photo Gallery Viewer Video Verbs Windows Photo Gallery Microsoft Corporation c:\program files\windows photo gallery\photoviewer.dll
+ Windows Sidebar Properties Windows Sidebar Microsoft Corporation c:\program files\windows sidebar\sidebar.exe
+ Windows SideShow Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Windows Ultimate Extras Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ Windows Update Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
+ WinRAR shell extension c:\program files\winrar\rarext.dll
+ WPL property store Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv w.dll
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \Explorer\ Browser Helper Objects
+ Google Toolbar Notifier BHO GoogleToolbarNotifier Google Inc. c:\program files\google\googletoolbar notifier\4 .1.805.447 2\swg.dll
+ Java(tm) Plug-In 2 SSV Helper Java(TM) Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre6\bin\jp2ssv .dll
+ Java(tm) Plug-In SSV Helper Java(TM) Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre6\bin\ssv.dl l
+ Skype add-on (mastermind) Skype add-on for IE Skype Technologies S.A. c:\program files\skype\toolbars\inter net explorer\skypeieplugin.dll
+ TSToolbarBHO Trend Micro TrendSecure Trend Micro Inc. c:\program files\trend micro\trendsecure\tisproto olbar\tsto olbar.dll
+ TSToolbarBHO File not found: C:\Program Files\Trend Micro\TrendSecure\Transact ionProtect or\TSToolb ar.dll
+ {5BE92300-3F82-4DE0-8813-8 6017B4228C 6} c:\windows\system32\gebyaq pm.dll
HKCU\Software\Microsoft\In ternet Explorer\UrlSearchHooks
+ Microsoft Url Search Hook Internet Explorer Microsoft Corporation c:\windows\system32\iefram e.dll
HKLM\Software\Microsoft\In ternet Explorer\Toolbar
+ TransactionProtector File not found: C:\Program Files\Trend Micro\TrendSecure\Transact ionProtect or\TSToolb ar.dll
+ Trend Micro Toolbar Trend Micro TrendSecure Trend Micro Inc. c:\program files\trend micro\trendsecure\tisproto olbar\tsto olbar.dll
HKLM\Software\Microsoft\In ternet Explorer\Extensions
+ Uninstall BitDefender Online Scanner v8 c:\windows\bdoscandel.exe
Task Scheduler
+ \Ad-Aware Update (Daily) File not found: C:\Program Files\Lavasoft\Ad-Aware\Ad -AwareAdmi n.exe
+ \Apple\AppleSoftwareUpdate Apple Software Update Apple Inc. c:\program files\apple software update\softwareupdate.exe
+ \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) Windows Rights Management client Microsoft Corporation c:\windows\system32\msdrm. dll
+ \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) Windows Rights Management client Microsoft Corporation c:\windows\system32\msdrm. dll
+ \Microsoft\Windows\Bluetoo th\Uninsta llDeviceTa sk Bluetooth Uninstall Device Task Microsoft Corporation c:\windows\system32\bthudt ask.exe
+ \Microsoft\Windows\Certifi cateServic esClient\S ystemTask DIMS Job DLL Microsoft Corporation c:\windows\system32\dimsjo b.dll
+ \Microsoft\Windows\Certifi cateServic esClient\U serTask DIMS Job DLL Microsoft Corporation c:\windows\system32\dimsjo b.dll
+ \Microsoft\Windows\Certifi cateServic esClient\U serTask-Ro am DIMS Job DLL Microsoft Corporation c:\windows\system32\dimsjo b.dll
+ \Microsoft\Windows\Custome r Experience Improvement Program\Consolidator Windows SQM Consolidator Microsoft Corporation c:\windows\system32\wsqmco ns.exe
+ \Microsoft\Windows\Custome r Experience Improvement Program\OptinNotification Windows SQM Consolidator Microsoft Corporation c:\windows\system32\wsqmco ns.exe
+ \Microsoft\Windows\Defrag\ ManualDefr ag Disk Defragmenter Module Microsoft Corp. c:\windows\system32\defrag .exe
+ \Microsoft\Windows\Defrag\ ScheduledD efrag Disk Defragmenter Module Microsoft Corp. c:\windows\system32\defrag .exe
+ \Microsoft\Windows\DiskDia gnostic\Mi crosoft-Wi ndows-Disk Diagnostic Resolver Windows Disk Diagnostic User Resolver Microsoft Corporation c:\windows\system32\dfdwiz .exe
+ \Microsoft\Windows\Media Center\ehDRMInit Digital Cable device registration application. Microsoft Corporation c:\windows\ehome\ehprivjob .exe
+ \Microsoft\Windows\Media Center\mcupdate Windows Media Center Store Update Manager Microsoft Corporation c:\windows\ehome\mcupdate. exe
+ \Microsoft\Windows\Media Center\OCURActivate Digital Cable device registration application. Microsoft Corporation c:\windows\ehome\ehprivjob .exe
+ \Microsoft\Windows\Media Center\OCURDiscovery Digital Cable device registration application. Microsoft Corporation c:\windows\ehome\ehprivjob .exe
+ \Microsoft\Windows\Media Center\UpdateRecordPath Digital Cable device registration application. Microsoft Corporation c:\windows\ehome\ehprivjob .exe
+ \Microsoft\Windows\MobileP C\HotStart Microsoft Windows HotStart User Agent Microsoft Corporation c:\windows\system32\hotsta rtuseragen t.dll
+ \Microsoft\Windows\MobileP C\TMM Microsoft Transient Multi-Monitor Manager Microsoft Corporation c:\windows\system32\tmm.dl l
+ \Microsoft\Windows\MUI\LPR emove MUI Language pack cleanup Microsoft Corporation c:\windows\system32\lpremo ve.exe
+ \Microsoft\Windows\MUI\Mcb uilder Resource cache builder tool Microsoft Corporation c:\windows\system32\mcbuil der.exe
+ \Microsoft\Windows\Multime dia\System SoundsServ ice PlaySound Service Microsoft Corporation c:\windows\system32\playsn dsrv.dll
+ \Microsoft\Windows\Network AccessProt ection\NAP Status UI Quarantine Agent Proxy Microsoft Corporation c:\windows\system32\qagent .dll
+ \Microsoft\Windows\PLA\Sys tem\Conver tLogEntrie s Performance Logs & Alerts Microsoft Corporation c:\windows\system32\pla.dl l
+ \Microsoft\Windows\RAC\RAC Agent Reliability analysis metrics calculation executable Microsoft Corporation c:\windows\system32\racage nt.exe
+ \Microsoft\Windows\RemoteA ssistance\ RemoteAssi stanceTask Windows Remote Assistance COM Server Microsoft Corporation c:\windows\system32\raserv er.exe
+ \Microsoft\Windows\Shell\C rawlStartP ages Indexing Options Microsoft Corporation c:\windows\system32\srchad min.dll
+ \Microsoft\Windows\SideSho w\AutoWake Microsoft Windows SideShow services Microsoft Corporation c:\windows\system32\auxili arydisplay services.d ll
+ \Microsoft\Windows\SideSho w\GadgetMa nager Microsoft Windows SideShow services Microsoft Corporation c:\windows\system32\auxili arydisplay services.d ll
+ \Microsoft\Windows\SideSho w\SessionA gent Microsoft Windows SideShow services Microsoft Corporation c:\windows\system32\auxili arydisplay services.d ll
+ \Microsoft\Windows\SideSho w\SystemDa taProvider s Microsoft Windows SideShow services Microsoft Corporation c:\windows\system32\auxili arydisplay services.d ll
+ \Microsoft\Windows\SystemR estore\SR Microsoft® Windows System Protection Configuration Library Microsoft Corporation c:\windows\system32\srrstr .dll
+ \Microsoft\Windows\Tcpip\I pAddressCo nflict1 Network Diagnostic Framework Client API Microsoft Corporation c:\windows\system32\ndfapi .dll
+ \Microsoft\Windows\Tcpip\I pAddressCo nflict2 Network Diagnostic Framework Client API Microsoft Corporation c:\windows\system32\ndfapi .dll
+ \Microsoft\Windows\TextSer vicesFrame work\MsCtf Monitor MsCtfMonitor DLL Microsoft Corporation c:\windows\system32\msctfm onitor.dll
+ \Microsoft\Windows\UPnP\UP nPHostConf ig A tool to aid in developing services for WindowsNT Microsoft Corporation c:\windows\system32\sc.exe
+ \Microsoft\Windows\WDI\Res olutionHos t Windows Diagnostic Infrastructure Microsoft Corporation c:\windows\system32\wdi.dl l
+ \Microsoft\Windows\Windows Error Reporting\QueueReporting Windows Problem Reporting Microsoft Corporation c:\windows\system32\wermgr .exe
+ \Microsoft\Windows\Wired\G atherWired Info c:\windows\system32\gather wiredinfo. vbs
+ \Microsoft\Windows\Wireles s\GatherWi relessInfo c:\windows\system32\gather wirelessin fo.vbs
+ \RtlVistaStart File not found: C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
+ \User_Feed_Synchronization -{7F9F310D -0426-4678 -97CC-49EB 98D954A0} Microsoft Feeds Synchronization Microsoft Corporation c:\windows\system32\msfeed ssync.exe
+ \{9B144388-B252-441F-9357- 074DB86B41 94} Program Compatibility Assistant Microsoft Corporation c:\windows\system32\pcalua .exe
+ \{CA75283D-473D-4550-8B6A- D4CB304F49 7E} Program Compatibility Assistant Microsoft Corporation c:\windows\system32\pcalua .exe
HKLM\System\CurrentControl Set\Servic es
+ AEADIFilters Andrea filters APO access service (32-bit) Andrea Electronics Corporation c:\windows\system32\aeadis rv.exe
+ AeLookupSvc Processes application compatibility cache requests for applications as they are launched Microsoft Corporation c:\windows\system32\aelups vc.dll
+ Apple Mobile Device Provides the interface to Apple mobile devices. Apple Inc. c:\program files\common files\apple\mobile device support\bin\applemobiledev iceservice .exe
+ Ati External Event Utility ATI External Event Utility EXE Module ATI Technologies Inc. c:\windows\system32\ati2ev xx.exe
+ AudioEndpointBuilder Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start Microsoft Corporation c:\windows\system32\audios rv.dll
+ Audiosrv Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start Microsoft Corporation c:\windows\system32\audios rv.dll
+ BFE The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. Microsoft Corporation c:\windows\system32\bfe.dl l
+ BITS Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information. Microsoft Corporation c:\windows\system32\qmgr.d ll
+ Bonjour Service Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network. Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour, any network service that explicitly depends on it will fail to start. Apple Inc. c:\program files\bonjour\mdnsresponde r.exe
+ Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\browse r.dll
+ CryptSvc Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\crypts vc.dll
+ CscService The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state. Microsoft Corporation c:\windows\system32\cscsvc .dll
+ DcomLaunch Provides launch functionality for DCOM services. Microsoft Corporation c:\windows\system32\rpcss. dll
+ Dhcp Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\dhcpcs vc.dll
+ Dnscache The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\dnsrsl vr.dll
+ DPS The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\dps.dl l
+ ehstart Starts Windows Media Center Scheduler and Windows Media Center Receiver services at startup if TV is enabled within Windows Media Center. Microsoft Corporation c:\windows\ehome\ehstart.d ll
+ EMDMgmt Provides support for improving system performance using ReadyBoost. Microsoft Corporation c:\windows\system32\emdmgm t.dll
+ Eventlog This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system. Microsoft Corporation c:\windows\system32\wevtsv c.dll
+ EventSystem Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\es.dll
+ FDResPub Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network. Microsoft Corporation c:\windows\system32\fdresp ub.dll
+ gpsvc The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is stopped or disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is stopped or disabled. Microsoft Corporation c:\windows\system32\gpsvc. dll
+ gusvc gusvc Google c:\program files\google\common\google updater\googleupdaterservi ce.exe
+ hidserv Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\hidser v.dll
+ IKEEXT The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running. Microsoft Corporation c:\windows\system32\ikeext .dll
+ iPAHelper.exe iPod Access Helper Module c:\program files\ipod access for windows\ipahelper.exe
+ IPBusEnum The PnP-X bus enumerator service manages the virtual network bus. It discovers network connected devices using the SSDP/WS discovery protocols and gives them presence in PnP. If this service is stopped or disabled, presence of NCD devices will not be maintained in PnP. All pnpx based scenarios will stop functioning. Microsoft Corporation c:\windows\system32\ipbuse num.dll
+ iphlpsvc Provides automatic IPv6 connectivity over an IPv4 network. If this service is stopped, the machine will only have IPv6 connectivity if it is connected to a native IPv6 network. Microsoft Corporation c:\windows\system32\iphlps vc.dll
+ KtmRm Coordinates transactions between MSDTC and the Kernel Transaction Manager (KTM). Microsoft Corporation c:\windows\system32\msdtck rm.dll
+ LanmanServer Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\srvsvc .dll
+ LanmanWorkstation Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\wkssvc .dll
+ LightScribeService Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work. Hewlett-Packard Company c:\program files\common files\lightscribe\lssrvc.e xe
+ lmhosts Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\lmhsvc .dll
+ LVCOMSer Logitech Video COM Service Logicool Co., Ltd c:\program files\common files\logishrd\lvcomser\lv comser.exe
+ LVPrcSrv Injector service Logicool Co., Ltd c:\program files\common files\logishrd\lvmvfm\lvpr csrv.exe
+ Mcx2Svc Allows Windows Media Center Extender devices to locate and connect to the computer. Microsoft Corporation c:\windows\system32\mcx2sv c.dll
+ MMCSS Enables relative prioritization of work based on system-wide task priorities. This is intended mainly for multimedia applications. If this service is stopped, individual tasks resort to their default priority. Microsoft Corporation c:\windows\system32\mmcss. dll
+ MpsSvc Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network. Microsoft Corporation c:\windows\system32\mpssvc .dll
+ MSSQL$MYMOVIES Provides storage, processing and controlled access of data and rapid transaction processing. Microsoft Corporation c:\program files\microsoft sql server\mssql.1\mssql\binn\ sqlservr.e xe
+ Nero BackItUp Scheduler 4.0 Nero BackItUp Scheduler 4.0 is responsible to control all jobs created using Nero BackItUp. These jobs can create backups of selected files/folders/partitions or complete hard disk to hard disk, network drive, disc or FTP. Nero AG c:\program files\common files\nero\nero backitup 4\nbservice.exe
+ netprofm Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change. Microsoft Corporation c:\windows\system32\netpro fm.dll
+ NlaSvc Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\nlasvc .dll
+ NoIPDUCService No-IP.com DUC Vitalwerks LLC c:\program files\no-ip\duc20.exe
+ nsi This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start. Microsoft Corporation c:\windows\system32\nsisvc .dll
+ PcaSvc Provides support for the Program Compatibility Assistant. If this service is stopped, the Program Compatibility Assistant will not function properly. If this service is disabled, any services that depend on it will fail to start. Microsoft Corporation c:\windows\system32\pcasvc .dll
+ PlugPlay Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Microsoft Corporation c:\windows\system32\umpnpm gr.dll
+ PolicyAgent Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool "netsh ipsec". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Firewall is not available when this service is stopped. Microsoft Corporation c:\windows\system32\ipsecs vc.dll
+ ProfSvc This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully logon or logoff, applications may have problems getting to users' data, and components registered to receive profile event notifications will not receive them. Microsoft Corporation c:\windows\system32\profsv c.dll
+ ProtexisLicensing Protexis Licensing Service c:\windows\system32\psiser vice.exe
+ RoxLiveShare10 Allows remote users to view through WEB browsers your authorized multimedia content managed by Roxio Media Manager9. File not found: C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxL iveShare10 .exe
+ RpcSs Serves as the endpoint mapper and COM Service Control Manager. If this service is stopped or disabled, programs using COM or Remote Procedure Call (RPC) services will not function properly. Microsoft Corporation c:\windows\system32\rpcss. dll
+ SamSs The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled. Microsoft Corporation c:\windows\system32\lsass. exe
+ Schedule Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\scheds vc.dll
+ seclogon Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\seclog on.dll
+ Security Activity Dashboard Service Security Activity Dashboard Service Description Trend Micro Inc. c:\program files\trend micro\trendsecure\security activityda shboard\tm arsvc.exe
+ SENS Monitors system events and notifies subscribers to COM+ Event System of these events. Microsoft Corporation c:\windows\system32\sens.d ll
+ SessionLauncher Sonic File not found: C:\Users\Vista\AppData\Loc al\Temp\DX 9\SessionL auncher.ex e
+ SfCtlCom Manages all components of Trend Micro Internet Security. Trend Micro Inc. c:\program files\trend micro\internet security\sfctlcom.exe
+ SharedAccess Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Microsoft Corporation c:\windows\system32\ipnath lp.dll
+ ShellHWDetection Provides notifications for AutoPlay hardware events. Microsoft Corporation c:\windows\system32\shsvcs .dll
+ SlingAgentService Enables Clip + Sling functionality for SlingPlayer(v0.9.0.136) Sling Media Inc. c:\program files\sling media\slingagent\slingagen tservice.e xe
+ slsvc Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a reduced function mode. Microsoft Corporation c:\windows\system32\slsvc. exe
+ Spooler Loads files to memory for later printing Microsoft Corporation c:\windows\system32\spools v.exe
+ SQLBrowser Provides SQL Server connection information to client computers. Microsoft Corporation c:\program files\microsoft sql server\90\shared\sqlbrowse r.exe
+ SQLWriter Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure. Microsoft Corporation c:\program files\microsoft sql server\90\shared\sqlwriter .exe
+ STacSV Manages audio jack configurations. IDT, Inc. c:\windows\system32\stacsv .exe
+ stisvc Provides image acquisition services for scanners and cameras Microsoft Corporation c:\windows\system32\wiaser vc.dll
+ SysMain Maintains and improves system performance over time. Microsoft Corporation c:\windows\system32\sysmai n.dll
+ TabletInputService Enables Tablet PC pen and ink functionality Microsoft Corporation c:\windows\system32\tabsvc .dll
+ TBS Enables access to the Trusted Platform Module (TPM), which provides hardware-based cryptographic services to system components and applications. If this service is stopped or disabled, applications will be unable to use keys protected by the TPM. Microsoft Corporation c:\windows\system32\tbssvc .dll
+ TermService Allows users to connect interactively to a remote computer. Remote Desktop and Terminal Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item. Microsoft Corporation c:\windows\system32\termsr v.dll
+ Themes Provides user experience theme management. Microsoft Corporation c:\windows\system32\shsvcs .dll
+ TMBMServer Manages the Trend Micro unauthorized change prevention feature Trend Micro Inc. c:\program files\trend micro\bm\tmbmsrv.exe
+ TmPfw Manages the Trend Micro Personal Firewall. Trend Micro Inc. c:\program files\trend micro\internet security\tmpfw.exe
+ TmProxy Manages the Trend Micro Proxy. Trend Micro Inc. c:\program files\trend micro\internet security\tmproxy.exe
+ Transcode360 Provides transcoding and streaming services. c:\program files\transcode360\transco de360.exe
+ TrkWks Maintains links between NTFS files within a computer or across computers in a network. Microsoft Corporation c:\windows\system32\trkwks .dll
+ UxSms Provides Desktop Window Manager startup and maintenance services Microsoft Corporation c:\windows\system32\uxsms. dll
+ W32Time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\w32tim e.dll
+ WebClient Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\webcln t.dll
+ WerSvc Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed. Microsoft Corporation c:\windows\system32\wersvc .dll
+ WinDefend Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions. Microsoft Corporation c:\program files\windows defender\mpsvc.dll
+ Winmgmt Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\wbem\w misvc.dll
+ Wlansvc This service enumerates WLAN adapters, manages WLAN connections and profiles. Microsoft Corporation c:\windows\system32\wlansv c.dll
+ WPDBusEnum Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. Microsoft Corporation c:\windows\system32\wpdbus enum.dll
+ wscsvc Monitors system security settings and configurations. Microsoft Corporation c:\windows\system32\wscsvc .dll
+ WSearch Provides content indexing and property caching for file, email and other content (via extensibility APIs). The service responds to file and email notifications to index modified content. If the service is stopped or disabled, the Explorer will not be able to display virtual folder views of items, and search in the Explorer will fall back to item-by-item slow search. Microsoft Corporation c:\windows\system32\search indexer.ex e
+ wuauserv Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. Microsoft Corporation c:\windows\system32\wuauen g.dll
+ wudfsvc Manages user-mode driver host processes Microsoft Corporation c:\windows\system32\wudfsv c.dll
HKLM\System\CurrentControl Set\Servic es
+ a91xa9o2 ATAPI IDE Miniport Driver Microsoft Corporation c:\windows\system32\driver s\a91xa9o2 .sys
+ ACPI ACPI Driver for NT Microsoft Corporation c:\windows\system32\driver s\acpi.sys
+ ADIHdAudAddService High Definition Audio Function Driver Analog Devices, Inc. c:\windows\system32\driver s\adihdaud .sys
+ AFD Ancilliary Function Driver for Winsock Microsoft Corporation c:\windows\system32\driver s\afd.sys
+ agp440 440 NT AGP Filter Microsoft Corporation c:\windows\system32\driver s\agp440.s ys
+ amdagp AMD NT AGP Filter Microsoft Corporation c:\windows\system32\driver s\amdagp.s ys
+ AsyncMac RAS Asynchronous Media Driver Microsoft Corporation c:\windows\system32\driver s\asyncmac .sys
+ atapi ATAPI IDE Miniport Driver Microsoft Corporation c:\windows\system32\driver s\atapi.sy s
+ atikmdag ATI Radeon Kernel Mode Driver ATI Technologies Inc. c:\windows\system32\driver s\atikmdag .sys
+ Beep BEEP Driver Microsoft Corporation c:\windows\system32\driver s\beep.sys
+ bowser Implements the datagram receiver for the computer browser browser service. Microsoft Corporation c:\windows\system32\driver s\bowser.s ys
+ BrFiltLo Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver Brother Industries, Ltd. c:\windows\system32\driver s\brfiltlo .sys
+ BrFiltUp Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver Brother Industries, Ltd. c:\windows\system32\driver s\brfiltup .sys
+ BrUsbSer Brother USB Serial Driver Brother Industries Ltd. c:\windows\system32\driver s\brusbser .sys
+ BUFADPT BUFFALO Wireless Network Adapter Manager BUFFALO INC. c:\windows\system32\bufadp t.sys
+ c2scsi Roxio virtual SCSI miniport Sonic Solutions c:\windows\system32\driver s\c2scsi.s ys
+ catchme File not found: C:\ComboFix\catchme.sys
+ cdrom SCSI CD-ROM Driver Microsoft Corporation c:\windows\system32\driver s\cdrom.sy s
+ CLFS Common Log (CLFS) Microsoft Corporation c:\windows\system32\clfs.s ys
+ crcdisk Disk Block Verification Filter Driver Microsoft Corporation c:\windows\system32\driver s\crcdisk. sys
+ CSC Allows network files to be used while the local computer is offline. Microsoft Corporation c:\windows\system32\driver s\csc.sys
+ DfsC Client driver for access to DFS Namespaces Microsoft Corporation c:\windows\system32\driver s\dfsc.sys
+ disk PnP Disk Driver Microsoft Corporation c:\windows\system32\driver s\disk.sys
+ drmkaud Microsoft Kernel DRM Audio Descrambler Filter Microsoft Corporation c:\windows\system32\driver s\drmkaud. sys
+ DXGKrnl Controls the underlying video driver stacks to provide fully-featured display capabilities. Microsoft Corporation c:\windows\system32\driver s\dxgkrnl. sys
+ E1G60 Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver Intel Corporation c:\windows\system32\driver s\e1g60i32 .sys
+ Ecache ReadyBoost Caching Driver Microsoft Corporation c:\windows\system32\driver s\ecache.s ys
+ exfat exFAT File System Driver Microsoft Corporation c:\windows\system32\driver s\exfat.sy s
+ fastfat Note - dependance on CDROM.SYS only if required to read/write DVD-RAM media (which appears as CD class device). (Core) (All pieces) Microsoft Corporation c:\windows\system32\driver s\fastfat. sys
+ fdc Floppy Disk Controller Driver Microsoft Corporation c:\windows\system32\driver s\fdc.sys
+ FileInfo Collects information about files in memory to be consumed by other system services. Microsoft Corporation c:\windows\system32\driver s\fileinfo .sys
+ Filetrace ETW File Trace Filter Microsoft Corporation c:\windows\system32\driver s\filetrac e.sys
+ flpydisk Floppy Driver Microsoft Corporation c:\windows\system32\driver s\flpydisk .sys
+ FltMgr File System Filter Manager Driver Microsoft Corporation c:\windows\system32\driver s\fltmgr.s ys
+ fvevol Bitlocker Drive Encryption Filter Driver Microsoft Corporation c:\windows\system32\driver s\fvevol.s ys
+ gagp30kx MS Generic AGPv3.0 Filter for K8/9 Processor Platforms Microsoft Corporation c:\windows\system32\driver s\gagp30kx .sys
+ GEARAspiWDM CD DVD Filter GEAR Software Inc. c:\windows\system32\driver s\gearaspi wdm.sys
+ HabuFltr Diamondback USB Optical Mouse Driver Razer (Asia-Pacific) Pte Ltd c:\windows\system32\driver s\habu.sys
+ HdAudAddService High Definition Audio Function Driver Microsoft Corporation c:\windows\system32\driver s\hdaudio. sys
+ HDAudBus High Definition Audio Bus Driver Microsoft Corporation c:\windows\system32\driver s\hdaudbus .sys
+ HidUsb USB Miniport Driver for Input Devices Microsoft Corporation c:\windows\system32\driver s\hidusb.s ys
+ HTTP This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\driver s\http.sys
+ i8042prt i8042 Port Driver Microsoft Corporation c:\windows\system32\driver s\i8042prt .sys
+ intelppm Processor Device Driver Microsoft Corporation c:\windows\system32\driver s\intelppm .sys
+ IpFilterDriver IP Traffic Filter Driver Microsoft Corporation c:\windows\system32\driver s\ipfltdrv .sys
+ IpInIp IP in IP Tunnel Driver File not found: system32\DRIVERS\ipinip.sy s
+ IPNAT IP Network Address Translator Microsoft Corporation c:\windows\system32\driver s\ipnat.sy s
+ IRENUM IR Bus Enumerator Microsoft Corporation c:\windows\system32\driver s\irenum.s ys
+ iScsiPrt Microsoft iSCSI Initiator Driver Microsoft Corporation c:\windows\system32\driver s\msiscsi. sys
+ JGOGO SCSI Port upper filter driver JMicron c:\windows\system32\driver s\jgogo.sy s
+ JRAID JMicron JMB36X RAID Driver JMicron Technology Corp. c:\windows\system32\driver s\jraid.sy s
+ kbdclass Keyboard Class Driver Microsoft Corporation c:\windows\system32\driver s\kbdclass .sys
+ kbdhid HID Keyboard Filter Driver Microsoft Corporation c:\windows\system32\driver s\kbdhid.s ys
+ KSecDD Kernel Security Support Provider Interface Microsoft Corporation c:\windows\system32\driver s\ksecdd.s ys
+ lltdio Link-Layer Topology Mapper I/O Driver Microsoft Corporation c:\windows\system32\driver s\lltdio.s ys
+ luafv Virtualizes file write failures to per-user locations. Microsoft Corporation c:\windows\system32\driver s\luafv.sy s
+ lvpopflt Logitech AudioProcessing Filter Driver Logitech Inc. c:\windows\system32\driver s\lvpopflt .sys
+ LVPr2Mon Logitech ProcMon Driver Logicool Co., Ltd c:\windows\system32\driver s\lvpr2mon .sys
+ LVRS Logitech Kernel Audio Improvement Filter Driver Logitech Inc. c:\windows\system32\driver s\lvrs.sys
+ LVUSBSta USB Statistic Driver Logitech Inc. c:\windows\system32\driver s\lvusbsta .sys
+ LVUVC Logitech USB Video Class Driver Logitech Inc. c:\windows\system32\driver s\lvuvc.sy s
+ Modem Modem Device Driver Microsoft Corporation c:\windows\system32\driver s\modem.sy s
+ monitor Monitor Driver Microsoft Corporation c:\windows\system32\driver s\monitor. sys
+ mouclass Mouse Class Driver Microsoft Corporation c:\windows\system32\driver s\mouclass .sys
+ mouhid HID Mouse Filter Driver Microsoft Corporation c:\windows\system32\driver s\mouhid.s ys
+ MountMgr Driver responsible with maintaining persistent drive letters and names for volumes Microsoft Corporation c:\windows\system32\driver s\mountmgr .sys
+ mpsdrv Windows Firewall Authorization Driver is a kernel mode driver that provides deep inspection services on inbound and outbound network traffic. Microsoft Corporation c:\windows\system32\driver s\mpsdrv.s ys
+ MRxDAV WebDav Client Redirector Driver Microsoft Corporation c:\windows\system32\driver s\mrxdav.s ys
+ mrxsmb Implements the framework for the SMB filesystem redirector Microsoft Corporation c:\windows\system32\driver s\mrxsmb.s ys
+ mrxsmb10 Implements the SMB 1.x (CIFS) protocol. This protocol provides connectivity to network resources on pre-Windows Vista servers Microsoft Corporation c:\windows\system32\driver s\mrxsmb10 .sys
+ mrxsmb20 Implements the SMB 2.0 protocol, which provides connectivity to network resources on Windows Vista and later servers Microsoft Corporation c:\windows\system32\driver s\mrxsmb20 .sys
+ Msfs Mailslot driver Microsoft Corporation c:\windows\system32\driver s\msfs.sys
+ msisadrv ISA Driver Microsoft Corporation c:\windows\system32\driver s\msisadrv .sys
+ MSKSSRV MS KS Server Microsoft Corporation c:\windows\system32\driver s\mskssrv. sys
+ MSPCLOCK MS Proxy Clock Microsoft Corporation c:\windows\system32\driver s\mspclock .sys
+ MSPQM MS Proxy Quality Manager Microsoft Corporation c:\windows\system32\driver s\mspqm.sy s
+ MsRPC Kernel Remote Procedure Call Provider Microsoft Corporation c:\windows\system32\driver s\msrpc.sy s
+ mssmbios System Management BIOS Driver Microsoft Corporation c:\windows\system32\driver s\mssmbios .sys
+ MSTEE WDM Tee/Communication Transform Filter Microsoft Corporation c:\windows\system32\driver s\mstee.sy s
+ MTsensor ATK0110 ACPI Utility c:\windows\system32\driver s\asacpi.s ys
+ Mup Multiple UNC Provider Microsoft Corporation c:\windows\system32\driver s\mup.sys
+ NativeWifiP NativeWiFi Miniport Driver Microsoft Corporation c:\windows\system32\driver s\nwifi.sy s
+ NDIS NDIS System Driver Microsoft Corporation c:\windows\system32\driver s\ndis.sys
+ NdisTapi Remote Access NDIS TAPI Driver Microsoft Corporation c:\windows\system32\driver s\ndistapi .sys
+ Ndisuio NDIS User mode I/O driver Microsoft Corporation c:\windows\system32\driver s\ndisuio. sys
+ NdisWan Remote Access NDIS WAN Driver Microsoft Corporation c:\windows\system32\driver s\ndiswan. sys
+ NDProxy NDIS Proxy Microsoft Corporation c:\windows\system32\driver s\ndproxy. sys
+ NetBIOS NetBIOS Interface Microsoft Corporation c:\windows\system32\driver s\netbios. sys
+ netbt This service implements NetBios over TCP/IP. Microsoft Corporation c:\windows\system32\driver s\netbt.sy s
+ nmwcd Nokia USB Phone Bus Driver Nokia c:\windows\system32\driver s\ccdcmb.s ys
+ nmwcdc Nokia USB Phone Bus Driver Nokia c:\windows\system32\driver s\ccdcmbo. sys
+ Npfs NPFS Driver Microsoft Corporation c:\windows\system32\driver s\npfs.sys
+ nsiproxy NSI proxy service Microsoft Corporation c:\windows\system32\driver s\nsiproxy .sys
+ Ntfs NT File System Driver Microsoft Corporation c:\windows\system32\driver s\ntfs.sys
+ Null NULL Driver Microsoft Corporation c:\windows\system32\driver s\null.sys
+ nv_agp NForce NT AGP Filter Microsoft Corporation c:\windows\system32\driver s\nv_agp.s ys
+ NwlnkFlt IPX Traffic Filter Driver File not found: system32\DRIVERS\nwlnkflt. sys
+ NwlnkFwd IPX Traffic Forwarder Driver File not found: system32\DRIVERS\nwlnkfwd. sys
+ OemBiosDevice Release Build v1.00 PARADOX c:\windows\system32\driver s\royal.sy s
+ ohci1394 1394 OpenHCI Port Driver Microsoft Corporation c:\windows\system32\driver s\ohci1394 .sys
+ partmgr Disk class filter driver that auctions out partitions to volume managers Microsoft Corporation c:\windows\system32\driver s\partmgr. sys
+ Parvdm VDM Parallel Driver Microsoft Corporation c:\windows\system32\driver s\parvdm.s ys
+ pccsmcfd PCCS Mode Change Filter Driver Nokia c:\windows\system32\driver s\pccsmcfd .sys
+ pci NT Plug and Play PCI Enumerator Microsoft Corporation c:\windows\system32\driver s\pci.sys
+ pciide Generic PCI IDE Bus Driver Microsoft Corporation c:\windows\system32\driver s\pciide.s ys
+ pcouffin low level access layer for CD/DVD/BD devices VSO Software c:\windows\system32\driver s\pcouffin .sys
+ PEAUTH Protected Environment Authentication and Authorization Export Driver Microsoft Corporation c:\windows\system32\driver s\peauth.s ys
+ PptpMiniport WAN Miniport (PPTP) Microsoft Corporation c:\windows\system32\driver s\raspptp. sys
+ PSched QoS Packet Scheduler Microsoft Corporation c:\windows\system32\driver s\pacer.sy s
+ Pxrmcet MCETunes mini-filter driver Proxure, Inc. c:\windows\system32\driver s\pxrmcet. sys
+ QWAVEdrv Quality Windows Audio/Video Experience component driver Microsoft Corporation c:\windows\system32\driver s\qwavedrv .sys
+ R300 ATI Radeon Kernel Mode Driver ATI Technologies Inc. c:\windows\system32\driver s\atikmdag .sys
+ RasAcd Remote Access Auto Connection Driver Microsoft Corporation c:\windows\system32\driver s\rasacd.s ys
+ Rasl2tp WAN Miniport (L2TP) Microsoft Corporation c:\windows\system32\driver s\rasl2tp. sys
+ RasPppoe Remote Access PPPOE Driver Microsoft Corporation c:\windows\system32\driver s\raspppoe .sys
+ RasSstp WAN Miniport (SSTP) Microsoft Corporation c:\windows\system32\driver s\rassstp. sys
+ rdbss Provides the framework for network mini-redirectors Microsoft Corporation c:\windows\system32\driver s\rdbss.sy s
+ RDPCDD RDPDD Chained DD Microsoft Corporation c:\windows\system32\driver s\rdpcdd.s ys
+ rdpdr Microsoft RDP Device redirector Microsoft Corporation c:\windows\system32\driver s\rdpdr.sy s
+ RDPENCDD RDP Encoder Mirror Driver Microsoft Corporation c:\windows\system32\driver s\rdpencdd .sys
+ RDPWD RDP Terminal Stack Driver Microsoft Corporation c:\windows\system32\driver s\rdpwd.sy s
+ rspndr Link-Layer Topology Responder Driver for NDIS 6 Microsoft Corporation c:\windows\system32\driver s\rspndr.s ys
+ RTL8187 Realtek RTL8187 NDIS Driver Realtek Semiconductor Corporation c:\windows\system32\driver s\rtl8187. sys
+ RtlProt Realtke RtlProt WLAN Utility Protocol Driver File not found: system32\DRIVERS\rtlprot.s ys
+ secdrv Macrovision SECURITY Driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\driver s\secdrv.s ys
+ Serenum Serial Port Enumerator Microsoft Corporation c:\windows\system32\driver s\serenum. sys
+ Serial Serial Device Driver Microsoft Corporation c:\windows\system32\driver s\serial.s ys
+ sffp_mmc Small Form Factor MMC Protocol Driver Microsoft Corporation c:\windows\system32\driver s\sffp_mmc .sys
+ sffp_sd Small Form Factor SD Protocol Driver Microsoft Corporation c:\windows\system32\driver s\sffp_sd. sys
+ sisagp SIS NT AGP Filter Microsoft Corporation c:\windows\system32\driver s\sisagp.s ys
+ SjyPkt File not found: C:\Windows\System32\Driver s\SjyPkt.s ys
+ Smb Microsoft NetbiosSmb Device Driver Microsoft Corporation c:\windows\system32\driver s\smb.sys
+ spldr loader for security processor Microsoft Corporation c:\windows\system32\driver s\spldr.sy s
+ sptd c:\windows\system32\driver s\sptd.sys
+ srv Server driver Microsoft Corporation c:\windows\system32\driver s\srv.sys
+ srv2 Default SDDL for Windows Resource Protected file Microsoft Corporation c:\windows\system32\driver s\srv2.sys
+ srvnet Server Network driver Microsoft Corporation c:\windows\system32\driver s\srvnet.s ys
+ STHDA NDRC IDT, Inc. c:\windows\system32\driver s\stwrt.sy s
+ swenum Plug and Play Software Device Enumerator Microsoft Corporation c:\windows\system32\driver s\swenum.s ys
+ Tcpip TCP/IP Protocol Driver Microsoft Corporation c:\windows\system32\driver s\tcpip.sy s
+ Tcpip6 Microsoft IPv6 Protocol Driver Microsoft Corporation c:\windows\system32\driver s\tcpip.sy s
+ tcpipreg Provides compatibility for legacy applications which interact with TCP/IP through the registry. If this service is stopped, certain applications may have impaired functionality. Microsoft Corporation c:\windows\system32\driver s\tcpipreg .sys
+ TDPIPE Named Pipe Transport Driver Microsoft Corporation c:\windows\system32\driver s\tdpipe.s ys
+ TDTCP TCP Transport Driver Microsoft Corporation c:\windows\system32\driver s\tdtcp.sy s
+ tdx NetIO Legacy TDI Support Driver Microsoft Corporation c:\windows\system32\driver s\tdx.sys
+ TermDD Terminal Server Driver Microsoft Corporation c:\windows\system32\driver s\termdd.s ys
+ tmactmon Trend Micro Activity Monitor Driver Trend Micro Inc. c:\windows\system32\driver s\tmactmon .sys
+ tmcomm Trend Micro Common Engine Driver Trend Micro Inc. c:\windows\system32\driver s\tmcomm.s ys
+ tmevtmgr Trend Micro Event Manager Driver Trend Micro Inc. c:\windows\system32\driver s\tmevtmgr .sys
+ tmlwf Trend Micro NDIS 6.0 Filter Driver Trend Micro Inc. c:\windows\system32\driver s\tmlwf.sy s
+ tmpreflt Trend Filter Driver Trend Micro Inc. c:\windows\system32\driver s\tmpreflt .sys
+ tmtdi Trend Micro TDI Driver (i386-fre) Trend Micro Inc. c:\windows\system32\driver s\tmtdi.sy s
+ tmwfp Trend Micro WFP Callout Driver Trend Micro Inc. c:\windows\system32\driver s\tmwfp.sy s
+ tmxpflt Trend Functionality Driver Trend Micro Inc. c:\windows\system32\driver s\tmxpflt. sys
+ tssecsrv Terminal Services Security Filter Driver Microsoft Corporation c:\windows\system32\driver s\tssecsrv .sys
+ tunmp Microsoft Tunnel Interface Driver Microsoft Corporation c:\windows\system32\driver s\tunmp.sy s
+ tunnel Microsoft Tunnel Interface Driver Microsoft Corporation c:\windows\system32\driver s\tunnel.s ys
+ uagp35 MS AGPv3.5 Filter Microsoft Corporation c:\windows\system32\driver s\uagp35.s ys
+ uliagpkx ULi AGPv3.0 Filter for K8/9 Processor Platforms Microsoft Corporation c:\windows\system32\driver s\uliagpkx .sys
+ umbus User-Mode Bus Enumerator Microsoft Corporation c:\windows\system32\driver s\umbus.sy s
+ UMPass Generic pass-through driver Microsoft Corporation c:\windows\system32\driver s\umpass.s ys
+ upperdev Filter Driver for the Toaster Stack Windows (R) Codename Longhorn DDK provider c:\windows\system32\driver s\usbser_l owerflt.sy s
+ USBAAPL File not found: System32\Drivers\usbaapl.s ys
+ usbaudio USB Audio Class Driver Microsoft Corporation c:\windows\system32\driver s\usbaudio .sys
+ usbccgp USB Common Class Generic Parent Driver Microsoft Corporation c:\windows\system32\driver s\usbccgp. sys
+ usbehci EHCI eUSB Miniport Driver Microsoft Corporation c:\windows\system32\driver s\usbehci. sys
+ usbhub Default Hub Driver for USB Microsoft Corporation c:\windows\system32\driver s\usbhub.s ys
+ usbprint USB Printer driver Microsoft Corporation c:\windows\system32\driver s\usbprint .sys
+ usbscan USB Scanner Driver Microsoft Corporation c:\windows\system32\driver s\usbscan. sys
+ usbser USB Modem Driver Microsoft Corporation c:\windows\system32\driver s\usbser.s ys
+ UsbserFilt Filter Driver for the Toaster Stack Windows (R) Codename Longhorn DDK provider c:\windows\system32\driver s\usbser_l owerfltj.s ys
+ USBSTOR USB Mass Storage Class Driver Microsoft Corporation c:\windows\system32\driver s\usbstor. sys
+ usbuhci UHCI USB Miniport Driver Microsoft Corporation c:\windows\system32\driver s\usbuhci. sys
+ usbvideo USB Video Class Driver Microsoft Corporation c:\windows\system32\driver s\usbvideo .sys
+ vga VGA/Super VGA Video Driver Microsoft Corporation c:\windows\system32\driver s\vgapnp.s ys
+ VgaSave VGA/Super VGA Video Driver Microsoft Corporation c:\windows\system32\driver s\vga.sys
+ viaagp VIA NT AGP Filter Microsoft Corporation c:\windows\system32\driver s\viaagp.s ys
+ volmgr Volume Manager Driver Microsoft Corporation c:\windows\system32\driver s\volmgr.s ys
+ volmgrx Extension of the volume manager driver that manages software RAID volumes (spanned, striped, mirrored, RAID-5) on dynamic disks Microsoft Corporation c:\windows\system32\driver s\volmgrx. sys
+ volsnap Volume Shadow Copy Driver Microsoft Corporation c:\windows\system32\driver s\volsnap. sys
+ vsapint Trend Virus ScanEngine Trend Micro Inc. c:\windows\system32\driver s\vsapint. sys
+ Wanarp Remote Access IP ARP Driver Microsoft Corporation c:\windows\system32\driver s\wanarp.s ys
+ Wanarpv6 Remote Access IPv6 ARP Driver Microsoft Corporation c:\windows\system32\driver s\wanarp.s ys
+ Wdf01000 WDF Dynamic Microsoft Corporation c:\windows\system32\driver s\wdf01000 .sys
+ WpdUsb WPD USB Driver Microsoft Corporation c:\windows\system32\driver s\wpdusb.s ys
+ WUDFRd Windows Driver Foundation - User-mode Driver Framework Reflector Microsoft Corporation c:\windows\system32\driver s\wudfrd.s ys
+ yukonwlh Miniport Driver for Marvell Yukon Ethernet Controller. Marvell c:\windows\system32\driver s\yk60x86. sys
HKLM\System\CurrentControl Set\Contro l\Session Manager\BootExecute
+ autocheck autochk * Auto Check Utility Microsoft Corporation c:\windows\system32\autoch k.exe
+ autocheck lsdelete File not found: lsdelete
HKLM\System\CurrentControl Set\Contro l\Session Manager\KnownDlls
+ advapi32 Advanced Windows 32 Base API Microsoft Corporation c:\windows\system32\advapi 32.dll
+ clbcatq COM+ Configuration Catalog Microsoft Corporation c:\windows\system32\clbcat q.dll
+ COMDLG32 Common Dialogs DLL Microsoft Corporation c:\windows\system32\comdlg 32.dll
+ gdi32 GDI Client DLL Microsoft Corporation c:\windows\system32\gdi32. dll
+ IERTUTIL Run time utility for Internet Explorer Microsoft Corporation c:\windows\system32\iertut il.dll
+ IMAGEHLP Windows NT Image Helper Microsoft Corporation c:\windows\system32\imageh lp.dll
+ IMM32 Multi-User Windows IMM32 API Client DLL Microsoft Corporation c:\windows\system32\imm32. dll
+ kernel32 Windows NT BASE API Client DLL Microsoft Corporation c:\windows\system32\kernel 32.dll
+ LPK Language Pack Microsoft Corporation c:\windows\system32\lpk.dl l
+ MSCTF MSCTF Server DLL Microsoft Corporation c:\windows\system32\msctf. dll
+ MSVCRT Windows NT CRT DLL Microsoft Corporation c:\windows\system32\msvcrt .dll
+ NORMALIZ Unicode Normalization DLL Microsoft Corporation c:\windows\system32\normal iz.dll
+ NSI NSI User-mode interface DLL Microsoft Corporation c:\windows\system32\nsi.dl l
+ ole32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\ole32. dll
+ OLEAUT32 Microsoft Corporation c:\windows\system32\oleaut 32.dll
+ rpcrt4 Remote Procedure Call Runtime Microsoft Corporation c:\windows\system32\rpcrt4 .dll
+ Setupapi Windows Setup API Microsoft Corporation c:\windows\system32\setupa pi.dll
+ SHELL32 Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3 2.dll
+ SHLWAPI Shell Light-weight Utility Library Microsoft Corporation c:\windows\system32\shlwap i.dll
+ URLMON OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon .dll
+ user32 Multi-User Windows USER API Client DLL Microsoft Corporation c:\windows\system32\user32 .dll
+ USP10 Uniscribe Unicode script processor Microsoft Corporation c:\windows\system32\usp10. dll
+ WININET Internet Extensions for Win32 Microsoft Corporation c:\windows\system32\winine t.dll
+ WLDAP32 Win32 LDAP API DLL Microsoft Corporation c:\windows\system32\wldap3 2.dll
+ WS2_32 Windows Socket 2.0 32-Bit DLL Microsoft Corporation c:\windows\system32\ws2_32 .dll
HKCU\Control Panel\Desktop\Scrnsave.exe
+ C:\Windows\system32\PhotoS creensaver .scr Photos Screen Saver Microsoft Corporation c:\windows\system32\photos creensaver .scr
HKLM\System\CurrentControl Set\Servic es\WinSock 2\Paramete rs\Protoco l_Catalog9 \Catalog_E ntries
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{1E7 7E1A7-A7E2 -4F57-B225 -5709C88BD 875}] DATAGRAM 6 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc k.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{1E7 7E1A7-A7E2 -4F57-B225 -5709C88BD 875}] SEQPACKET 6 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc k.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{2A9 71016-126D -4038-9364 -30FA2B980 29D}] DATAGRAM 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc k.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{2A9 71016-126D -4038-9364 -30FA2B980 29D}] SEQPACKET 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc k.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4F6 B9AD0-EC2D -4104-B876 -60C9A9F62 013}] DATAGRAM 5 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc k.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4F6 B9AD0-EC2D -4104-B876 -60C9A9F62 013}] SEQPACKET 5 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc k.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{61D 08904-297A -4E50-98FB -E042FB738 68C}] DATAGRAM 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc k.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{61D 08904-297A -4E50-98FB -E042FB738 68C}] SEQPACKET 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc k.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DAD 81DFC-DF6E -4F0A-AA36 -B4178E96B 9E0}] DATAGRAM 4 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc k.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DAD 81DFC-DF6E -4F0A-AA36 -B4178E96B 9E0}] SEQPACKET 4 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc k.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{61D0 8904-297A- 4E50-98FB- E042FB7386 8C}] DATAGRAM 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc k.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{61D0 8904-297A- 4E50-98FB- E042FB7386 8C}] SEQPACKET 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc k.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{DAD8 1DFC-DF6E- 4F0A-AA36- B4178E96B9 E0}] DATAGRAM 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc k.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{DAD8 1DFC-DF6E- 4F0A-AA36- B4178E96B9 E0}] SEQPACKET 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc k.dll
+ MSAFD Tcpip [RAW/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc k.dll
+ MSAFD Tcpip [RAW/IPv6] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc k.dll
+ MSAFD Tcpip [TCP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc k.dll
+ MSAFD Tcpip [TCP/IPv6] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc k.dll
+ MSAFD Tcpip [UDP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc k.dll
+ MSAFD Tcpip [UDP/IPv6] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc k.dll
+ RSVP TCP Service Provider Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc k.dll
+ RSVP TCPv6 Service Provider Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc k.dll
+ RSVP UDP Service Provider Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc k.dll
+ RSVP UDPv6 Service Provider Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc k.dll
HKLM\System\CurrentControl Set\Servic es\WinSock 2\Paramete rs\NameSpa ce_Catalog 5\Catalog_ Entries
+ E-mail Naming Shim Provider E-mail Naming Shim Provider Microsoft Corporation c:\windows\system32\napins p.dll
+ mdnsNSP Bonjour Namespace Provider Apple Inc. c:\program files\bonjour\mdnsnsp.dll
+ Network Location Awareness Legacy (NLAv1) Namespace Network Location Awareness 2 Microsoft Corporation c:\windows\system32\nlaapi .dll
+ NTDS LDAP RnR Provider DLL Microsoft Corporation c:\windows\system32\winrnr .dll
+ PNRP Cloud Namespace Provider PNRP Name Space Provider Microsoft Corporation c:\windows\system32\pnrpns p.dll
+ PNRP Name Namespace Provider PNRP Name Space Provider Microsoft Corporation c:\windows\system32\pnrpns p.dll
+ Tcpip Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc k.dll
HKLM\SYSTEM\CurrentControl Set\Contro l\Print\Mo nitors
+ EPSON PX-A650 2KMonitor5J EPSON Bi-directional Monitor SEIKO EPSON CORPORATION c:\windows\system32\e_flma dj.dll
+ EPSON PX-A650 32MonitorBJ EPSON Bi-directional Monitor x86 SEIKO EPSON CORPORATION c:\windows\system32\e_flba dj.dll
+ LIDIL hpzlllhn LanguageMonitor Hewlett-Packard Company c:\windows\system32\hpzlll hn.dll
+ Local Port Local Spooler DLL Microsoft Corporation c:\windows\system32\locals pl.dll
+ Microsoft Shared Fax Monitor Microsoft Fax Print Monitor Microsoft Corporation c:\windows\system32\fxsmon .dll
+ PJL Language Monitor PJL Language monitor Microsoft Corporation c:\windows\system32\pjlmon .dll
+ Standard TCP/IP Port Standard TCP/IP Port Monitor DLL Microsoft Corporation c:\windows\system32\tcpmon .dll
+ USB Monitor Standard Dynamic Printing Port Monitor DLL Microsoft Corporation c:\windows\system32\usbmon .dll
+ WSD Port WSD Printer Port Monitor Microsoft Corporation c:\windows\system32\wsdmon .dll
HKLM\SYSTEM\CurrentControl Set\Contro l\Security Providers\ SecurityPr oviders
+ credssp.dll TS Single Sign On Security Package Microsoft Corporation c:\windows\system32\credss p.dll
HKLM\SYSTEM\CurrentControl Set\Contro l\Lsa\Auth entication Packages
+ C:\Windows\system32\gebyAq pm c:\windows\system32\gebyaq pm.dll
+ msv1_0 Microsoft Authentication Package v1.0 Microsoft Corporation c:\windows\system32\msv1_0 .dll
HKLM\SYSTEM\CurrentControl Set\Contro l\Lsa\Noti fication Packages
+ scecli Windows Security Configuration Editor Client Engine Microsoft Corporation c:\windows\system32\scecli .dll
HKLM\SYSTEM\CurrentControl Set\Contro l\Lsa\Secu rity Packages
+ kerberos Kerberos Security Package Microsoft Corporation c:\windows\system32\kerber os.dll
+ msv1_0 Microsoft Authentication Package v1.0 Microsoft Corporation c:\windows\system32\msv1_0 .dll
+ schannel TLS / SSL Security Provider Microsoft Corporation c:\windows\system32\schann el.dll
+ tspkg Web Service Security Package Microsoft Corporation c:\windows\system32\tspkg. dll
+ wdigest Microsoft Digest Access Microsoft Corporation c:\windows\system32\wdiges t.dll
HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \Authentic ation\Cred ential Providers
+ GenericProvider Windows Authentication UI Microsoft Corporation c:\windows\system32\authui .dll
+ NPProvider Windows Authentication UI Microsoft Corporation c:\windows\system32\authui .dll
+ PasswordProvider Windows Authentication UI Microsoft Corporation c:\windows\system32\authui .dll
+ Smartcard Credential Provider Windows Smartcard Credential Provider Microsoft Corporation c:\windows\system32\smartc ardcredent ialprovide r.dll
+ Smartcard Pin Provider Windows Smartcard Credential Provider Microsoft Corporation c:\windows\system32\smartc ardcredent ialprovide r.dll
HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \Authentic ation\Cred ential Provider Filters
+ GenericFilter Windows Authentication UI Microsoft Corporation c:\windows\system32\authui .dll
+ RemoteLogonFilter Windows Authentication UI Microsoft Corporation c:\windows\system32\authui .dll
HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \Authentic ation\PLAP Providers
+ CRasProvider RAS PLAP Credential Provider Microsoft Corporation c:\windows\system32\raspla p.dll
HKLM\SYSTEM\CurrentControl Set\Contro l\NetworkP rovider\Or der
+ LanmanWorkstation Microsoft Windows Network Microsoft Corporation c:\windows\system32\ntlanm an.dll
+ RDPNP Microsoft Terminal Services Microsoft Corporation c:\windows\system32\drprov .dll
+ webclient Web Client Network Microsoft Corporation c:\windows\system32\davcln t.dll
C:\Users\Vista\AppData\Loc al\Microso ft\Windows Sidebar\Settings.ini
+ C:\Program Files\Windows Sidebar\Gadgets\NeroDiscCo py.Gadget
+ All CPU Meter The All Cpu Meter will show you all core cpu usage and temperatures. It also displayes all core usage history. AddGadget.com C:\Users\Vista\AppData\Loc al\Microso ft\Windows Sidebar\Gadgets\All CPU Meter.gadget\Gadget.xml
+ Calendar Browse the days of the calendar. Microsoft Corporation C:\Program Files\Windows Sidebar\Gadgets\Calendar.G adget\en-U S\Gadget.x ml
+ Clock Watch the clock in your own time zone or any city in the world. Microsoft Corporation C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadg et\en-US\G adget.xml
+ Currency Convert from one currency to another. Microsoft Corporation C:\Program Files\Windows Sidebar\Gadgets\Currency.G adget\en-U S\Gadget.x ml
+ Notes Capture ideas, notes, and reminders in a quick and easy way. Microsoft Corporation C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadg et\en-US\G adget.xml
+ Stocks Monitor your favorite stocks. Microsoft Corporation C:\Program Files\Windows Sidebar\Gadgets\Stocks.Gad get\en-US\ Gadget.xml
+ Weather See what the weather looks like around the world. Microsoft Corporation C:\Program Files\Windows Sidebar\Gadgets\Weather.Ga dget\en-US \Gadget.xm l
+ Weather See what the weather looks like around the world. Microsoft Corporation C:\Program Files\Windows Sidebar\Gadgets\Weather.Ga dget\en-US \Gadget.xm l
+ Weather See what the weather looks like around the world. Microsoft Corporation C:\Program Files\Windows Sidebar\Gadgets\Weather.Ga dget\en-US \Gadget.xm l
HKLM\SOFTWARE\Microsoft\Wi
+ C:\Windows\system32\userin
HKLM\SOFTWARE\Microsoft\Wi
+ Explorer.exe Windows Explorer Microsoft Corporation c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Wi
+ AdobeCS4ServiceManager Adobe CS4 Service Manager Adobe Systems Incorporated c:\program files\common files\adobe\cs4servicemana
+ AppleSyncNotifier AppleSyncNotifier Apple Inc. c:\program files\common files\apple\mobile device support\bin\applesyncnotif
+ GroupManager c:\windows\msiupdate.exe
+ iTunesHelper iTunesHelper Module Apple Inc. c:\program files\itunes\ituneshelper.
+ JMB36X IDE Setup c:\windows\raidtool\xinsid
+ LogitechCommunicationsMana
+ LogitechQuickCamRibbon Camera Software Logicool Co., Ltd c:\program files\logicool\qcam\qcam.e
+ MSServer c:\windows\system32\ssqrlf
+ NBKeyScan File not found: C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
+ QuickTime Task QuickTime Task Apple Inc. c:\program files\quicktime\qttask.exe
+ SoundMAXPnP SMax4PNP Analog Devices, Inc. c:\program files\analog devices\core\smax4pnp.exe
+ SoundTray SoundTray.exe Sonic Focus, Inc. c:\program files\analog devices\soundmax\soundtray
+ StartCCC Catalyst® Control Center Launcher Advanced Micro Devices, Inc. c:\program files\ati technologies\ati.ace\core-
+ SunJavaUpdateSched Java(TM) Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre6\bin\jusche
+ svchosts c:\windows\system32\svchos
+ TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\program files\common files\real\update_ob\reals
+ UfSeAgnt.exe Trend Micro Server Agent Trend Micro Inc. c:\program files\trend micro\internet security\ufseagnt.exe
HKLM\SOFTWARE\Microsoft\Wi
+ MCE Tunes Extender Support LaunchExtenderSupport Module c:\program files\proxure\mce tunes pro\launchextendersupport.
C:\Users\Vista\AppData\Roa
+ Stardock ObjectDock.lnk ObjectDock Plus Stardock c:\program files\stardock\objectdock\
HKCU\Software\Microsoft\Wi
+ ehTray.exe Media Center Tray Applet Microsoft Corporation c:\windows\ehome\ehtray.ex
+ IndxStoreSvr_{79662E04-7C6
+ OE Trend Micro Anti-Spam Toolbar Trend Micro Inc. c:\program files\trend micro\internet security\tmas_oe\tmas_oemo
+ Sidebar Windows Sidebar Microsoft Corporation c:\program files\windows sidebar\sidebar.exe
+ Steam Steam Valve Corporation c:\program files\steam\steam.exe
+ WMPNSCFG Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation c:\program files\windows media player\wmpnscfg.exe
HKLM\SOFTWARE\Classes\Prot
+ application/octet-stream Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscore
+ application/x-complus Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscore
+ application/x-msdownload Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscore
+ deflate OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon
+ gzip OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon
+ text/xml Microsoft Office XML MIME Filter Microsoft Corporation c:\program files\common files\microsoft shared\office12\msoxmlmf.d
HKLM\SOFTWARE\Classes\Prot
+ about Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml
+ cdl OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon
+ dvd ActiveX control for streaming video Microsoft Corporation c:\windows\system32\msvidc
+ file OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon
+ ftp OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon
+ gopher OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon
+ http OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon
+ https OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon
+ its Microsoft® InfoTech Storage System Library Microsoft Corporation c:\windows\system32\itss.d
+ javascript Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml
+ local OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon
+ mailto Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml
+ mhtml Microsoft Internet Messaging API Resources Microsoft Corporation c:\windows\system32\inetco
+ mk OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon
+ ms-help Microsoft® Help Data Services Module Microsoft Corporation c:\program files\common files\microsoft shared\help\hxds.dll
+ ms-its Microsoft® InfoTech Storage System Library Microsoft Corporation c:\windows\system32\itss.d
+ res Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml
+ skype4com Skype for COM API Skype Technologies c:\program files\common files\skype\skype4com.dll
+ tmtb Trend Micro TrendSecure Trend Micro Inc. c:\program files\trend micro\trendsecure\tisproto
+ tv ActiveX control for streaming video Microsoft Corporation c:\windows\system32\msvidc
+ vbscript Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml
HKLM\SOFTWARE\Microsoft\Ac
+ Browser Customizations IEAK branding Microsoft Corporation c:\windows\system32\iedkcs
+ Internet Explorer IE Per-User Initialization Utility Microsoft Corporation c:\windows\system32\ie4uin
+ Internet Explorer IE Per-User Initialization Utility Microsoft Corporation c:\windows\system32\ie4uin
+ LightScribe Control Panel Hewlett-Packard Company c:\program files\common files\lightscribe\lsrunonc
+ Microsoft Windows Mail 7 Windows Mail Microsoft Corporation c:\program files\windows mail\winmail.exe
+ Microsoft Windows Media Player Microsoft Windows Media Player Setup Utility Microsoft Corporation c:\windows\system32\unregm
+ Microsoft Windows Media Player Microsoft Windows Media Player Setup Utility Microsoft Corporation c:\windows\system32\unregm
+ n/a c:\windows\system32\svchos
+ n/a Microsoft .NET IE SECURITY REGISTRATION Microsoft Corporation c:\windows\system32\mscori
+ Themes Setup Microsoft(C) Register Server Microsoft Corporation c:\windows\system32\regsvr
+ Windows Desktop Update Microsoft(C) Register Server Microsoft Corporation c:\windows\system32\regsvr
+ Windows Ultimate Extras Ultimate Extras Helper Utility Microsoft Corporation c:\windows\system32\sounds
+ Windows Ultimate Extras Ultimate Extras Helper Utility Microsoft Corporation c:\windows\system32\sounds
HKLM\SOFTWARE\Microsoft\Wi
+ Component Categories cache daemon Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ Windows DreamScene Microsoft Windows Vista Ultimate Extra: Windows DreamScene Microsoft Corporation c:\windows\system32\dreams
HKLM\SOFTWARE\Microsoft\Wi
+ 0aMCPClient Stardock MCP API Dll Stardock c:\program files\common files\stardock\mcpcore.dll
+ IconPackager Repair IconPackager Repair Module Stardock.net, Inc c:\program files\stardock\object desktop\iconpackager\iprep
+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webche
HKLM\Software\Microsoft\Wi
+ ssqrlfus.dll c:\windows\system32\ssqrlf
HKLM\Software\Classes\*\Sh
+ BriefcaseMenu Windows Briefcase Microsoft Corporation c:\windows\system32\syncui
+ Cover Designer Cover Designer Nero AG c:\program files\nero\nero 9\nero coverdesigner\coveredexten
+ EPPShellEx SEIKO EPSON CORPORATION c:\program files\epson\creativity suite\easy photo print\eppshell.dll
+ IconPackager IconPackager Shell Extension Stardock.net, Inc c:\program files\stardock\object desktop\iconpackager\shell
+ MagicISO MagicISO Shell Extension Module MagicISO, Inc. c:\program files\magiciso\misosh.dll
+ moveonboot_delete GiPo@MoveOnBoot Shell Extension that used for deleting or moving files during OS reboot Gibin Software House (http://www.gibinsoft.net) c:\program files\gipo@utilities\gipo@
+ Open With Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
+ Open With EncryptionMenu Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
+ Sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshru
+ Start Menu Pin Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
+ TMD Shell Extension Tmdshell Dynamic Link Library Trend Micro Inc. c:\program files\trend micro\internet security\tmdshell.dll
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Classes\AllF
+ Client Side Caching UI Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.
+ CopyAsPathMenu Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
+ Previous Versions Property Page Previous Versions property page Microsoft Corporation c:\windows\system32\twext.
+ Send To Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
HKLM\Software\Classes\Dire
+ EncryptionMenu Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
+ MagicISO MagicISO Shell Extension Module MagicISO, Inc. c:\program files\magiciso\misosh.dll
+ Offline Files Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.
+ Previous Versions Property Page Previous Versions property page Microsoft Corporation c:\windows\system32\twext.
+ Sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshru
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Dire
+ HardLinkShlExt GiPo@MoveOnBoot Shell Extension that used for deleting or moving files during OS reboot Gibin Software House (http://www.gibinsoft.net) c:\program files\gipo@utilities\gipo@
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Dire
+ DfsShell Class Distributed File System shell extension Microsoft Corporation c:\windows\system32\dfsshl
+ Folder Customization Tab Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
+ GiPoPPShellEx GiPo@Utilities Shell (Property Page) Gibin Software House (http://www.gibinsoft.net) c:\program files\common files\gibinsoft shared\gu_shell.dll
+ MyFolder menu and properties My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs
+ Offline Files Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.
+ Previous Versions Property Page Previous Versions property page Microsoft Corporation c:\windows\system32\twext.
+ Security Shell Extension Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32
+ Sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshru
HKLM\Software\Classes\Dire
+ FileSystem Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
+ Nokia Phone Browser Nokia c:\program files\nokia\nokia pc suite 7\phonebrowser.dll
+ Sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshru
HKLM\Software\Classes\Fold
+ BriefcaseMenu Windows Briefcase Microsoft Corporation c:\windows\system32\syncui
+ MagicISO MagicISO Shell Extension Module MagicISO, Inc. c:\program files\magiciso\misosh.dll
+ Offline Files Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.
+ TMD Shell Extension Tmdshell Dynamic Link Library Trend Micro Inc. c:\program files\trend micro\internet security\tmdshell.dll
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Dire
+ ACE ACE Context Menu c:\program files\ati technologies\ati.ace\core-
+ DreamScene Microsoft Windows Vista Ultimate Extra: Windows DreamScene Microsoft Corporation c:\windows\system32\dreams
+ New Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
HKLM\Software\Microsoft\Wi
+ Offline Files Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.
HKLM\Software\Microsoft\Wi
+ &Address Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ &Links Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ .CAB file viewer Cabinet File Viewer Shell Extension Microsoft Corporation c:\windows\system32\cabvie
+ .contact shell extension handler Microsoft (R) Contacts DLL Microsoft Corporation c:\program files\common files\system\wab32.dll
+ .cpl, .dll, .exe, .ocx, .rll or .sys files Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
+ .fon, .otf, .ttc or .ttf files Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
+ .group shell extension handler Microsoft (R) Contacts DLL Microsoft Corporation c:\program files\common files\system\wab32.dll
+ ActiveX Cache Folder Object Control Viewer Microsoft Corporation c:\windows\system32\occach
+ Add New Hardware Add Hardware Wizard Microsoft Corporation c:\windows\system32\hdwwiz
+ Address EditBox Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ Administrative Tools Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Alphabetical Categorizer Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
+ Audio Media Properties Handler Media Metadata Handler Microsoft Corporation c:\windows\system32\mediam
+ AutoPlay Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Backup and Restore Center Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ BandProxy Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ BitLocker Drive Encryption CPL Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Briefcase Windows Briefcase Microsoft Corporation c:\windows\system32\syncui
+ Catalyst Context Menu extension ACE Context Menu c:\program files\ati technologies\ati.ace\core-
+ Client application shell extension Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
+ Client Side Cache Namespace Extension MSSearch Vista Platform Microsoft Corporation c:\windows\system32\mssvp.
+ Code Download Agent Web Site Monitor Microsoft Corporation c:\windows\system32\webche
+ Color Control Panel Applet Microsoft Color Control Panel Microsoft Corporation c:\windows\system32\colorc
+ Command Folder Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
+ Common Places Folder Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Compatibility Property Page Compatibility Tab Shell Extension Library Microsoft Corporation c:\windows\system32\acppag
+ Compressed (zipped) Folder Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfld
+ Compressed (zipped) Folder Context Menu Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfld
+ Compressed (zipped) Folder Drop Handler Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfld
+ Compressed (zipped) Folder Right Drag Handler Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfld
+ Compressed (zipped) Folder SendTo Target Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfld
+ Computers and Devices Network Explorer Microsoft Corporation c:\windows\system32\networ
+ contact_wab_auto_file Microsoft (R) Contacts DLL Microsoft Corporation c:\program files\common files\system\wab32.dll
+ Control Panel Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
+ Control Panel command object for Start menu Windows Control Panel Microsoft Corporation c:\windows\system32\contro
+ Crypto PKO Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\crypte
+ Crypto Sign Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\crypte
+ Custom MRU AutoCompleted List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ Darwin App Publisher Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz
+ Default Programs command object for Start menu Windows Control Panel Microsoft Corporation c:\windows\system32\contro
+ Desktop Shortcut Send Mail Microsoft Corporation c:\windows\system32\sendma
+ Device Manager Device Manager MMC Snapin Microsoft Corporation c:\windows\system32\devmgr
+ DfsShell.DfsShell Property Sheet Distributed File System shell extension Microsoft Corporation c:\windows\system32\dfsshl
+ Directory Context Menu Verbs Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiex
+ Directory Object Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquer
+ Directory Property UI Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiex
+ Directory Query UI Directory Service Find Microsoft Corporation c:\windows\system32\dsquer
+ Directory Start/Search Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquer
+ Disk Copy Extension Windows DiskCopy Microsoft Corporation c:\windows\system32\diskco
+ Disk Quota UI Windows Shell Disk Quota UI DLL Microsoft Corporation c:\windows\system32\dskquo
+ Display Adapter CPL Extension Advanced display adapter properties Microsoft Corporation c:\windows\system32\deskad
+ Display Monitor CPL Extension Advanced display monitor properties Microsoft Corporation c:\windows\system32\deskmo
+ Display TroubleShoot CPL Extension Advanced display performance properties Microsoft Corporation c:\windows\system32\deskpe
+ DropTarget Object for Photo Printing Wizard Photo Printing Wizard Microsoft Corporation c:\windows\system32\photow
+ DS Security Page Directory Service Security UI Microsoft Corporation c:\windows\system32\dssec.
+ E-mail Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Ease of Access Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ EMDFileProperties ReadyBoost Service Microsoft Corporation c:\windows\system32\emdmgm
+ Execute Folder ExplorerFrame Microsoft Corporation c:\windows\system32\explor
+ Explorer Browser Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
+ Explorer Navigation Bar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ Explorer Search Band Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ Explorer Travel Band Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ Extensions Manager Folder Extensions Manager Microsoft Corporation c:\windows\system32\extmgr
+ File Backup Index Microsoft® Windows Backup Shell Extension Microsoft Corporation c:\windows\system32\sdshex
+ File Open Dialog Common Dialogs DLL Microsoft Corporation c:\windows\system32\comdlg
+ File Save Dialog Common Dialogs DLL Microsoft Corporation c:\windows\system32\comdlg
+ Folder Options Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
+ Fonts Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ For &People... Find People Microsoft Corporation c:\program files\windows mail\wabfind.dll
+ FTP Folders Webview Microsoft Internet Explorer FTP Folder Shell Extension Microsoft Corporation c:\windows\system32\msieftp.dll
+ Games Folder Games Explorer Microsoft Corporation c:\windows\system32\gameux
+ GameUX.RichGameMediaThumbn
+ Get Programs Online Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz
+ Global Folder Settings Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ group_wab_auto_file Microsoft (R) Contacts DLL Microsoft Corporation c:\program files\common files\system\wab32.dll
+ Help and Support Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Help and Support Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ History Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ HTML Document Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml
+ ICC Profile Microsoft Color Control Panel Microsoft Corporation c:\windows\system32\coloru
+ ICM Monitor Management Microsoft Color Control Panel Microsoft Corporation c:\windows\system32\coloru
+ ICM Printer Management Microsoft Color Control Panel Microsoft Corporation c:\windows\system32\coloru
+ ICM Scanner Management Microsoft Color Control Panel Microsoft Corporation c:\windows\system32\coloru
+ IconPackager Context Menu IconPackager Shell Extension Stardock.net, Inc c:\program files\stardock\object desktop\iconpackager\shell
+ IconPackager Icon Handler IconPackager Shell Extension Stardock.net, Inc c:\program files\stardock\object desktop\iconpackager\shell
+ IE AutoComplete Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ IE BandProxy Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ IE Custom MRU AutoCompleted List Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ IE Fade Task Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ IE IShellFolderBand Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ IE Menu Band Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ IE Menu Desk Bar Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ IE Menu Site Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ IE Microsoft BrowserBand Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ IE Microsoft History AutoComplete List Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ IE Microsoft Multiple AutoComplete List Container Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ IE Microsoft Shell Folder AutoComplete List Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ IE MRU AutoComplete List Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ IE Navigation Bar Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ IE Registry Tree Options Utility Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ IE RSS Feeder Folder Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ IE Search Band Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ IE Shell Band Site Menu Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ IE Shell Rebar BandSite Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ IE Tracking Shell Menu Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ IE User Assist Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ IGD Property Sheet Handler Internet Gateway Device properties Microsoft Corporation c:\windows\system32\icsigd
+ In-pane search Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ Install New Programs Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz
+ Installed Updates Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz
+ Internet Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Internet Name Space Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ InternetShortcut Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ IPropertyStore Handler for Images Photo Metadata Handler Microsoft Corporation c:\windows\system32\photom
+ iSCSI Initiator Microsoft iSCSI Initiator Configuration Tool Microsoft Corporation c:\windows\system32\iscsic
+ iTunes iTunes Mini Player DLL Apple Inc. c:\program files\itunes\itunesminipla
+ Layout Folder Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
+ Mail Service Send Mail Microsoft Corporation c:\windows\system32\sendma
+ Manage Wireless Networks Wireless Preferred Networks Microsoft Corporation c:\windows\system32\wlanpr
+ MAPI Search Namespace Extension MSSearch Vista Platform Microsoft Corporation c:\windows\system32\mssvp.
+ Microsoft Agent Character Property Sheet Handler Microsoft Agent Property Sheet Handler Microsoft Corporation c:\windows\msagent\agentps
+ Microsoft AutoComplete Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ Microsoft Breadcrumb Bar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ Microsoft Browser Architecture Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ Microsoft BrowserBand Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ Microsoft CommBand Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ Microsoft Data Link OLE DB Core Services Microsoft Corporation c:\program files\common files\system\ole db\oledb32.dll
+ Microsoft History AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ Microsoft Internet Toolbar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ Microsoft Multiple AutoComplete List Container Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ Microsoft Office HTML Icon Handler 2007 Microsoft Office component Microsoft Corporation c:\program files\microsoft office\office12\msohevi.dl
+ Microsoft Office Metadata Handler Microsoft Office Shell Extension Handlers Microsoft Corporation c:\program files\common files\microsoft shared\office12\msoshext.d
+ Microsoft Office Outlook Custom Icon Handler Outlook Shell Hook for Start/Find Microsoft Corporation c:\program files\microsoft office\office12\olkfstub.d
+ Microsoft Office Outlook Desktop Icon Handler Microsoft Shell Extension Library Microsoft Corporation c:\program files\microsoft office\office12\mlshext.dl
+ Microsoft Office Thumbnail Handler Microsoft Office Shell Extension Handlers Microsoft Corporation c:\program files\common files\microsoft shared\office12\msoshext.d
+ Microsoft Power Options Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Microsoft Shell Folder AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ Microsoft Url History Service Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ Microsoft Url Search Hook Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ Microsoft Web Browser Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ Microsoft Windows Font File Context Menu Handler Windows Font Folder Microsoft Corporation c:\windows\system32\fontex
+ Microsoft Windows Font File Icon Handler Windows Font Folder Microsoft Corporation c:\windows\system32\fontex
+ Microsoft Windows Font Folder Windows Font Folder Microsoft Corporation c:\windows\system32\fontex
+ Microsoft Windows Font Previewer Windows Font Folder Microsoft Corporation c:\windows\system32\fontex
+ Microsoft Windows Mail Html Preview Handler Microsoft Internet Messaging API Resources Microsoft Corporation c:\windows\system32\inetco
+ Microsoft Windows Mail Html Preview Handler Microsoft Internet Messaging API Resources Microsoft Corporation c:\windows\system32\inetco
+ Microsoft Windows Mail Html Preview Handler Microsoft Internet Messaging API Resources Microsoft Corporation c:\windows\system32\inetco
+ Microsoft Windows MAPI Preview Handler MSSearch Vista Platform Microsoft Corporation c:\windows\system32\mssvp.
+ Microsoft Windows RTF Preview Handler Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
+ Microsoft XPS Properties Package Document Shell Extension Handler Microsoft Corporation c:\windows\system32\xpsshh
+ Microsoft XPS Thumbnail Package Document Shell Extension Handler Microsoft Corporation c:\windows\system32\xpsshh
+ Microsoft.ScannersAndCamer
+ MMC Icon Handler MMC Shell Extension DLL Microsoft Corporation c:\windows\system32\mmcshe
+ Mobility Center Control Panel Windows Mobility Center Microsoft Corporation c:\windows\system32\mblctr
+ MRU AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ MSHTML Document Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml
+ MyDocs Drop Target My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs
+ MyDocuments menu and properties My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs
+ MyFolder Properties My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs
+ NeroCoverEd Live Icons Cover Designer Nero AG c:\program files\nero\nero 9\nero coverdesigner\coveredexten
+ nethood delegate folder Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Network and Sharing Center Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Network Connections Network Connections Shell Microsoft Corporation c:\windows\system32\netshe
+ Network Connections Network Connections Shell Microsoft Corporation c:\windows\system32\netshe
+ Network Explorer Property Sheet Handler Advanced network device properties Microsoft Corporation c:\windows\system32\ncdpro
+ Network Map Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ New Shortcut Wizard Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz
+ New Shortcut Wizard Modal Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz
+ Nokia Phone Browser Phone Browser Nokia c:\program files\nokia\nokia pc suite 7\phonebrowser.dll
+ NTFS Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32
+ Office Document Property Handler Microsoft Property System Microsoft Corporation c:\windows\system32\propsy
+ Offline Files Context Menu Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.
+ Offline Files Folder Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.
+ Offline Files Folder Options Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.
+ Offline Files Icon Overlay Handler Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.
+ Offline Files Property Sheet Extension Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.
+ OLE Docfile Property Page OLE DocFile Property Page Microsoft Corporation c:\windows\system32\docpro
+ OlePrn.PrinterURL Oleprn DLL Microsoft Corporation c:\windows\system32\oleprn
+ Parental Controls Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Performance Information and Tools Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Personalization CPL Provider Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Photo Thumbnail Extractor Photo Metadata Handler Microsoft Corporation c:\windows\system32\photom
+ Photo Thumbnail Provider Photo Metadata Handler Microsoft Corporation c:\windows\system32\photom
+ PhotoAcqDropTarget Photo Acquisition Microsoft Corporation c:\program files\windows photo gallery\photoacq.dll
+ PlusPack CPL Extension Windows Theme API Microsoft Corporation c:\windows\system32\themeu
+ Portable Devices Portable Devices Shell Extension Microsoft Corporation c:\windows\system32\wpdshe
+ Portable Devices Menu Portable Devices Shell Extension Microsoft Corporation c:\windows\system32\wpdshe
+ Portable Media Devices Portable Media Devices Shell Extension Microsoft Corporation c:\windows\system32\audiod
+ Previous Versions Previous Versions property page Microsoft Corporation c:\windows\system32\twext.
+ Previous Versions Property Page Previous Versions property page Microsoft Corporation c:\windows\system32\twext.
+ Print Ordering via the Web Windows Shell Web Services Microsoft Corporation c:\windows\system32\shwebs
+ Printers Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32
+ printhood delegate folder Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Problem Reports and Solutions Problem Reports and Solutions Microsoft Corporation c:\windows\system32\wercon
+ Programs and Features Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz
+ Programs Folder and Fast Items Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
+ Property Labels Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Public Folder Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Registry Tree Options Utility Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ Remote Sessions CPL Extension Remote Sessions CPL Extension Microsoft Corporation c:\windows\system32\remote
+ RichGameMediaPropertyStore
+ Run... Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Search Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Search Band Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ Search Control Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ Search Execute Command ExplorerFrame Microsoft Corporation c:\windows\system32\explor
+ Search Folder Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Search Folders Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
+ Set Program Access and Defaults Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Set User Defaults Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Shell Band Site Menu Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ Shell DeskBarApp Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ Shell DocObject Viewer Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ Shell extensions for Microsoft Windows Network objects Network object shell UI Microsoft Corporation c:\windows\system32\ntlanu
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\real\realplayer\rpsh
+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshru
+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshru
+ Shell extensions for Windows Script Host Microsoft (R) Shell Extension for Windows Script Host Microsoft Corporation c:\windows\system32\wshext
+ Shell Icon Handler for Application References Application Deployment Support Library Microsoft Corporation c:\windows\system32\dfshim
+ Shell Message Handler Microsoft Internet Messaging API Resources Microsoft Corporation c:\windows\system32\inetco
+ Shell properties for a DS object Directory Service Find Microsoft Corporation c:\windows\system32\dsquer
+ Shell Publishing Wizard Object Windows Shell Web Services Microsoft Corporation c:\windows\system32\shwebs
+ Shell Rebar BandSite Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ ShellLink for Application References Application Deployment Support Library Microsoft Corporation c:\windows\system32\dfshim
+ Shortcut Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
+ Show Desktop Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Speech Recognition Options Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Start Menu OEM Command Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Subscription Folder Web Site Monitor Microsoft Corporation c:\windows\system32\webche
+ Subscription Mgr Web Site Monitor Microsoft Corporation c:\windows\system32\webche
+ Summary Info Thumbnail handler (DOCFILES) Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
+ Sync Center Conflict Delegate Folder Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce
+ Sync Center Conflict Folder Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce
+ Sync Center Conflict Properties Extension Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce
+ Sync Center Device Notification Sink Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce
+ Sync Center Event Properties Extension Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce
+ Sync Center Folder Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce
+ Sync Center Handler Properties Extension Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce
+ Sync Center Item Properties Extension Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce
+ Sync Center Simple Conflict Presenter Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce
+ Sync Results Delegate Folder Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce
+ Sync Results Folder Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce
+ Sync Setup Delegate Folder Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce
+ Sync Setup Folder Microsoft Sync Center Microsoft Corporation c:\windows\system32\syncce
+ System Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Tablet PC Input Panel Microsoft Tablet Input Band Microsoft Corporation c:\program files\common files\microsoft shared\ink\tipband.dll
+ Taskbar and Start Menu Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
+ Temporary Internet Files Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ Temporary Internet Files Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ The Internet Internet Explorer Microsoft Corporation c:\windows\system32\iefram
+ TMD Shell Extension Tmdshell Dynamic Link Library Trend Micro Inc. c:\program files\trend micro\internet security\tmdshell.dll
+ Touch Band Microsoft Tablet PC Touch Input Component Microsoft Corporation c:\windows\system32\touchx
+ Tree property value folder Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
+ User Accounts Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ User Accounts Advanced User Accounts Control Panel Microsoft Corporation c:\windows\system32\netplw
+ User Assist Shell Browser UI Library Microsoft Corporation c:\windows\system32\browse
+ users files delegate folder Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ VBPropSheet VBProp Dynamic Link Library Trend Micro Inc. c:\program files\trend micro\internet security\vbprop.dll
+ Video Media Properties Handler Media Metadata Handler Microsoft Corporation c:\windows\system32\mediam
+ Video Thumbnail Extractor Media Metadata Handler Microsoft Corporation c:\windows\system32\mediam
+ View Available Networks View Available Networks Microsoft Corporation c:\windows\system32\van.dl
+ Web Printer Shell Extension Printer Settings User Interface Microsoft Corporation c:\windows\system32\printu
+ Web Publishing Wizard Windows Shell Web Services Microsoft Corporation c:\windows\system32\shwebs
+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webche
+ WebCheck SyncMgr Handler Web Site Monitor Microsoft Corporation c:\windows\system32\webche
+ WebCheckWebCrawler Web Site Monitor Microsoft Corporation c:\windows\system32\webche
+ Welcome Center Welcome Center Microsoft Corporation c:\windows\system32\oobefl
+ Window Switcher Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Window TXT Preview Handler Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
+ Windows Contact Preview Handler Microsoft (R) Contacts DLL Microsoft Corporation c:\program files\common files\system\wab32.dll
+ Windows Defender Windows Defender User Interface Microsoft Corporation c:\program files\windows defender\msascui.exe
+ Windows Defender IOfficeAntiVirus implementation IOfficeAntiVirus Module Microsoft Corporation c:\program files\windows defender\mpoav.dll
+ Windows Features Windows Features Microsoft Corporation c:\windows\system32\option
+ Windows Firewall Windows Firewall Control Panel Microsoft Corporation c:\windows\system32\firewa
+ Windows gadget DropTarget Sidebar droptarget Microsoft Corporation c:\program files\windows sidebar\sbdrop.dll
+ Windows Media Player Windows Media Player Deskband Microsoft Corporation c:\program files\windows media player\wmpband.dll
+ Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshe
+ Windows Media Player Burn Audio CD Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshe
+ Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshe
+ Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshe
+ Windows Media Player Shop Music Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshe
+ Windows Photo Gallery Viewer Image Verbs Windows Photo Gallery Microsoft Corporation c:\program files\windows photo gallery\photoviewer.dll
+ Windows Photo Gallery Viewer Video Verbs Windows Photo Gallery Microsoft Corporation c:\program files\windows photo gallery\photoviewer.dll
+ Windows Sidebar Properties Windows Sidebar Microsoft Corporation c:\program files\windows sidebar\sidebar.exe
+ Windows SideShow Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Windows Ultimate Extras Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ Windows Update Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
+ WinRAR shell extension c:\program files\winrar\rarext.dll
+ WPL property store Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocv
HKLM\Software\Microsoft\Wi
+ Google Toolbar Notifier BHO GoogleToolbarNotifier Google Inc. c:\program files\google\googletoolbar
+ Java(tm) Plug-In 2 SSV Helper Java(TM) Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre6\bin\jp2ssv
+ Java(tm) Plug-In SSV Helper Java(TM) Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre6\bin\ssv.dl
+ Skype add-on (mastermind) Skype add-on for IE Skype Technologies S.A. c:\program files\skype\toolbars\inter
+ TSToolbarBHO Trend Micro TrendSecure Trend Micro Inc. c:\program files\trend micro\trendsecure\tisproto
+ TSToolbarBHO File not found: C:\Program Files\Trend Micro\TrendSecure\Transact
+ {5BE92300-3F82-4DE0-8813-8
HKCU\Software\Microsoft\In
+ Microsoft Url Search Hook Internet Explorer Microsoft Corporation c:\windows\system32\iefram
HKLM\Software\Microsoft\In
+ TransactionProtector File not found: C:\Program Files\Trend Micro\TrendSecure\Transact
+ Trend Micro Toolbar Trend Micro TrendSecure Trend Micro Inc. c:\program files\trend micro\trendsecure\tisproto
HKLM\Software\Microsoft\In
+ Uninstall BitDefender Online Scanner v8 c:\windows\bdoscandel.exe
Task Scheduler
+ \Ad-Aware Update (Daily) File not found: C:\Program Files\Lavasoft\Ad-Aware\Ad
+ \Apple\AppleSoftwareUpdate
+ \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) Windows Rights Management client Microsoft Corporation c:\windows\system32\msdrm.
+ \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) Windows Rights Management client Microsoft Corporation c:\windows\system32\msdrm.
+ \Microsoft\Windows\Bluetoo
+ \Microsoft\Windows\Certifi
+ \Microsoft\Windows\Certifi
+ \Microsoft\Windows\Certifi
+ \Microsoft\Windows\Custome
+ \Microsoft\Windows\Custome
+ \Microsoft\Windows\Defrag\
+ \Microsoft\Windows\Defrag\
+ \Microsoft\Windows\DiskDia
+ \Microsoft\Windows\Media Center\ehDRMInit Digital Cable device registration application. Microsoft Corporation c:\windows\ehome\ehprivjob
+ \Microsoft\Windows\Media Center\mcupdate Windows Media Center Store Update Manager Microsoft Corporation c:\windows\ehome\mcupdate.
+ \Microsoft\Windows\Media Center\OCURActivate Digital Cable device registration application. Microsoft Corporation c:\windows\ehome\ehprivjob
+ \Microsoft\Windows\Media Center\OCURDiscovery Digital Cable device registration application. Microsoft Corporation c:\windows\ehome\ehprivjob
+ \Microsoft\Windows\Media Center\UpdateRecordPath Digital Cable device registration application. Microsoft Corporation c:\windows\ehome\ehprivjob
+ \Microsoft\Windows\MobileP
+ \Microsoft\Windows\MobileP
+ \Microsoft\Windows\MUI\LPR
+ \Microsoft\Windows\MUI\Mcb
+ \Microsoft\Windows\Multime
+ \Microsoft\Windows\Network
+ \Microsoft\Windows\PLA\Sys
+ \Microsoft\Windows\RAC\RAC
+ \Microsoft\Windows\RemoteA
+ \Microsoft\Windows\Shell\C
+ \Microsoft\Windows\SideSho
+ \Microsoft\Windows\SideSho
+ \Microsoft\Windows\SideSho
+ \Microsoft\Windows\SideSho
+ \Microsoft\Windows\SystemR
+ \Microsoft\Windows\Tcpip\I
+ \Microsoft\Windows\Tcpip\I
+ \Microsoft\Windows\TextSer
+ \Microsoft\Windows\UPnP\UP
+ \Microsoft\Windows\WDI\Res
+ \Microsoft\Windows\Windows
+ \Microsoft\Windows\Wired\G
+ \Microsoft\Windows\Wireles
+ \RtlVistaStart File not found: C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
+ \User_Feed_Synchronization
+ \{9B144388-B252-441F-9357-
+ \{CA75283D-473D-4550-8B6A-
HKLM\System\CurrentControl
+ AEADIFilters Andrea filters APO access service (32-bit) Andrea Electronics Corporation c:\windows\system32\aeadis
+ AeLookupSvc Processes application compatibility cache requests for applications as they are launched Microsoft Corporation c:\windows\system32\aelups
+ Apple Mobile Device Provides the interface to Apple mobile devices. Apple Inc. c:\program files\common files\apple\mobile device support\bin\applemobiledev
+ Ati External Event Utility ATI External Event Utility EXE Module ATI Technologies Inc. c:\windows\system32\ati2ev
+ AudioEndpointBuilder Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start Microsoft Corporation c:\windows\system32\audios
+ Audiosrv Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start Microsoft Corporation c:\windows\system32\audios
+ BFE The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. Microsoft Corporation c:\windows\system32\bfe.dl
+ BITS Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information. Microsoft Corporation c:\windows\system32\qmgr.d
+ Bonjour Service Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network. Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour, any network service that explicitly depends on it will fail to start. Apple Inc. c:\program files\bonjour\mdnsresponde
+ Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\browse
+ CryptSvc Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\crypts
+ CscService The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state. Microsoft Corporation c:\windows\system32\cscsvc
+ DcomLaunch Provides launch functionality for DCOM services. Microsoft Corporation c:\windows\system32\rpcss.
+ Dhcp Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\dhcpcs
+ Dnscache The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\dnsrsl
+ DPS The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\dps.dl
+ ehstart Starts Windows Media Center Scheduler and Windows Media Center Receiver services at startup if TV is enabled within Windows Media Center. Microsoft Corporation c:\windows\ehome\ehstart.d
+ EMDMgmt Provides support for improving system performance using ReadyBoost. Microsoft Corporation c:\windows\system32\emdmgm
+ Eventlog This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system. Microsoft Corporation c:\windows\system32\wevtsv
+ EventSystem Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\es.dll
+ FDResPub Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network. Microsoft Corporation c:\windows\system32\fdresp
+ gpsvc The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is stopped or disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is stopped or disabled. Microsoft Corporation c:\windows\system32\gpsvc.
+ gusvc gusvc Google c:\program files\google\common\google
+ hidserv Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\hidser
+ IKEEXT The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running. Microsoft Corporation c:\windows\system32\ikeext
+ iPAHelper.exe iPod Access Helper Module c:\program files\ipod access for windows\ipahelper.exe
+ IPBusEnum The PnP-X bus enumerator service manages the virtual network bus. It discovers network connected devices using the SSDP/WS discovery protocols and gives them presence in PnP. If this service is stopped or disabled, presence of NCD devices will not be maintained in PnP. All pnpx based scenarios will stop functioning. Microsoft Corporation c:\windows\system32\ipbuse
+ iphlpsvc Provides automatic IPv6 connectivity over an IPv4 network. If this service is stopped, the machine will only have IPv6 connectivity if it is connected to a native IPv6 network. Microsoft Corporation c:\windows\system32\iphlps
+ KtmRm Coordinates transactions between MSDTC and the Kernel Transaction Manager (KTM). Microsoft Corporation c:\windows\system32\msdtck
+ LanmanServer Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\srvsvc
+ LanmanWorkstation Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\wkssvc
+ LightScribeService Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work. Hewlett-Packard Company c:\program files\common files\lightscribe\lssrvc.e
+ lmhosts Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\lmhsvc
+ LVCOMSer Logitech Video COM Service Logicool Co., Ltd c:\program files\common files\logishrd\lvcomser\lv
+ LVPrcSrv Injector service Logicool Co., Ltd c:\program files\common files\logishrd\lvmvfm\lvpr
+ Mcx2Svc Allows Windows Media Center Extender devices to locate and connect to the computer. Microsoft Corporation c:\windows\system32\mcx2sv
+ MMCSS Enables relative prioritization of work based on system-wide task priorities. This is intended mainly for multimedia applications. If this service is stopped, individual tasks resort to their default priority. Microsoft Corporation c:\windows\system32\mmcss.
+ MpsSvc Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network. Microsoft Corporation c:\windows\system32\mpssvc
+ MSSQL$MYMOVIES Provides storage, processing and controlled access of data and rapid transaction processing. Microsoft Corporation c:\program files\microsoft sql server\mssql.1\mssql\binn\
+ Nero BackItUp Scheduler 4.0 Nero BackItUp Scheduler 4.0 is responsible to control all jobs created using Nero BackItUp. These jobs can create backups of selected files/folders/partitions or complete hard disk to hard disk, network drive, disc or FTP. Nero AG c:\program files\common files\nero\nero backitup 4\nbservice.exe
+ netprofm Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change. Microsoft Corporation c:\windows\system32\netpro
+ NlaSvc Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\nlasvc
+ NoIPDUCService No-IP.com DUC Vitalwerks LLC c:\program files\no-ip\duc20.exe
+ nsi This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start. Microsoft Corporation c:\windows\system32\nsisvc
+ PcaSvc Provides support for the Program Compatibility Assistant. If this service is stopped, the Program Compatibility Assistant will not function properly. If this service is disabled, any services that depend on it will fail to start. Microsoft Corporation c:\windows\system32\pcasvc
+ PlugPlay Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Microsoft Corporation c:\windows\system32\umpnpm
+ PolicyAgent Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool "netsh ipsec". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Firewall is not available when this service is stopped. Microsoft Corporation c:\windows\system32\ipsecs
+ ProfSvc This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully logon or logoff, applications may have problems getting to users' data, and components registered to receive profile event notifications will not receive them. Microsoft Corporation c:\windows\system32\profsv
+ ProtexisLicensing Protexis Licensing Service c:\windows\system32\psiser
+ RoxLiveShare10 Allows remote users to view through WEB browsers your authorized multimedia content managed by Roxio Media Manager9. File not found: C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxL
+ RpcSs Serves as the endpoint mapper and COM Service Control Manager. If this service is stopped or disabled, programs using COM or Remote Procedure Call (RPC) services will not function properly. Microsoft Corporation c:\windows\system32\rpcss.
+ SamSs The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled. Microsoft Corporation c:\windows\system32\lsass.
+ Schedule Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\scheds
+ seclogon Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\seclog
+ Security Activity Dashboard Service Security Activity Dashboard Service Description Trend Micro Inc. c:\program files\trend micro\trendsecure\security
+ SENS Monitors system events and notifies subscribers to COM+ Event System of these events. Microsoft Corporation c:\windows\system32\sens.d
+ SessionLauncher Sonic File not found: C:\Users\Vista\AppData\Loc
+ SfCtlCom Manages all components of Trend Micro Internet Security. Trend Micro Inc. c:\program files\trend micro\internet security\sfctlcom.exe
+ SharedAccess Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Microsoft Corporation c:\windows\system32\ipnath
+ ShellHWDetection Provides notifications for AutoPlay hardware events. Microsoft Corporation c:\windows\system32\shsvcs
+ SlingAgentService Enables Clip + Sling functionality for SlingPlayer(v0.9.0.136) Sling Media Inc. c:\program files\sling media\slingagent\slingagen
+ slsvc Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a reduced function mode. Microsoft Corporation c:\windows\system32\slsvc.
+ Spooler Loads files to memory for later printing Microsoft Corporation c:\windows\system32\spools
+ SQLBrowser Provides SQL Server connection information to client computers. Microsoft Corporation c:\program files\microsoft sql server\90\shared\sqlbrowse
+ SQLWriter Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure. Microsoft Corporation c:\program files\microsoft sql server\90\shared\sqlwriter
+ STacSV Manages audio jack configurations. IDT, Inc. c:\windows\system32\stacsv
+ stisvc Provides image acquisition services for scanners and cameras Microsoft Corporation c:\windows\system32\wiaser
+ SysMain Maintains and improves system performance over time. Microsoft Corporation c:\windows\system32\sysmai
+ TabletInputService Enables Tablet PC pen and ink functionality Microsoft Corporation c:\windows\system32\tabsvc
+ TBS Enables access to the Trusted Platform Module (TPM), which provides hardware-based cryptographic services to system components and applications. If this service is stopped or disabled, applications will be unable to use keys protected by the TPM. Microsoft Corporation c:\windows\system32\tbssvc
+ TermService Allows users to connect interactively to a remote computer. Remote Desktop and Terminal Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item. Microsoft Corporation c:\windows\system32\termsr
+ Themes Provides user experience theme management. Microsoft Corporation c:\windows\system32\shsvcs
+ TMBMServer Manages the Trend Micro unauthorized change prevention feature Trend Micro Inc. c:\program files\trend micro\bm\tmbmsrv.exe
+ TmPfw Manages the Trend Micro Personal Firewall. Trend Micro Inc. c:\program files\trend micro\internet security\tmpfw.exe
+ TmProxy Manages the Trend Micro Proxy. Trend Micro Inc. c:\program files\trend micro\internet security\tmproxy.exe
+ Transcode360 Provides transcoding and streaming services. c:\program files\transcode360\transco
+ TrkWks Maintains links between NTFS files within a computer or across computers in a network. Microsoft Corporation c:\windows\system32\trkwks
+ UxSms Provides Desktop Window Manager startup and maintenance services Microsoft Corporation c:\windows\system32\uxsms.
+ W32Time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\w32tim
+ WebClient Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\webcln
+ WerSvc Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed. Microsoft Corporation c:\windows\system32\wersvc
+ WinDefend Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions. Microsoft Corporation c:\program files\windows defender\mpsvc.dll
+ Winmgmt Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\wbem\w
+ Wlansvc This service enumerates WLAN adapters, manages WLAN connections and profiles. Microsoft Corporation c:\windows\system32\wlansv
+ WPDBusEnum Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. Microsoft Corporation c:\windows\system32\wpdbus
+ wscsvc Monitors system security settings and configurations. Microsoft Corporation c:\windows\system32\wscsvc
+ WSearch Provides content indexing and property caching for file, email and other content (via extensibility APIs). The service responds to file and email notifications to index modified content. If the service is stopped or disabled, the Explorer will not be able to display virtual folder views of items, and search in the Explorer will fall back to item-by-item slow search. Microsoft Corporation c:\windows\system32\search
+ wuauserv Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. Microsoft Corporation c:\windows\system32\wuauen
+ wudfsvc Manages user-mode driver host processes Microsoft Corporation c:\windows\system32\wudfsv
HKLM\System\CurrentControl
+ a91xa9o2 ATAPI IDE Miniport Driver Microsoft Corporation c:\windows\system32\driver
+ ACPI ACPI Driver for NT Microsoft Corporation c:\windows\system32\driver
+ ADIHdAudAddService High Definition Audio Function Driver Analog Devices, Inc. c:\windows\system32\driver
+ AFD Ancilliary Function Driver for Winsock Microsoft Corporation c:\windows\system32\driver
+ agp440 440 NT AGP Filter Microsoft Corporation c:\windows\system32\driver
+ amdagp AMD NT AGP Filter Microsoft Corporation c:\windows\system32\driver
+ AsyncMac RAS Asynchronous Media Driver Microsoft Corporation c:\windows\system32\driver
+ atapi ATAPI IDE Miniport Driver Microsoft Corporation c:\windows\system32\driver
+ atikmdag ATI Radeon Kernel Mode Driver ATI Technologies Inc. c:\windows\system32\driver
+ Beep BEEP Driver Microsoft Corporation c:\windows\system32\driver
+ bowser Implements the datagram receiver for the computer browser browser service. Microsoft Corporation c:\windows\system32\driver
+ BrFiltLo Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver Brother Industries, Ltd. c:\windows\system32\driver
+ BrFiltUp Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver Brother Industries, Ltd. c:\windows\system32\driver
+ BrUsbSer Brother USB Serial Driver Brother Industries Ltd. c:\windows\system32\driver
+ BUFADPT BUFFALO Wireless Network Adapter Manager BUFFALO INC. c:\windows\system32\bufadp
+ c2scsi Roxio virtual SCSI miniport Sonic Solutions c:\windows\system32\driver
+ catchme File not found: C:\ComboFix\catchme.sys
+ cdrom SCSI CD-ROM Driver Microsoft Corporation c:\windows\system32\driver
+ CLFS Common Log (CLFS) Microsoft Corporation c:\windows\system32\clfs.s
+ crcdisk Disk Block Verification Filter Driver Microsoft Corporation c:\windows\system32\driver
+ CSC Allows network files to be used while the local computer is offline. Microsoft Corporation c:\windows\system32\driver
+ DfsC Client driver for access to DFS Namespaces Microsoft Corporation c:\windows\system32\driver
+ disk PnP Disk Driver Microsoft Corporation c:\windows\system32\driver
+ drmkaud Microsoft Kernel DRM Audio Descrambler Filter Microsoft Corporation c:\windows\system32\driver
+ DXGKrnl Controls the underlying video driver stacks to provide fully-featured display capabilities. Microsoft Corporation c:\windows\system32\driver
+ E1G60 Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver Intel Corporation c:\windows\system32\driver
+ Ecache ReadyBoost Caching Driver Microsoft Corporation c:\windows\system32\driver
+ exfat exFAT File System Driver Microsoft Corporation c:\windows\system32\driver
+ fastfat Note - dependance on CDROM.SYS only if required to read/write DVD-RAM media (which appears as CD class device). (Core) (All pieces) Microsoft Corporation c:\windows\system32\driver
+ fdc Floppy Disk Controller Driver Microsoft Corporation c:\windows\system32\driver
+ FileInfo Collects information about files in memory to be consumed by other system services. Microsoft Corporation c:\windows\system32\driver
+ Filetrace ETW File Trace Filter Microsoft Corporation c:\windows\system32\driver
+ flpydisk Floppy Driver Microsoft Corporation c:\windows\system32\driver
+ FltMgr File System Filter Manager Driver Microsoft Corporation c:\windows\system32\driver
+ fvevol Bitlocker Drive Encryption Filter Driver Microsoft Corporation c:\windows\system32\driver
+ gagp30kx MS Generic AGPv3.0 Filter for K8/9 Processor Platforms Microsoft Corporation c:\windows\system32\driver
+ GEARAspiWDM CD DVD Filter GEAR Software Inc. c:\windows\system32\driver
+ HabuFltr Diamondback USB Optical Mouse Driver Razer (Asia-Pacific) Pte Ltd c:\windows\system32\driver
+ HdAudAddService High Definition Audio Function Driver Microsoft Corporation c:\windows\system32\driver
+ HDAudBus High Definition Audio Bus Driver Microsoft Corporation c:\windows\system32\driver
+ HidUsb USB Miniport Driver for Input Devices Microsoft Corporation c:\windows\system32\driver
+ HTTP This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\driver
+ i8042prt i8042 Port Driver Microsoft Corporation c:\windows\system32\driver
+ intelppm Processor Device Driver Microsoft Corporation c:\windows\system32\driver
+ IpFilterDriver IP Traffic Filter Driver Microsoft Corporation c:\windows\system32\driver
+ IpInIp IP in IP Tunnel Driver File not found: system32\DRIVERS\ipinip.sy
+ IPNAT IP Network Address Translator Microsoft Corporation c:\windows\system32\driver
+ IRENUM IR Bus Enumerator Microsoft Corporation c:\windows\system32\driver
+ iScsiPrt Microsoft iSCSI Initiator Driver Microsoft Corporation c:\windows\system32\driver
+ JGOGO SCSI Port upper filter driver JMicron c:\windows\system32\driver
+ JRAID JMicron JMB36X RAID Driver JMicron Technology Corp. c:\windows\system32\driver
+ kbdclass Keyboard Class Driver Microsoft Corporation c:\windows\system32\driver
+ kbdhid HID Keyboard Filter Driver Microsoft Corporation c:\windows\system32\driver
+ KSecDD Kernel Security Support Provider Interface Microsoft Corporation c:\windows\system32\driver
+ lltdio Link-Layer Topology Mapper I/O Driver Microsoft Corporation c:\windows\system32\driver
+ luafv Virtualizes file write failures to per-user locations. Microsoft Corporation c:\windows\system32\driver
+ lvpopflt Logitech AudioProcessing Filter Driver Logitech Inc. c:\windows\system32\driver
+ LVPr2Mon Logitech ProcMon Driver Logicool Co., Ltd c:\windows\system32\driver
+ LVRS Logitech Kernel Audio Improvement Filter Driver Logitech Inc. c:\windows\system32\driver
+ LVUSBSta USB Statistic Driver Logitech Inc. c:\windows\system32\driver
+ LVUVC Logitech USB Video Class Driver Logitech Inc. c:\windows\system32\driver
+ Modem Modem Device Driver Microsoft Corporation c:\windows\system32\driver
+ monitor Monitor Driver Microsoft Corporation c:\windows\system32\driver
+ mouclass Mouse Class Driver Microsoft Corporation c:\windows\system32\driver
+ mouhid HID Mouse Filter Driver Microsoft Corporation c:\windows\system32\driver
+ MountMgr Driver responsible with maintaining persistent drive letters and names for volumes Microsoft Corporation c:\windows\system32\driver
+ mpsdrv Windows Firewall Authorization Driver is a kernel mode driver that provides deep inspection services on inbound and outbound network traffic. Microsoft Corporation c:\windows\system32\driver
+ MRxDAV WebDav Client Redirector Driver Microsoft Corporation c:\windows\system32\driver
+ mrxsmb Implements the framework for the SMB filesystem redirector Microsoft Corporation c:\windows\system32\driver
+ mrxsmb10 Implements the SMB 1.x (CIFS) protocol. This protocol provides connectivity to network resources on pre-Windows Vista servers Microsoft Corporation c:\windows\system32\driver
+ mrxsmb20 Implements the SMB 2.0 protocol, which provides connectivity to network resources on Windows Vista and later servers Microsoft Corporation c:\windows\system32\driver
+ Msfs Mailslot driver Microsoft Corporation c:\windows\system32\driver
+ msisadrv ISA Driver Microsoft Corporation c:\windows\system32\driver
+ MSKSSRV MS KS Server Microsoft Corporation c:\windows\system32\driver
+ MSPCLOCK MS Proxy Clock Microsoft Corporation c:\windows\system32\driver
+ MSPQM MS Proxy Quality Manager Microsoft Corporation c:\windows\system32\driver
+ MsRPC Kernel Remote Procedure Call Provider Microsoft Corporation c:\windows\system32\driver
+ mssmbios System Management BIOS Driver Microsoft Corporation c:\windows\system32\driver
+ MSTEE WDM Tee/Communication Transform Filter Microsoft Corporation c:\windows\system32\driver
+ MTsensor ATK0110 ACPI Utility c:\windows\system32\driver
+ Mup Multiple UNC Provider Microsoft Corporation c:\windows\system32\driver
+ NativeWifiP NativeWiFi Miniport Driver Microsoft Corporation c:\windows\system32\driver
+ NDIS NDIS System Driver Microsoft Corporation c:\windows\system32\driver
+ NdisTapi Remote Access NDIS TAPI Driver Microsoft Corporation c:\windows\system32\driver
+ Ndisuio NDIS User mode I/O driver Microsoft Corporation c:\windows\system32\driver
+ NdisWan Remote Access NDIS WAN Driver Microsoft Corporation c:\windows\system32\driver
+ NDProxy NDIS Proxy Microsoft Corporation c:\windows\system32\driver
+ NetBIOS NetBIOS Interface Microsoft Corporation c:\windows\system32\driver
+ netbt This service implements NetBios over TCP/IP. Microsoft Corporation c:\windows\system32\driver
+ nmwcd Nokia USB Phone Bus Driver Nokia c:\windows\system32\driver
+ nmwcdc Nokia USB Phone Bus Driver Nokia c:\windows\system32\driver
+ Npfs NPFS Driver Microsoft Corporation c:\windows\system32\driver
+ nsiproxy NSI proxy service Microsoft Corporation c:\windows\system32\driver
+ Ntfs NT File System Driver Microsoft Corporation c:\windows\system32\driver
+ Null NULL Driver Microsoft Corporation c:\windows\system32\driver
+ nv_agp NForce NT AGP Filter Microsoft Corporation c:\windows\system32\driver
+ NwlnkFlt IPX Traffic Filter Driver File not found: system32\DRIVERS\nwlnkflt.
+ NwlnkFwd IPX Traffic Forwarder Driver File not found: system32\DRIVERS\nwlnkfwd.
+ OemBiosDevice Release Build v1.00 PARADOX c:\windows\system32\driver
+ ohci1394 1394 OpenHCI Port Driver Microsoft Corporation c:\windows\system32\driver
+ partmgr Disk class filter driver that auctions out partitions to volume managers Microsoft Corporation c:\windows\system32\driver
+ Parvdm VDM Parallel Driver Microsoft Corporation c:\windows\system32\driver
+ pccsmcfd PCCS Mode Change Filter Driver Nokia c:\windows\system32\driver
+ pci NT Plug and Play PCI Enumerator Microsoft Corporation c:\windows\system32\driver
+ pciide Generic PCI IDE Bus Driver Microsoft Corporation c:\windows\system32\driver
+ pcouffin low level access layer for CD/DVD/BD devices VSO Software c:\windows\system32\driver
+ PEAUTH Protected Environment Authentication and Authorization Export Driver Microsoft Corporation c:\windows\system32\driver
+ PptpMiniport WAN Miniport (PPTP) Microsoft Corporation c:\windows\system32\driver
+ PSched QoS Packet Scheduler Microsoft Corporation c:\windows\system32\driver
+ Pxrmcet MCETunes mini-filter driver Proxure, Inc. c:\windows\system32\driver
+ QWAVEdrv Quality Windows Audio/Video Experience component driver Microsoft Corporation c:\windows\system32\driver
+ R300 ATI Radeon Kernel Mode Driver ATI Technologies Inc. c:\windows\system32\driver
+ RasAcd Remote Access Auto Connection Driver Microsoft Corporation c:\windows\system32\driver
+ Rasl2tp WAN Miniport (L2TP) Microsoft Corporation c:\windows\system32\driver
+ RasPppoe Remote Access PPPOE Driver Microsoft Corporation c:\windows\system32\driver
+ RasSstp WAN Miniport (SSTP) Microsoft Corporation c:\windows\system32\driver
+ rdbss Provides the framework for network mini-redirectors Microsoft Corporation c:\windows\system32\driver
+ RDPCDD RDPDD Chained DD Microsoft Corporation c:\windows\system32\driver
+ rdpdr Microsoft RDP Device redirector Microsoft Corporation c:\windows\system32\driver
+ RDPENCDD RDP Encoder Mirror Driver Microsoft Corporation c:\windows\system32\driver
+ RDPWD RDP Terminal Stack Driver Microsoft Corporation c:\windows\system32\driver
+ rspndr Link-Layer Topology Responder Driver for NDIS 6 Microsoft Corporation c:\windows\system32\driver
+ RTL8187 Realtek RTL8187 NDIS Driver Realtek Semiconductor Corporation c:\windows\system32\driver
+ RtlProt Realtke RtlProt WLAN Utility Protocol Driver File not found: system32\DRIVERS\rtlprot.s
+ secdrv Macrovision SECURITY Driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\driver
+ Serenum Serial Port Enumerator Microsoft Corporation c:\windows\system32\driver
+ Serial Serial Device Driver Microsoft Corporation c:\windows\system32\driver
+ sffp_mmc Small Form Factor MMC Protocol Driver Microsoft Corporation c:\windows\system32\driver
+ sffp_sd Small Form Factor SD Protocol Driver Microsoft Corporation c:\windows\system32\driver
+ sisagp SIS NT AGP Filter Microsoft Corporation c:\windows\system32\driver
+ SjyPkt File not found: C:\Windows\System32\Driver
+ Smb Microsoft NetbiosSmb Device Driver Microsoft Corporation c:\windows\system32\driver
+ spldr loader for security processor Microsoft Corporation c:\windows\system32\driver
+ sptd c:\windows\system32\driver
+ srv Server driver Microsoft Corporation c:\windows\system32\driver
+ srv2 Default SDDL for Windows Resource Protected file Microsoft Corporation c:\windows\system32\driver
+ srvnet Server Network driver Microsoft Corporation c:\windows\system32\driver
+ STHDA NDRC IDT, Inc. c:\windows\system32\driver
+ swenum Plug and Play Software Device Enumerator Microsoft Corporation c:\windows\system32\driver
+ Tcpip TCP/IP Protocol Driver Microsoft Corporation c:\windows\system32\driver
+ Tcpip6 Microsoft IPv6 Protocol Driver Microsoft Corporation c:\windows\system32\driver
+ tcpipreg Provides compatibility for legacy applications which interact with TCP/IP through the registry. If this service is stopped, certain applications may have impaired functionality. Microsoft Corporation c:\windows\system32\driver
+ TDPIPE Named Pipe Transport Driver Microsoft Corporation c:\windows\system32\driver
+ TDTCP TCP Transport Driver Microsoft Corporation c:\windows\system32\driver
+ tdx NetIO Legacy TDI Support Driver Microsoft Corporation c:\windows\system32\driver
+ TermDD Terminal Server Driver Microsoft Corporation c:\windows\system32\driver
+ tmactmon Trend Micro Activity Monitor Driver Trend Micro Inc. c:\windows\system32\driver
+ tmcomm Trend Micro Common Engine Driver Trend Micro Inc. c:\windows\system32\driver
+ tmevtmgr Trend Micro Event Manager Driver Trend Micro Inc. c:\windows\system32\driver
+ tmlwf Trend Micro NDIS 6.0 Filter Driver Trend Micro Inc. c:\windows\system32\driver
+ tmpreflt Trend Filter Driver Trend Micro Inc. c:\windows\system32\driver
+ tmtdi Trend Micro TDI Driver (i386-fre) Trend Micro Inc. c:\windows\system32\driver
+ tmwfp Trend Micro WFP Callout Driver Trend Micro Inc. c:\windows\system32\driver
+ tmxpflt Trend Functionality Driver Trend Micro Inc. c:\windows\system32\driver
+ tssecsrv Terminal Services Security Filter Driver Microsoft Corporation c:\windows\system32\driver
+ tunmp Microsoft Tunnel Interface Driver Microsoft Corporation c:\windows\system32\driver
+ tunnel Microsoft Tunnel Interface Driver Microsoft Corporation c:\windows\system32\driver
+ uagp35 MS AGPv3.5 Filter Microsoft Corporation c:\windows\system32\driver
+ uliagpkx ULi AGPv3.0 Filter for K8/9 Processor Platforms Microsoft Corporation c:\windows\system32\driver
+ umbus User-Mode Bus Enumerator Microsoft Corporation c:\windows\system32\driver
+ UMPass Generic pass-through driver Microsoft Corporation c:\windows\system32\driver
+ upperdev Filter Driver for the Toaster Stack Windows (R) Codename Longhorn DDK provider c:\windows\system32\driver
+ USBAAPL File not found: System32\Drivers\usbaapl.s
+ usbaudio USB Audio Class Driver Microsoft Corporation c:\windows\system32\driver
+ usbccgp USB Common Class Generic Parent Driver Microsoft Corporation c:\windows\system32\driver
+ usbehci EHCI eUSB Miniport Driver Microsoft Corporation c:\windows\system32\driver
+ usbhub Default Hub Driver for USB Microsoft Corporation c:\windows\system32\driver
+ usbprint USB Printer driver Microsoft Corporation c:\windows\system32\driver
+ usbscan USB Scanner Driver Microsoft Corporation c:\windows\system32\driver
+ usbser USB Modem Driver Microsoft Corporation c:\windows\system32\driver
+ UsbserFilt Filter Driver for the Toaster Stack Windows (R) Codename Longhorn DDK provider c:\windows\system32\driver
+ USBSTOR USB Mass Storage Class Driver Microsoft Corporation c:\windows\system32\driver
+ usbuhci UHCI USB Miniport Driver Microsoft Corporation c:\windows\system32\driver
+ usbvideo USB Video Class Driver Microsoft Corporation c:\windows\system32\driver
+ vga VGA/Super VGA Video Driver Microsoft Corporation c:\windows\system32\driver
+ VgaSave VGA/Super VGA Video Driver Microsoft Corporation c:\windows\system32\driver
+ viaagp VIA NT AGP Filter Microsoft Corporation c:\windows\system32\driver
+ volmgr Volume Manager Driver Microsoft Corporation c:\windows\system32\driver
+ volmgrx Extension of the volume manager driver that manages software RAID volumes (spanned, striped, mirrored, RAID-5) on dynamic disks Microsoft Corporation c:\windows\system32\driver
+ volsnap Volume Shadow Copy Driver Microsoft Corporation c:\windows\system32\driver
+ vsapint Trend Virus ScanEngine Trend Micro Inc. c:\windows\system32\driver
+ Wanarp Remote Access IP ARP Driver Microsoft Corporation c:\windows\system32\driver
+ Wanarpv6 Remote Access IPv6 ARP Driver Microsoft Corporation c:\windows\system32\driver
+ Wdf01000 WDF Dynamic Microsoft Corporation c:\windows\system32\driver
+ WpdUsb WPD USB Driver Microsoft Corporation c:\windows\system32\driver
+ WUDFRd Windows Driver Foundation - User-mode Driver Framework Reflector Microsoft Corporation c:\windows\system32\driver
+ yukonwlh Miniport Driver for Marvell Yukon Ethernet Controller. Marvell c:\windows\system32\driver
HKLM\System\CurrentControl
+ autocheck autochk * Auto Check Utility Microsoft Corporation c:\windows\system32\autoch
+ autocheck lsdelete File not found: lsdelete
HKLM\System\CurrentControl
+ advapi32 Advanced Windows 32 Base API Microsoft Corporation c:\windows\system32\advapi
+ clbcatq COM+ Configuration Catalog Microsoft Corporation c:\windows\system32\clbcat
+ COMDLG32 Common Dialogs DLL Microsoft Corporation c:\windows\system32\comdlg
+ gdi32 GDI Client DLL Microsoft Corporation c:\windows\system32\gdi32.
+ IERTUTIL Run time utility for Internet Explorer Microsoft Corporation c:\windows\system32\iertut
+ IMAGEHLP Windows NT Image Helper Microsoft Corporation c:\windows\system32\imageh
+ IMM32 Multi-User Windows IMM32 API Client DLL Microsoft Corporation c:\windows\system32\imm32.
+ kernel32 Windows NT BASE API Client DLL Microsoft Corporation c:\windows\system32\kernel
+ LPK Language Pack Microsoft Corporation c:\windows\system32\lpk.dl
+ MSCTF MSCTF Server DLL Microsoft Corporation c:\windows\system32\msctf.
+ MSVCRT Windows NT CRT DLL Microsoft Corporation c:\windows\system32\msvcrt
+ NORMALIZ Unicode Normalization DLL Microsoft Corporation c:\windows\system32\normal
+ NSI NSI User-mode interface DLL Microsoft Corporation c:\windows\system32\nsi.dl
+ ole32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\ole32.
+ OLEAUT32 Microsoft Corporation c:\windows\system32\oleaut
+ rpcrt4 Remote Procedure Call Runtime Microsoft Corporation c:\windows\system32\rpcrt4
+ Setupapi Windows Setup API Microsoft Corporation c:\windows\system32\setupa
+ SHELL32 Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell3
+ SHLWAPI Shell Light-weight Utility Library Microsoft Corporation c:\windows\system32\shlwap
+ URLMON OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon
+ user32 Multi-User Windows USER API Client DLL Microsoft Corporation c:\windows\system32\user32
+ USP10 Uniscribe Unicode script processor Microsoft Corporation c:\windows\system32\usp10.
+ WININET Internet Extensions for Win32 Microsoft Corporation c:\windows\system32\winine
+ WLDAP32 Win32 LDAP API DLL Microsoft Corporation c:\windows\system32\wldap3
+ WS2_32 Windows Socket 2.0 32-Bit DLL Microsoft Corporation c:\windows\system32\ws2_32
HKCU\Control Panel\Desktop\Scrnsave.exe
+ C:\Windows\system32\PhotoS
HKLM\System\CurrentControl
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{1E7
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{1E7
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{2A9
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{2A9
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4F6
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4F6
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{61D
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{61D
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DAD
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DAD
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{61D0
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{61D0
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{DAD8
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{DAD8
+ MSAFD Tcpip [RAW/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc
+ MSAFD Tcpip [RAW/IPv6] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc
+ MSAFD Tcpip [TCP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc
+ MSAFD Tcpip [TCP/IPv6] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc
+ MSAFD Tcpip [UDP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc
+ MSAFD Tcpip [UDP/IPv6] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc
+ RSVP TCP Service Provider Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc
+ RSVP TCPv6 Service Provider Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc
+ RSVP UDP Service Provider Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc
+ RSVP UDPv6 Service Provider Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc
HKLM\System\CurrentControl
+ E-mail Naming Shim Provider E-mail Naming Shim Provider Microsoft Corporation c:\windows\system32\napins
+ mdnsNSP Bonjour Namespace Provider Apple Inc. c:\program files\bonjour\mdnsnsp.dll
+ Network Location Awareness Legacy (NLAv1) Namespace Network Location Awareness 2 Microsoft Corporation c:\windows\system32\nlaapi
+ NTDS LDAP RnR Provider DLL Microsoft Corporation c:\windows\system32\winrnr
+ PNRP Cloud Namespace Provider PNRP Name Space Provider Microsoft Corporation c:\windows\system32\pnrpns
+ PNRP Name Namespace Provider PNRP Name Space Provider Microsoft Corporation c:\windows\system32\pnrpns
+ Tcpip Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsoc
HKLM\SYSTEM\CurrentControl
+ EPSON PX-A650 2KMonitor5J EPSON Bi-directional Monitor SEIKO EPSON CORPORATION c:\windows\system32\e_flma
+ EPSON PX-A650 32MonitorBJ EPSON Bi-directional Monitor x86 SEIKO EPSON CORPORATION c:\windows\system32\e_flba
+ LIDIL hpzlllhn LanguageMonitor Hewlett-Packard Company c:\windows\system32\hpzlll
+ Local Port Local Spooler DLL Microsoft Corporation c:\windows\system32\locals
+ Microsoft Shared Fax Monitor Microsoft Fax Print Monitor Microsoft Corporation c:\windows\system32\fxsmon
+ PJL Language Monitor PJL Language monitor Microsoft Corporation c:\windows\system32\pjlmon
+ Standard TCP/IP Port Standard TCP/IP Port Monitor DLL Microsoft Corporation c:\windows\system32\tcpmon
+ USB Monitor Standard Dynamic Printing Port Monitor DLL Microsoft Corporation c:\windows\system32\usbmon
+ WSD Port WSD Printer Port Monitor Microsoft Corporation c:\windows\system32\wsdmon
HKLM\SYSTEM\CurrentControl
+ credssp.dll TS Single Sign On Security Package Microsoft Corporation c:\windows\system32\credss
HKLM\SYSTEM\CurrentControl
+ C:\Windows\system32\gebyAq
+ msv1_0 Microsoft Authentication Package v1.0 Microsoft Corporation c:\windows\system32\msv1_0
HKLM\SYSTEM\CurrentControl
+ scecli Windows Security Configuration Editor Client Engine Microsoft Corporation c:\windows\system32\scecli
HKLM\SYSTEM\CurrentControl
+ kerberos Kerberos Security Package Microsoft Corporation c:\windows\system32\kerber
+ msv1_0 Microsoft Authentication Package v1.0 Microsoft Corporation c:\windows\system32\msv1_0
+ schannel TLS / SSL Security Provider Microsoft Corporation c:\windows\system32\schann
+ tspkg Web Service Security Package Microsoft Corporation c:\windows\system32\tspkg.
+ wdigest Microsoft Digest Access Microsoft Corporation c:\windows\system32\wdiges
HKLM\SOFTWARE\Microsoft\Wi
+ GenericProvider Windows Authentication UI Microsoft Corporation c:\windows\system32\authui
+ NPProvider Windows Authentication UI Microsoft Corporation c:\windows\system32\authui
+ PasswordProvider Windows Authentication UI Microsoft Corporation c:\windows\system32\authui
+ Smartcard Credential Provider Windows Smartcard Credential Provider Microsoft Corporation c:\windows\system32\smartc
+ Smartcard Pin Provider Windows Smartcard Credential Provider Microsoft Corporation c:\windows\system32\smartc
HKLM\SOFTWARE\Microsoft\Wi
+ GenericFilter Windows Authentication UI Microsoft Corporation c:\windows\system32\authui
+ RemoteLogonFilter Windows Authentication UI Microsoft Corporation c:\windows\system32\authui
HKLM\SOFTWARE\Microsoft\Wi
+ CRasProvider RAS PLAP Credential Provider Microsoft Corporation c:\windows\system32\raspla
HKLM\SYSTEM\CurrentControl
+ LanmanWorkstation Microsoft Windows Network Microsoft Corporation c:\windows\system32\ntlanm
+ RDPNP Microsoft Terminal Services Microsoft Corporation c:\windows\system32\drprov
+ webclient Web Client Network Microsoft Corporation c:\windows\system32\davcln
C:\Users\Vista\AppData\Loc
+ C:\Program Files\Windows Sidebar\Gadgets\NeroDiscCo
+ All CPU Meter The All Cpu Meter will show you all core cpu usage and temperatures. It also displayes all core usage history. AddGadget.com C:\Users\Vista\AppData\Loc
+ Calendar Browse the days of the calendar. Microsoft Corporation C:\Program Files\Windows Sidebar\Gadgets\Calendar.G
+ Clock Watch the clock in your own time zone or any city in the world. Microsoft Corporation C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadg
+ Currency Convert from one currency to another. Microsoft Corporation C:\Program Files\Windows Sidebar\Gadgets\Currency.G
+ Notes Capture ideas, notes, and reminders in a quick and easy way. Microsoft Corporation C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadg
+ Stocks Monitor your favorite stocks. Microsoft Corporation C:\Program Files\Windows Sidebar\Gadgets\Stocks.Gad
+ Weather See what the weather looks like around the world. Microsoft Corporation C:\Program Files\Windows Sidebar\Gadgets\Weather.Ga
+ Weather See what the weather looks like around the world. Microsoft Corporation C:\Program Files\Windows Sidebar\Gadgets\Weather.Ga
+ Weather See what the weather looks like around the world. Microsoft Corporation C:\Program Files\Windows Sidebar\Gadgets\Weather.Ga
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
From your Autoruns log, I would be concerned about the following:
HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \Run
--> + GroupManager c:\windows\msiupdate.exe
--> + MSServer c:\windows\system32\ssqrlf us.dll
--> + svchosts c:\windows\system32\svchos ts.exe
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \Explorer\ ShellExecu teHooks
--> + ssqrlfus.dll c:\windows\system32\ssqrlf us.dll
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \Explorer\ Browser Helper Objects
--> + {5BE92300-3F82-4DE0-8813-8 6017B4228C 6} c:\windows\system32\gebyaq pm.dll
HKLM\SYSTEM\CurrentControl Set\Contro l\Lsa\Auth entication Packages
+ C:\Windows\system32\gebyAq pm c:\windows\system32\gebyaq pm.dll
HKLM\SOFTWARE\Microsoft\Wi
--> + GroupManager c:\windows\msiupdate.exe
--> + MSServer c:\windows\system32\ssqrlf
--> + svchosts c:\windows\system32\svchos
HKLM\Software\Microsoft\Wi
--> + ssqrlfus.dll c:\windows\system32\ssqrlf
HKLM\Software\Microsoft\Wi
--> + {5BE92300-3F82-4DE0-8813-8
HKLM\SYSTEM\CurrentControl
+ C:\Windows\system32\gebyAq
ASKER
I need to do all of the above in safe mode?
ASKER
O2 - BHO: (no name) - {5BE92300-3F82-4DE0-8813-8 6017B4228C 6} - C:\Windows\system32\gebyAq pm.dll
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ssqRLF us.dll,#1
still remain after running fix this...not in safe mode though.
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ssqRLF
still remain after running fix this...not in safe mode though.
Instead of deleting them manually, just run combofix and show us the logfile to make sure all bad files had been deleted.
ASKER
in safe mode or not? With networking or without?
ASKER
malwarebytes full scan or quick one?
It's Vista so combofix might not run well on normal mode, try it anyway, then if it doesn't finished the run then run it in safe mode.
Just plain safe mode (no networking), as long as you don't install RC and it's the latest version of combofix.
Just plain safe mode (no networking), as long as you don't install RC and it's the latest version of combofix.
>>>malwarebytes full scan or quick one?<<<
Okay you can try Malwarebyes full scan, then if it doesn't remove all the bad files, try combofix next.
Please show us the log.
Okay you can try Malwarebyes full scan, then if it doesn't remove all the bad files, try combofix next.
Please show us the log.
ASKER
I ran combofix, but it killed the internet connection on my desktop. I am connected with my wife's laptop, How to get my desktop internet connection back?
ASKER
have a log file on there, but obviously cannot upload it till I get connection back
ASKER
I seem to have had this issue before as well. I think someone told me to go into computer...manage, device manager and then uninstall the network adaptor. Is that right? waiting for guidance...
>>> How to get my desktop internet connection back?<<<
Just reboot.
Can you also attach the combofix log.
Just reboot.
Can you also attach the combofix log.
ASKER
I already rebooted, no internet. diconnected both the DSL modem and the wireless router. Get internet on the wireless but not on the desktop...cannot upload log file until I get desktop back online
ASKER
rebooted a 3rd time, still no internet on desktop
ASKER
I get a message that pops up just before my log on screen to Vista that says something like ISLED program not found skipping autocheck.
It supposed to restore it.
Disabling/re-enabling the network connection also restores it. Try it.
Going to Control Panel > Network Connections. Right click on Network icon in the notification area in the lower right corner of Desktop & select "Repair".
Disabling/re-enabling the network connection also restores it. Try it.
Going to Control Panel > Network Connections. Right click on Network icon in the notification area in the lower right corner of Desktop & select "Repair".
ASKER
no repair did not work. Tried that. says windows detected a problem that cannot be repaired automatically. tried disabling network and reenabling. NOt working
Check this guide for restoring connection after running combofix.
Manually restoring the Internet connection,scroll right down the page.
http://www.bleepingcompute r.com/comb ofix/how-t o-use-comb ofix#resto re
also try this,
In the Start > Run >
cmd
run the command --> netsh winsock reset
Manually restoring the Internet connection,scroll right down the page.
http://www.bleepingcompute
also try this,
In the Start > Run >
cmd
run the command --> netsh winsock reset
I'm sorry i have to go, I'll check back in few hours.
ASKER
not working, tried repairing network connection no good
tried
run the command --> netsh winsock reset
didn't work
tried
run the command --> netsh winsock reset
didn't work
ASKER
ok got it to work, had to alter my ip configuration. Ok here are the logsssssssssss.
Malwarebytes' Anti-Malware 1.33
Database version: 1682
Windows 6.0.6001 Service Pack 1
1/23/2009 11:11:50 PM
mbam-log-2009-01-23 (23-11-30).txt
Scan type: Quick Scan
Objects scanned: 55284
Time elapsed: 5 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Windows\System32\pnVes06 (Trojan.Agent) -> No action taken.
Files Infected:
C:\Windows\System32\ssqRLFus.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> No action taken.
C:\Windows\System32\eFwVOeFv.dll (Trojan.vundo) -> No action taken.
ComboFix 09-01-21.04 - Vista 2009-01-23 21:55:17.3 - NTFSx86
Microsoft® Windows Vista" Ultimate 6.0.6001.1.1252.1.1033.18.3326.1644 [GMT 9:00]
Running from: c:\users\Vista\Desktop\ComboFix.exe
AV: Trend Micro Internet Security Pro *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Vista\AppData\Roaming\inst.exe
c:\windows\system32\gebyAqpm.dll
c:\windows\System32\mpqAybeg.ini
c:\windows\System32\mpqAybeg.ini2
c:\windows\System32\MUFNmnpo.ini
c:\windows\System32\MUFNmnpo.ini2
c:\windows\system32\opnmNFUM.dll
c:\windows\system32\svchosts.exe
c:\windows\system32\uuddc32.dll
.
((((((((((((((((((((((((( Files Created from 2008-12-23 to 2009-01-23 )))))))))))))))))))))))))))))))
.
2009-01-23 21:38 . 2009-01-23 21:38 <DIR> d-------- c:\users\Vista\AppData\Roaming\Malwarebytes
2009-01-23 21:37 . 2009-01-23 21:37 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-23 21:37 . 2009-01-23 21:37 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-23 21:37 . 2009-01-23 21:37 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-23 21:37 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-23 21:37 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-23 20:25 . 2009-01-23 21:58 37,376 --a------ c:\windows\System32\ssqRLFus.dll
2009-01-23 15:09 . 2009-01-23 20:21 <DIR> d--h-c--- c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-23 15:09 . 2009-01-23 20:21 <DIR> d--h-c--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-23 15:07 . 2009-01-23 15:07 5,928 --a------ c:\windows\System32\eFwVOeFv.dll
2009-01-22 20:04 . 2006-11-02 19:23 <DIR> dr------- c:\users\Mcx1\Videos
2009-01-22 20:04 . 2006-11-02 19:23 <DIR> d-------- c:\users\Mcx1\Saved Games
2009-01-22 20:04 . 2006-11-02 19:23 <DIR> dr------- c:\users\Mcx1\Pictures
2009-01-22 20:04 . 2006-11-02 19:23 <DIR> dr------- c:\users\Mcx1\Music
2009-01-22 20:04 . 2006-11-02 19:23 <DIR> dr------- c:\users\Mcx1\Links
2009-01-22 20:04 . 2006-11-02 19:23 <DIR> dr------- c:\users\Mcx1\Downloads
2009-01-22 20:04 . 2009-01-22 20:04 <DIR> dr------- c:\users\Mcx1\Documents
2009-01-22 20:04 . 2009-01-22 20:05 <DIR> d--h----- c:\users\Mcx1\AppData
2009-01-22 20:04 . 2009-01-22 20:04 <DIR> d-------- c:\users\Mcx1
2009-01-20 21:51 . 2009-01-22 20:07 <DIR> d-------- c:\users\All Users\LightScribe
2009-01-20 21:51 . 2009-01-22 20:07 <DIR> d-------- c:\programdata\LightScribe
2009-01-20 21:23 . 2009-01-20 21:23 4,767 --a------ c:\windows\Irremote.ini
2009-01-20 20:53 . 2009-01-20 20:53 <DIR> d-------- c:\program files\Common Files\LightScribe
2009-01-20 20:24 . 2008-02-28 14:26 1,414,440 --a------ c:\windows\System32\ShellManager310E2D762.dll
2009-01-20 20:24 . 2008-02-28 14:01 774,144 --a------ c:\windows\System32\NEROINSTAEC43759.DB
2009-01-20 16:34 . 2009-01-20 16:34 <DIR> d-------- c:\users\All Users\EPSON
2009-01-20 16:34 . 2009-01-20 16:34 <DIR> d-------- c:\programdata\EPSON
2009-01-20 16:33 . 2007-12-07 02:08 86,528 --a------ c:\windows\System32\E_FLBADJ.DLL
2009-01-20 16:33 . 2007-12-07 02:01 78,848 --a------ c:\windows\System32\E_FD4BADJ.DLL
2009-01-20 16:33 . 2004-09-10 20:12 49,152 --a------ c:\windows\System32\E_DCINST.DLL
2009-01-15 10:01 . 2008-12-16 11:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-15 08:08 . 2009-01-21 10:09 22,528 --a------ c:\windows\msiUpdate.exe
2009-01-12 19:50 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\System32\wvc1dmod.dll
2009-01-12 19:50 . 2006-05-11 19:21 626,688 --a------ c:\windows\System32\vp7vfw.dll
2009-01-12 19:50 . 2002-12-10 02:20 102,439 --a------ c:\windows\System32\sipr3260.dll
2009-01-10 13:54 . 2008-12-08 03:08 795,648 --a------ c:\windows\System32\xvidcore.dll
2009-01-10 13:54 . 2008-12-08 03:08 130,048 --a------ c:\windows\System32\xvidvfw.dll
2009-01-06 22:45 . 2009-01-06 22:45 <DIR> d-------- c:\program files\Earth
2009-01-03 19:08 . 2009-01-10 13:54 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-01-02 21:12 . 2009-01-02 21:12 <DIR> d-------- c:\users\All Users\FLEXnet
2009-01-02 21:12 . 2009-01-02 21:12 <DIR> d-------- c:\programdata\FLEXnet
2009-01-02 20:59 . 2009-01-03 06:42 <DIR> d-------- c:\users\All Users\Adobe
2009-01-01 09:51 . 2009-01-01 09:51 81,920 --a------ c:\users\Vista\AppData\Roaming\ezpinst.exe
2008-12-31 16:38 . 2008-12-31 16:38 <DIR> d-------- c:\program files\Domain Software
2008-12-29 20:18 . 2008-12-29 20:18 <DIR> d-------- c:\program files\Common Files\Logicool
2008-12-29 20:10 . 2009-01-20 15:48 <DIR> d-------- c:\windows\System32\Service
2008-12-29 17:02 . 2009-01-01 10:13 <DIR> d-------- c:\users\All Users\DVD Shrink
2008-12-29 17:02 . 2009-01-01 10:13 <DIR> d-------- c:\programdata\DVD Shrink
2008-12-29 17:02 . 2008-12-29 17:02 <DIR> d-------- c:\program files\DVD Shrink
2008-12-29 16:56 . 2008-12-29 16:56 <DIR> d-------- c:\program files\DVD Decrypter
2008-12-25 21:13 . 2008-12-25 21:36 <DIR> d-------- C:\OutputFolder
2008-12-25 21:12 . 2008-12-25 21:13 <DIR> d-------- c:\program files\Allok Video Joiner
2008-12-25 21:12 . 2007-04-12 14:19 129,024 --a------ c:\windows\System32\AVERM.dll
2008-12-25 21:12 . 2006-09-26 13:57 28,672 --a------ c:\windows\System32\AVEQT.dll
2008-12-25 21:05 . 2008-12-25 21:05 <DIR> d-------- C:\VideoOutput
2008-12-25 16:16 . 2008-12-25 16:16 <DIR> d-------- c:\users\Vista\AppData\Roaming\DAEMON Tools Pro
2008-12-25 16:16 . 2008-12-25 16:16 <DIR> d-------- c:\users\Vista\AppData\Roaming\DAEMON Tools Lite
2008-12-25 16:16 . 2008-12-25 16:16 <DIR> d-------- c:\users\All Users\DAEMON Tools Lite
2008-12-25 16:16 . 2008-12-25 16:16 <DIR> d-------- c:\programdata\DAEMON Tools Lite
2008-12-25 16:16 . 2008-12-25 16:16 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-12-23 09:05 . 2008-11-27 10:39 1,195,384 --a------ c:\windows\System32\drivers\vsapint.sys
2008-12-23 09:05 . 2008-12-23 09:05 256,528 --a------ c:\windows\System32\drivers\tmwfp.sys
2008-12-23 09:05 . 2008-11-27 10:42 205,328 --a------ c:\windows\System32\drivers\tmxpflt.sys
2008-12-23 09:05 . 2008-12-23 09:05 145,424 --a------ c:\windows\System32\drivers\tmlwf.sys
2008-12-23 09:05 . 2008-12-23 09:05 144,912 --a------ c:\windows\System32\drivers\tmcomm.sys
2008-12-23 09:05 . 2008-12-23 09:05 80,400 --a------ c:\windows\System32\drivers\tmtdi.sys
2008-12-23 09:05 . 2008-12-23 09:05 50,192 --a------ c:\windows\System32\drivers\tmactmon.sys
2008-12-23 09:05 . 2008-12-23 09:05 49,680 --a------ c:\windows\System32\drivers\tmevtmgr.sys
2008-12-23 09:05 . 2008-11-27 10:42 36,368 --a------ c:\windows\System32\drivers\tmpreflt.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 13:05 --------- d-----w c:\program files\Steam
2009-01-23 13:03 32,725 ----a-w c:\windows\system32\drivers\stwrte.log
2009-01-23 13:03 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-01-23 13:03 --------- d-----w c:\program files\Transcode360
2009-01-23 12:30 --------- d-----w c:\users\Vista\AppData\Roaming\uTorrent
2009-01-23 12:06 --------- d-----w c:\users\Vista\AppData\Roaming\Skype
2009-01-23 11:20 --------- d-----w c:\programdata\Lavasoft
2009-01-23 09:16 --------- d-----w c:\users\Vista\AppData\Roaming\skypePM
2009-01-22 21:54 --------- d-----w c:\programdata\Google Updater
2009-01-21 13:08 --------- d-----w c:\program files\CCleaner
2009-01-20 12:51 --------- d-----w c:\users\Vista\AppData\Roaming\Nero
2009-01-20 12:49 --------- d-----w c:\program files\Nero
2009-01-20 12:34 --------- d-----w c:\program files\Common Files\Nero
2009-01-20 12:13 --------- d-----w c:\programdata\Nero
2009-01-20 07:18 --------- d-----w c:\program files\Common Files\Steam
2009-01-18 23:22 --------- d-----w c:\users\Vista\AppData\Roaming\.purple
2009-01-15 04:19 --------- d-----w c:\program files\Windows Mail
2009-01-15 04:18 --------- d-----w c:\programdata\Microsoft Help
2009-01-12 11:27 --------- d-----w c:\users\Vista\AppData\Roaming\Vso
2009-01-12 10:50 --------- d-----w c:\program files\VSO
2009-01-12 10:49 47,360 ----a-w c:\users\Vista\AppData\Roaming\pcouffin.sys
2009-01-11 20:37 --------- d-----w c:\users\Vista\AppData\Roaming\LimeWire
2009-01-11 20:37 --------- d-----w c:\program files\NCH Swift Sound
2009-01-11 20:36 --------- d-----w c:\users\Vista\AppData\Roaming\NCH Swift Sound
2009-01-08 04:29 977 ----a-w c:\program files\Txt2Vobsub_Settings.ini
2009-01-02 21:31 --------- d-----w c:\program files\Common Files\Adobe
2008-12-31 12:21 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-29 23:51 --------- d-----w c:\program files\Dreamweaver
2008-12-29 04:29 --------- d-----w c:\users\Vista\AppData\Roaming\dvdcss
2008-12-25 09:45 --------- d-----w c:\program files\AviSynth 2.5
2008-12-25 07:16 --------- d-----w c:\users\Vista\AppData\Roaming\DAEMON Tools
2008-12-23 00:13 --------- d-----w c:\program files\Trend Micro
2008-12-23 00:09 --------- d-----w c:\programdata\Trend Micro
2008-12-22 11:09 --------- d-----w c:\users\Vista\AppData\Roaming\Nokia
2008-12-21 21:53 --------- d-----w c:\programdata\Installations
2008-12-21 21:53 --------- d-----w c:\program files\Nokia
2008-12-21 21:53 --------- d-----w c:\program files\Common Files\PCSuite
2008-12-21 21:53 --------- d-----w c:\program files\Common Files\Nokia
2008-12-21 21:51 --------- d-----w c:\program files\PC Connectivity Solution
2008-12-12 10:53 --------- d-----w c:\users\Vista\AppData\Roaming\Media Player Classic
2008-12-08 23:26 --------- d-----w c:\program files\Java
2008-12-05 06:57 --------- d-----w c:\program files\Adobe Photoshop
2008-12-03 13:06 --------- d-----w c:\program files\Pidgin
2008-12-03 13:06 --------- d-----w c:\program files\Common Files\GTK
2008-11-24 09:14 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 09:14 --------- d-----w c:\program files\iTunes
2008-11-24 09:14 --------- d-----w c:\program files\iPod
2008-11-24 09:14 --------- d-----w c:\program files\Common Files\Apple
2008-11-24 09:12 --------- d-----w c:\program files\QuickTime
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-18 08:18 722,176 ----a-w c:\users\Vista\gotomypc_428.exe
2008-09-12 12:42 1,347,072 ----a-w c:\program files\Txt2VobSub.exe
2008-09-05 21:18 1,715 ----a-w c:\program files\sg_backup_2008-09-06-0618.spg
2008-09-04 02:32 1,715 ----a-w c:\program files\sg_backup_2008-09-04-1132.spg
2008-08-29 21:17 1,715 ----a-w c:\program files\sg_backup_2008-08-30-0617.spg
2008-08-15 13:32 1,715 ----a-w c:\program files\sg_backup_2008-08-15-2232.spg
2008-05-25 07:30 32 ----a-w c:\users\All Users\ezsid.dat
2008-05-25 07:30 32 ----a-w c:\programdata\ezsid.dat
2008-03-21 23:51 174 --sha-w c:\program files\desktop.ini
2008-03-02 00:11 1,721 ----a-w c:\program files\FirstBackup.spg
2008-02-04 01:54 398,488 ----a-w c:\program files\switchsetup.exe
2007-12-16 22:15 610,304 ----a-w c:\program files\TCPOptimizer.exe
2007-05-13 16:01 1,413,120 ----a-w c:\program files\winsockfix(2).exe
2008-05-25 09:36 8 --sh--r c:\windows\System32\DA135328D0.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-12-23 497008]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-09 185896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SoundTray"="c:\program files\Analog Devices\SoundMAX\SoundTray.exe" [2007-08-02 53248]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-28 1282048]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 563984]
"LogitechQuickCamRibbon"="c:\program files\Logicool\Qcam\Qcam.exe" [2008-08-14 2406160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-12-23 970808]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MCE Tunes Extender Support"="c:\program files\Proxure\MCE Tunes Pro\LaunchExtenderSupport.exe" [2007-11-13 45056]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-12-23 497008]
c:\users\Vista\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-02-09 3683824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.divxa32"= divxa32.acm
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]autocheck lsdelete
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
--a------ 2007-10-30 19:52 16200 c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-10 18:02 216520 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-08 18:44 1410296 c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-761222596-1403191366-214991424-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B216B66B-F51B-4A56-A2C3-194FE8716820}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9ECDCC38-E417-42C6-97F5-D4CB99693FBE}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7FA9F5AF-D342-4E46-BB4D-CEF9BA29C22E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{0F926F84-A939-421A-A299-447EF9DB7D23}"= UDP:49152:Utorrent
"{1AAA4DEB-FEB8-46E8-B312-7984278715BD}"= TCP:49152:utorrent
"{78C23670-3BE8-4BE4-B576-A8F75DEB03C1}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{3C001CA9-DB67-478F-A752-071BBBBC4653}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{E7C87C99-D816-45D6-A3B9-042BB05C3061}c:\\program files\\foldershare\\foldershare.exe"= UDP:c:\program files\foldershare\foldershare.exe:FolderShare
"UDP Query User{F539C203-274F-4AC1-B335-02A7856CA65E}c:\\program files\\foldershare\\foldershare.exe"= TCP:c:\program files\foldershare\foldershare.exe:FolderShare
"TCP Query User{1EF3BB52-2D61-4FA8-B42A-E89030731630}c:\\program files\\steam\\steamapps\\samhfoley\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\samhfoley\counter-strike source\hl2.exe:hl2
"UDP Query User{525969F4-44D2-4ADA-8310-10632A70A62C}c:\\program files\\steam\\steamapps\\samhfoley\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\samhfoley\counter-strike source\hl2.exe:hl2
"TCP Query User{485C5A82-F77B-461C-8B8B-D7AB824120B9}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{ABECFF1F-7928-42A7-A8C2-18B03ACA77D6}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{B461BBFE-C7B2-47D8-AEA4-C166D7BB7C45}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{EBDA8E9D-66B1-4450-AE59-19CFB1633F31}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{22D0546B-CB65-49F2-A06B-356F633E9404}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{9D2DE96E-ED25-4337-80D6-8C2BCCEACDE8}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{151DF907-0AB4-41FA-8DBF-9041C1BF2554}"= UDP:f:\program files\Utorrent\utorrent.exe:µTorrent
"{D3D42A59-441F-47D3-9E7B-CD8EAFF30CE1}"= TCP:f:\program files\Utorrent\utorrent.exe:µTorrent
"{F4BD9734-77F1-48F9-9A0E-06D2211A7C76}"= UDP:g:\utorrent\utorrent.exe:µTorrent
"{888CAFB0-28E7-47D7-B1F0-12A9F5A778FA}"= TCP:g:\utorrent\utorrent.exe:µTorrent
"{BEF08F72-8A84-47FF-914A-775E0E89ACDF}"= UDP:f:\utorrent\utorrent.exe:µTorrent
"{BBA1D60C-384E-48E8-9138-548F7678ACFE}"= TCP:f:\utorrent\utorrent.exe:µTorrent
"{D502EB84-B106-463E-B0B8-6F3C9E94C4EA}"= UDP:c:\program files\Steam\Steam.exe:Steam
"{A8405F21-25E0-49D8-B9B1-4C8CA5BF075E}"= TCP:c:\program files\Steam\Steam.exe:Steam
"TCP Query User{607C305E-524F-43BA-A7D6-8BB7D89E5E5B}c:\\users\\vista\\appdata\\local\\foldershare\\foldershare.exe"= UDP:c:\users\vista\appdata\local\foldershare\foldershare.exe:foldershare.exe
"UDP Query User{4A8AFC4D-D30E-4010-9FAA-3649A9F4869A}c:\\users\\vista\\appdata\\local\\foldershare\\foldershare.exe"= TCP:c:\users\vista\appdata\local\foldershare\foldershare.exe:foldershare.exe
"TCP Query User{88FC65F3-4094-4007-9387-1C7D5D5B28DE}c:\\program files\\media control\\remotecontrolhook.exe"= UDP:c:\program files\media control\remotecontrolhook.exe:
"UDP Query User{603D6C04-188F-42D8-8962-12037EB15FFE}c:\\program files\\media control\\remotecontrolhook.exe"= TCP:c:\program files\media control\remotecontrolhook.exe:
"TCP Query User{88C2CD8B-A1C1-446B-BBFD-60CA56DCA558}c:\\windows\\ehome\\ehexthost.exe"= UDP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"UDP Query User{0A86D967-006B-40C8-AB0C-A5069889D60A}c:\\windows\\ehome\\ehexthost.exe"= TCP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"{276E4ECA-B4A2-4B58-881A-619CB1CFFD97}"= UDP:c:\users\Vista\AppData\Roaming\uTorrent\wget.exe:wget
"{329ECABE-B5EE-480F-988C-9E62602E27A3}"= TCP:c:\users\Vista\AppData\Roaming\uTorrent\wget.exe:wget
"TCP Query User{F800C4E4-A6A6-4053-8E5C-684FBC9BA9C7}c:\\program files\\mozilla firefox 3 beta 4\\firefox.exe"= UDP:c:\program files\mozilla firefox 3 beta 4\firefox.exe:Firefox
"UDP Query User{9E87F8AF-8CD1-48AB-A058-C48595E6FBD9}c:\\program files\\mozilla firefox 3 beta 4\\firefox.exe"= TCP:c:\program files\mozilla firefox 3 beta 4\firefox.exe:Firefox
"{A1021C89-3608-4860-9A3E-90CC01938D30}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{234A8D2D-8936-4488-8E9F-F4905651EE80}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{C9BAD34B-F985-44B3-94D3-989F38B556F2}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{5E1CD267-5F28-4A60-AA85-040F84E527FE}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{6F9B8D66-86AC-4CF1-88FD-4E39D5877920}c:\\windows\\ehome\\ehexthost.exe"= UDP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"UDP Query User{FFD47436-C599-45C2-B387-798802ACF0FA}c:\\windows\\ehome\\ehexthost.exe"= TCP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"TCP Query User{8DC3A4E8-2C39-4601-999E-339EBFA335F9}c:\\program files\\media control\\remotecontrolhook.exe"= UDP:c:\program files\media control\remotecontrolhook.exe:
"UDP Query User{8112E52F-3978-4B17-BA2C-9DEC61B53729}c:\\program files\\media control\\remotecontrolhook.exe"= TCP:c:\program files\media control\remotecontrolhook.exe:
"{0BA494E6-3CD2-4BA0-A1D4-6A67DA384E3D}"= UDP:f:\utorrent\utorrent.exe:µTorrent
"{0B48C81D-E2F7-4C2C-88B7-7275466B9D97}"= TCP:f:\utorrent\utorrent.exe:µTorrent
"TCP Query User{8A2EC43E-ABB4-4599-92F7-27A1138F88A8}c:\\program files\\lightningware\\vme 1.2\\vme manager.exe"= UDP:c:\program files\lightningware\vme 1.2\vme manager.exe:VME Manager
"UDP Query User{8676ACC1-9EEB-4794-B875-78E5256952D6}c:\\program files\\lightningware\\vme 1.2\\vme manager.exe"= TCP:c:\program files\lightningware\vme 1.2\vme manager.exe:VME Manager
"{AEC46CE6-8055-4D29-86B5-471655056878}"= UDP:c:\program files\Sling Media\SlingPlayer\SlingPlayer.exe:Launch SlingPlayer
"{F5CC849A-F237-4CC9-894E-910C5AB4FB1A}"= TCP:c:\program files\Sling Media\SlingPlayer\SlingPlayer.exe:Launch SlingPlayer
"{3FACC12B-40A0-42FD-92CE-19090CD8EBF7}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{D3171D72-599E-4FC3-AEEE-6061398684BC}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{CB20A671-5F69-4304-A7A2-11EED617AD6F}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{6FD7C3E5-0F89-4633-A3D1-58B290D66C72}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{2BC55FC6-8B53-41BE-B0B5-4E9A7DDCB2F2}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{21FB5244-2FEE-428E-AD9A-729E20E48119}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{7865576A-85F4-41B0-9F82-660C36F0E2C7}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{321909A0-D8AD-4F43-8617-71A675CF3C30}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{C69A8D74-337A-4DF8-91D3-E75B4E6A4E7E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{936D87C5-64EE-4E6B-AC54-E69021701E47}"= UDP:f:\utorrent\utorrent.exe:µTorrent (TCP-In)
"{E49224BE-F975-4897-8CFF-C2D501B8D65B}"= TCP:f:\utorrent\utorrent.exe:µTorrent (UDP-In)
"{03E32A78-916E-48C1-AA9B-2A9D6BC860FF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{34D8A968-C6F2-48B4-AF1D-297BA2BBFF4F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CFA8FB4C-D5D2-4072-9B9F-DA8A611DBD1C}"= UDP:c:\program files\Transcode360\Transcode360.exe:Transcode 360
"{869A7164-F357-41E3-B8A7-831042B38F89}"= TCP:c:\program files\Transcode360\Transcode360.exe:Transcode 360
"{11AEFD2D-8731-411D-A546-F42B7ACA051D}"= TCP:1041:Transcode 360
"{E95BAD62-41FB-4203-B962-23F1A4DB4762}"= TCP:10244:Transcode 360
"TCP Query User{5CB84706-3111-429E-A496-51C79B1DB27D}c:\\program files\\steam\\steamapps\\samhfoley\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\samhfoley\counter-strike source\hl2.exe:hl2
"UDP Query User{AF2C2758-8EEC-450B-B4F1-A2076E6663DC}c:\\program files\\steam\\steamapps\\samhfoley\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\samhfoley\counter-strike source\hl2.exe:hl2
"{0660ECFF-1142-494B-B0EB-CC627DC2EF45}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo
"{1BBA5738-BDE2-496D-A743-C46C568E8EAB}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo
"{9C32DD41-0808-42EE-BE8F-34CA81B38F4B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A2731A37-989E-4EEE-B937-E406EE24CF3A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{806BF5A3-4E34-4080-9604-BF4A1B6AD826}"= UDP:5353:Adobe CSI CS4
"{2D71730A-3EB4-44B1-965C-B03F14C806D9}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{50EA2307-718C-4D53-8B12-C8F35C742B93}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 c2scsi;c2scsi;c:\windows\System32\drivers\C2SCSI.SYS [2007-08-18 252152]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\System32\drivers\tmlwf.sys [2008-12-23 145424]
R3 HabuFltr;Habu Mouse;c:\windows\System32\drivers\habu.sys [2006-10-23 27776]
R3 Pxrmcet;Pxrmcet;c:\windows\System32\drivers\Pxrmcet.sys [2007-11-13 15104]
R4 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R4 SlingAgentService;SlingAgent Service;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [2008-12-10 88576]
R4 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [2008-12-23 36368]
R4 tmwfp;Trend Micro WFP Callout Driver;c:\windows\System32\drivers\tmwfp.sys [2008-12-23 256528]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [2008-02-08 240128]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [2009-01-23 38496]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187.sys [2008-06-27 335872]
S4 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?]
S4 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [2008-12-23 181584]
S4 SessionLauncher;SessionLauncher;c:\users\Vista\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\users\Vista\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S4 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [2008-12-23 49680]
S4 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2008-12-23 492888]
S4 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2008-12-23 677128]
--- Other Services/Drivers In Memory ---
*Deregistered* - sptd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93a25499-8d22-11dd-b5c8-001e8c8ec339}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\pagefiles.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93a254a1-8d22-11dd-b5c8-001e8c8ec339}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93a254aa-8d22-11dd-b5c8-001e8c8ec339}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3ca94cb-fe90-11d5-850d-806e6f6e6963}]
\shell\AutoRun\command - d:\.\Bin\Assetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3520B2D6-3492-EEFD-AE4A-78731E2FE27C}]
c:\windows\system32\svchosts.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder
2009-01-23 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
2009-01-23 c:\windows\Tasks\RtlVistaStart.job
- c:\program files\ASUS WiFi-AP Solo\RtWLan.exe []
2009-01-23 c:\windows\Tasks\User_Feed_Synchronization-{7F9F310D-0426-4678-97CC-49EB98D954A0}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 16:33]
.
- - - - ORPHANS REMOVED - - - -
BHO-{5BE92300-3F82-4DE0-8813-86017B4228C6} - c:\windows\system32\gebyAqpm.dll
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe
MSConfigStartUp-DMXLauncher - c:\program files\Roxio\CinePlayer\DMXLauncher.exe
MSConfigStartUp-FolderShare - c:\program files\FolderShare\FolderShare.exe
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
MSConfigStartUp-Windows Live FolderShare - c:\users\Vista\AppData\Local\FolderShare\FolderShare.exe
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {DAD81DFC-DF6E-4F0A-AA36-B4178E96B9E0} = 192.168.3.1
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
FF - ProfilePath - c:\users\Vista\AppData\Roaming\Mozilla\Firefox\Profiles\[u]0[/u]x3drx7z.New Age 1-2009\
FF - prefs.js: browser.search.selectedEngine - Mininova
FF - prefs.js: browser.startup.homepage - hxxp://www.espn.com
FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFTMUFEHelper.dll
FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFToolbarComm.dll
FF - component: c:\users\Vista\AppData\Roaming\Mozilla\Firefox\Profiles\[u]0[/u]x3drx7z.New Age 1-2009\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 22:05:44
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\iPod Access for Windows\iPAHelper.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\No-IP\DUC20.exe
c:\windows\System32\PSIService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
c:\program files\Transcode360\Transcode360.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\windows\System32\conime.exe
c:\program files\Proxure\MCE Tunes Pro\MCETunesExtenderSupport.exe
c:\program files\Proxure\MCE Tunes Pro\ProxureQTHost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
c:\program files\Trend Micro\TrendSecure\TSCFCommander.exe
c:\program files\Trend Micro\TrendSecure\TSCFCmdrLauncher.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-01-23 22:12:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-23 13:12:25
Pre-Run: 61,692,874,752 bytes free
Post-Run: 66,965,561,344 bytes free
426 --- E O F --- 2009-01-15 04:19:09
You did very well fixing the connection problem, excellent.
Looks like you didn't let MalwareBytes take action or deleted those 3 vundo files found, you need to let it delete them.
Did you run Combofix 3 times?
After that problem, I'm not sure if you like to run combofix again, but if you're game to run it again, then use this script.
1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:
-------------------------- ---------- ---------- ---------- ---------- ------
File::
c:\windows\System32\ssqRLF us.dll
c:\windows\System32\eFwVOe Fv.dll
FileLook::
c:\windows\msiUpdate.exe
DirLook::
c:\users\All Users\{83C91755-2546-441D- AC40-9A6B4 B860800}
c:\programdata\{83C91755-2 546-441D-A C40-9A6B4B 860800}
c:\windows\System32\Servic e
Registry::
[-HKEY_LOCAL_MACHINE\softw are\micros oft\active setup\installed components\{3520B2D6-3492- EEFD-AE4A- 78731E2FE2 7C}]
-------------------------- ---------- ---------- ---------- ---------- ------
3. Save the above as CFScript.txt on your desktop.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.
Or scan with MalwareBytes again and let it removed all threats found, or you can also delete them manually.
c:\windows\System32\ssqRLFus.dll
c:\windows\System32\eFwVOeFv.dll
and this reg entry below is bad, it's pointing to a bad file.
HKEY_LOCAL_MACHINE\softwar e\microsof t\active setup\installed components\{3520B2D6-3492- EEFD-AE4A- 78731E2FE2 7C}]
G:\pagefiles.exe <-- did you created this file in one of your USB/external drive?
In explorer, please check the properties of these files and folders and see what their info say. You can also submit the files for online check at http://virusscan.jotti.org/
c:\windows\msiUpdate.exe
c:\windows\System32\DA1353 28D0.sys
c:\windows\System32\driver s\Pxrmcet. sys
c:\users\All Users\{83C91755-2546-441D- AC40-9A6B4 B860800}
c:\programdata\{83C91755-2 546-441D-A C40-9A6B4B 860800}
Looks like you didn't let MalwareBytes take action or deleted those 3 vundo files found, you need to let it delete them.
Did you run Combofix 3 times?
After that problem, I'm not sure if you like to run combofix again, but if you're game to run it again, then use this script.
1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:
--------------------------
File::
c:\windows\System32\ssqRLF
c:\windows\System32\eFwVOe
FileLook::
c:\windows\msiUpdate.exe
DirLook::
c:\users\All Users\{83C91755-2546-441D-
c:\programdata\{83C91755-2
c:\windows\System32\Servic
Registry::
[-HKEY_LOCAL_MACHINE\softw
--------------------------
3. Save the above as CFScript.txt on your desktop.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.
Or scan with MalwareBytes again and let it removed all threats found, or you can also delete them manually.
c:\windows\System32\ssqRLFus.dll
c:\windows\System32\eFwVOeFv.dll
and this reg entry below is bad, it's pointing to a bad file.
HKEY_LOCAL_MACHINE\softwar
G:\pagefiles.exe <-- did you created this file in one of your USB/external drive?
In explorer, please check the properties of these files and folders and see what their info say. You can also submit the files for online check at http://virusscan.jotti.org/
c:\windows\msiUpdate.exe
c:\windows\System32\DA1353
c:\windows\System32\driver
c:\users\All Users\{83C91755-2546-441D-
c:\programdata\{83C91755-2
ASKER
Deleted this key
HKEY_LOCAL_MACHINE\softwar
No problems found
c:\windows\msiUpdate.exe
c:\windows\System32\driver
Could not find these files
c:\windows\System32\DA1353
c:\users\All Users\{83C91755-2546-441D-
c:\programdata\{83C91755-2
c:\windows\System32\ssqRLF
c:\windows\System32\eFwVOe
nothing in G drive. Says please insert disc into drive.
G:\pagefiles.exe <-- did you created this file in one of your USB/external drive?
How do I get rid of that message saying "1sdelete program not found skipping autocheck" that appears just before my Vista log in screen?
running combofix again. I'll update the logs when it's done
ASKER
combofix.txt This time it didn't restart my PC and no internet trouble. Much better
ComboFix 09-01-21.04 - Vista 2009-01-24 13:18:08.4 - NTFSx86
Microsoft® Windows Vista" Ultimate 6.0.6001.1.1252.1.1033.18.3326.2052 [GMT 9:00]
Running from: c:\users\Vista\Desktop\ComboFix.exe
Command switches used :: c:\users\Vista\Desktop\CFScript.txt
AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated)
* Created a new restore point
FILE ::
c:\windows\System32\eFwVOeFv.dll
c:\windows\System32\ssqRLFus.dll
.
((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))
.
2009-01-23 21:38 . 2009-01-23 21:38 <DIR> d-------- c:\users\Vista\AppData\Roaming\Malwarebytes
2009-01-23 21:37 . 2009-01-23 21:37 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-23 21:37 . 2009-01-23 21:37 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-23 21:37 . 2009-01-23 21:37 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-23 21:37 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-23 21:37 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-22 20:04 . 2006-11-02 19:23 <DIR> dr------- c:\users\Mcx1\Videos
2009-01-22 20:04 . 2006-11-02 19:23 <DIR> d-------- c:\users\Mcx1\Saved Games
2009-01-22 20:04 . 2006-11-02 19:23 <DIR> dr------- c:\users\Mcx1\Pictures
2009-01-22 20:04 . 2006-11-02 19:23 <DIR> dr------- c:\users\Mcx1\Music
2009-01-22 20:04 . 2006-11-02 19:23 <DIR> dr------- c:\users\Mcx1\Links
2009-01-22 20:04 . 2006-11-02 19:23 <DIR> dr------- c:\users\Mcx1\Downloads
2009-01-22 20:04 . 2009-01-22 20:04 <DIR> dr------- c:\users\Mcx1\Documents
2009-01-22 20:04 . 2009-01-22 20:05 <DIR> d--h----- c:\users\Mcx1\AppData
2009-01-22 20:04 . 2009-01-22 20:04 <DIR> d-------- c:\users\Mcx1
2009-01-20 21:51 . 2009-01-22 20:07 <DIR> d-------- c:\users\All Users\LightScribe
2009-01-20 21:51 . 2009-01-22 20:07 <DIR> d-------- c:\programdata\LightScribe
2009-01-20 21:23 . 2009-01-20 21:23 4,767 --a------ c:\windows\Irremote.ini
2009-01-20 20:53 . 2009-01-20 20:53 <DIR> d-------- c:\program files\Common Files\LightScribe
2009-01-20 20:24 . 2008-02-28 14:26 1,414,440 --a------ c:\windows\System32\ShellManager310E2D762.dll
2009-01-20 20:24 . 2008-02-28 14:01 774,144 --a------ c:\windows\System32\NEROINSTAEC43759.DB
2009-01-20 16:34 . 2009-01-20 16:34 <DIR> d-------- c:\users\All Users\EPSON
2009-01-20 16:34 . 2009-01-20 16:34 <DIR> d-------- c:\programdata\EPSON
2009-01-20 16:33 . 2007-12-07 02:08 86,528 --a------ c:\windows\System32\E_FLBADJ.DLL
2009-01-20 16:33 . 2007-12-07 02:01 78,848 --a------ c:\windows\System32\E_FD4BADJ.DLL
2009-01-20 16:33 . 2004-09-10 20:12 49,152 --a------ c:\windows\System32\E_DCINST.DLL
2009-01-15 10:01 . 2008-12-16 11:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-15 08:08 . 2009-01-21 10:09 22,528 --a------ c:\windows\msiUpdate.exe
2009-01-12 19:50 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\System32\wvc1dmod.dll
2009-01-12 19:50 . 2006-05-11 19:21 626,688 --a------ c:\windows\System32\vp7vfw.dll
2009-01-12 19:50 . 2002-12-10 02:20 102,439 --a------ c:\windows\System32\sipr3260.dll
2009-01-10 13:54 . 2008-12-08 03:08 795,648 --a------ c:\windows\System32\xvidcore.dll
2009-01-10 13:54 . 2008-12-08 03:08 130,048 --a------ c:\windows\System32\xvidvfw.dll
2009-01-06 22:45 . 2009-01-06 22:45 <DIR> d-------- c:\program files\Earth
2009-01-03 19:08 . 2009-01-10 13:54 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-01-02 21:12 . 2009-01-02 21:12 <DIR> d-------- c:\users\All Users\FLEXnet
2009-01-02 21:12 . 2009-01-02 21:12 <DIR> d-------- c:\programdata\FLEXnet
2009-01-02 20:59 . 2009-01-03 06:42 <DIR> d-------- c:\users\All Users\Adobe
2009-01-01 09:51 . 2009-01-01 09:51 81,920 --a------ c:\users\Vista\AppData\Roaming\ezpinst.exe
2008-12-31 16:38 . 2008-12-31 16:38 <DIR> d-------- c:\program files\Domain Software
2008-12-29 20:18 . 2008-12-29 20:18 <DIR> d-------- c:\program files\Common Files\Logicool
2008-12-29 20:10 . 2009-01-23 22:16 <DIR> d-------- c:\windows\System32\Service
2008-12-29 17:02 . 2009-01-01 10:13 <DIR> d-------- c:\users\All Users\DVD Shrink
2008-12-29 17:02 . 2009-01-01 10:13 <DIR> d-------- c:\programdata\DVD Shrink
2008-12-29 17:02 . 2008-12-29 17:02 <DIR> d-------- c:\program files\DVD Shrink
2008-12-29 16:56 . 2008-12-29 16:56 <DIR> d-------- c:\program files\DVD Decrypter
2008-12-25 21:13 . 2008-12-25 21:36 <DIR> d-------- C:\OutputFolder
2008-12-25 21:12 . 2008-12-25 21:13 <DIR> d-------- c:\program files\Allok Video Joiner
2008-12-25 21:12 . 2007-04-12 14:19 129,024 --a------ c:\windows\System32\AVERM.dll
2008-12-25 21:12 . 2006-09-26 13:57 28,672 --a------ c:\windows\System32\AVEQT.dll
2008-12-25 21:05 . 2008-12-25 21:05 <DIR> d-------- C:\VideoOutput
2008-12-25 16:16 . 2008-12-25 16:16 <DIR> d-------- c:\users\Vista\AppData\Roaming\DAEMON Tools Pro
2008-12-25 16:16 . 2008-12-25 16:16 <DIR> d-------- c:\users\Vista\AppData\Roaming\DAEMON Tools Lite
2008-12-25 16:16 . 2008-12-25 16:16 <DIR> d-------- c:\users\All Users\DAEMON Tools Lite
2008-12-25 16:16 . 2008-12-25 16:16 <DIR> d-------- c:\programdata\DAEMON Tools Lite
2008-12-25 16:16 . 2008-12-25 16:16 <DIR> d-------- c:\program files\DAEMON Tools Lite
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 04:15 --------- d-----w c:\users\Vista\AppData\Roaming\Skype
2009-01-24 03:50 --------- d-----w c:\users\Vista\AppData\Roaming\skypePM
2009-01-23 23:43 --------- d-----w c:\program files\Transcode360
2009-01-23 23:43 --------- d-----w c:\program files\Steam
2009-01-23 23:42 34,408 ----a-w c:\windows\system32\drivers\stwrte.log
2009-01-23 23:42 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-01-23 23:41 --------- d-----w c:\users\Vista\AppData\Roaming\uTorrent
2009-01-23 22:54 --------- d-----w c:\programdata\Google Updater
2009-01-23 11:20 --------- d-----w c:\programdata\Lavasoft
2009-01-21 13:08 --------- d-----w c:\program files\CCleaner
2009-01-20 13:17 17,192,960 ----a-w c:\windows\System32\imageres.dll
2009-01-20 12:51 --------- d-----w c:\users\Vista\AppData\Roaming\Nero
2009-01-20 12:49 --------- d-----w c:\program files\Nero
2009-01-20 12:34 --------- d-----w c:\program files\Common Files\Nero
2009-01-20 12:13 --------- d-----w c:\programdata\Nero
2009-01-20 07:18 --------- d-----w c:\program files\Common Files\Steam
2009-01-18 23:22 --------- d-----w c:\users\Vista\AppData\Roaming\.purple
2009-01-15 04:19 --------- d-----w c:\program files\Windows Mail
2009-01-15 04:18 --------- d-----w c:\programdata\Microsoft Help
2009-01-12 11:27 --------- d-----w c:\users\Vista\AppData\Roaming\Vso
2009-01-12 10:50 --------- d-----w c:\program files\VSO
2009-01-12 10:49 47,360 ----a-w c:\users\Vista\AppData\Roaming\pcouffin.sys
2009-01-11 20:37 --------- d-----w c:\users\Vista\AppData\Roaming\LimeWire
2009-01-11 20:37 --------- d-----w c:\program files\NCH Swift Sound
2009-01-11 20:36 --------- d-----w c:\users\Vista\AppData\Roaming\NCH Swift Sound
2009-01-08 04:29 977 ----a-w c:\program files\Txt2Vobsub_Settings.ini
2009-01-02 21:31 --------- d-----w c:\program files\Common Files\Adobe
2009-01-02 06:06 3,192 ----a-w c:\windows\System32\KGyGaAvL.sys
2008-12-31 12:21 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-29 23:51 --------- d-----w c:\program files\Dreamweaver
2008-12-29 04:29 --------- d-----w c:\users\Vista\AppData\Roaming\dvdcss
2008-12-28 22:48 2,330,643 ----a-w c:\windows\System32\x264vfw.dll
2008-12-25 09:45 --------- d-----w c:\program files\AviSynth 2.5
2008-12-25 07:16 --------- d-----w c:\users\Vista\AppData\Roaming\DAEMON Tools
2008-12-23 00:13 --------- d-----w c:\program files\Trend Micro
2008-12-23 00:09 --------- d-----w c:\programdata\Trend Micro
2008-12-23 00:05 80,400 ----a-w c:\windows\system32\drivers\tmtdi.sys
2008-12-23 00:05 50,192 ----a-w c:\windows\system32\drivers\tmactmon.sys
2008-12-23 00:05 49,680 ----a-w c:\windows\system32\drivers\tmevtmgr.sys
2008-12-23 00:05 256,528 ----a-w c:\windows\system32\drivers\tmwfp.sys
2008-12-23 00:05 145,424 ----a-w c:\windows\system32\drivers\tmlwf.sys
2008-12-23 00:05 144,912 ----a-w c:\windows\system32\drivers\tmcomm.sys
2008-12-22 11:09 --------- d-----w c:\users\Vista\AppData\Roaming\Nokia
2008-12-21 21:53 --------- d-----w c:\programdata\Installations
2008-12-21 21:53 --------- d-----w c:\program files\Nokia
2008-12-21 21:53 --------- d-----w c:\program files\Common Files\PCSuite
2008-12-21 21:53 --------- d-----w c:\program files\Common Files\Nokia
2008-12-21 21:51 --------- d-----w c:\program files\PC Connectivity Solution
2008-12-12 10:53 --------- d-----w c:\users\Vista\AppData\Roaming\Media Player Classic
2008-12-08 23:26 --------- d-----w c:\program files\Java
2008-12-08 11:53 57,344 ----a-w c:\windows\System32\ff_vfw.dll
2008-12-05 06:57 --------- d-----w c:\program files\Adobe Photoshop
2008-12-03 13:06 --------- d-----w c:\program files\Pidgin
2008-12-03 13:06 --------- d-----w c:\program files\Common Files\GTK
2008-11-27 01:42 36,368 ----a-w c:\windows\system32\drivers\tmpreflt.sys
2008-11-27 01:42 205,328 ----a-w c:\windows\system32\drivers\tmxpflt.sys
2008-11-27 01:39 1,195,384 ----a-w c:\windows\system32\drivers\vsapint.sys
2008-11-24 09:14 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 09:14 --------- d-----w c:\program files\iTunes
2008-11-24 09:14 --------- d-----w c:\program files\iPod
2008-11-24 09:14 --------- d-----w c:\program files\Common Files\Apple
2008-11-24 09:12 --------- d-----w c:\program files\QuickTime
2008-11-19 12:39 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-11-09 20:43 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-28 22:35 684,032 ----a-w c:\windows\System32\divx.dll
2008-10-27 01:04 70,992 ----a-w c:\windows\System32\XAPOFX1_2.dll
2008-10-27 01:04 514,384 ----a-w c:\windows\System32\XAudio2_3.dll
2008-10-27 01:04 235,856 ----a-w c:\windows\System32\xactengine3_3.dll
2008-10-27 01:04 23,376 ----a-w c:\windows\System32\X3DAudio1_5.dll
2008-10-18 08:18 722,176 ----a-w c:\users\Vista\gotomypc_428.exe
2008-09-12 12:42 1,347,072 ----a-w c:\program files\Txt2VobSub.exe
2008-09-05 21:18 1,715 ----a-w c:\program files\sg_backup_2008-09-06-0618.spg
2008-09-04 02:32 1,715 ----a-w c:\program files\sg_backup_2008-09-04-1132.spg
2008-08-29 21:17 1,715 ----a-w c:\program files\sg_backup_2008-08-30-0617.spg
2008-08-15 13:32 1,715 ----a-w c:\program files\sg_backup_2008-08-15-2232.spg
2008-05-25 07:30 32 ----a-w c:\users\All Users\ezsid.dat
2008-05-25 07:30 32 ----a-w c:\programdata\ezsid.dat
2008-03-21 23:51 174 --sha-w c:\program files\desktop.ini
2008-03-02 00:11 1,721 ----a-w c:\program files\FirstBackup.spg
2008-02-04 01:54 398,488 ----a-w c:\program files\switchsetup.exe
2007-12-16 22:15 610,304 ----a-w c:\program files\TCPOptimizer.exe
2007-05-13 16:01 1,413,120 ----a-w c:\program files\winsockfix(2).exe
2008-05-25 09:36 8 --sh--r c:\windows\System32\DA135328D0.sys
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- c:\windows\msiUpdate.exe ----
Company:
File Description:
File Version: 1.0.0.5
Product Name:
Copyright: Copyright c 2008
Original file name: groupmanager.exe
MD5: 5a8afbb2e1816b29325dd2eb1b2ef9a1
---- Directory of c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800} ----
c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}\
---- Directory of c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800} ----
c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}\
---- Directory of c:\windows\System32\Service ----
2009-01-23 23:50 2784 --a------ c:\windows\System32\Service\23012009_TIS17_SfFniAU.log
2009-01-20 15:48 928 --a------ c:\windows\System32\Service\20012009_TIS17_SfFniAU.log
2008-12-29 20:10 928 --a------ c:\windows\System32\Service\29122008_TIS17_SfFniAU.log
((((((((((((((((((((((((((((( snapshot@2009-01-23_22.08.15.86 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-23 13:03:42 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-23 23:42:58 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-01-23 13:03:42 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-01-23 23:42:58 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-23 13:04:17 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-01-23 23:43:18 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-01-23 23:43:18 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-01-23 13:04:59 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-01-23 23:44:32 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-01-23 23:44:32 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-01-23 11:12:19 16,384 ------w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-24 04:14:39 16,384 ------w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-23 11:12:19 49,152 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-24 04:14:39 49,152 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-23 11:12:19 16,384 ------w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-24 04:14:39 16,384 ------w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-23 11:30:59 123,536 ----a-w c:\windows\System32\perfc009.dat
+ 2009-01-24 02:36:37 123,536 ----a-w c:\windows\System32\perfc009.dat
- 2009-01-23 11:30:59 123,536 ----a-w c:\windows\System32\perfc011.dat
+ 2009-01-24 02:36:37 123,536 ----a-w c:\windows\System32\perfc011.dat
- 2009-01-23 11:30:59 653,826 ----a-w c:\windows\System32\perfh009.dat
+ 2009-01-24 02:36:37 653,826 ----a-w c:\windows\System32\perfh009.dat
- 2009-01-23 11:30:59 435,912 ----a-w c:\windows\System32\perfh011.dat
+ 2009-01-24 02:36:37 435,912 ----a-w c:\windows\System32\perfh011.dat
- 2009-01-23 13:05:47 12,066 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761222596-1403191366-214991424-1000_UserData.bin
+ 2009-01-23 23:45:02 12,318 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761222596-1403191366-214991424-1000_UserData.bin
- 2009-01-23 13:05:47 93,194 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-23 23:45:02 93,714 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-23 11:26:35 61,816 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-23 23:45:00 62,104 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-25 23:25:24 109,080 ----a-w c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-12-23 497008]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-09 185896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SoundTray"="c:\program files\Analog Devices\SoundMAX\SoundTray.exe" [2007-08-02 53248]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-28 1282048]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 563984]
"LogitechQuickCamRibbon"="c:\program files\Logicool\Qcam\Qcam.exe" [2008-08-14 2406160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-12-23 970808]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MCE Tunes Extender Support"="c:\program files\Proxure\MCE Tunes Pro\LaunchExtenderSupport.exe" [2007-11-13 45056]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-12-23 497008]
c:\users\Vista\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-02-09 3683824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.divxa32"= divxa32.acm
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]autocheck lsdelete
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
--a------ 2007-10-30 19:52 16200 c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-10 18:02 216520 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-08 18:44 1410296 c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-761222596-1403191366-214991424-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B216B66B-F51B-4A56-A2C3-194FE8716820}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9ECDCC38-E417-42C6-97F5-D4CB99693FBE}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7FA9F5AF-D342-4E46-BB4D-CEF9BA29C22E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{0F926F84-A939-421A-A299-447EF9DB7D23}"= UDP:49152:Utorrent
"{1AAA4DEB-FEB8-46E8-B312-7984278715BD}"= TCP:49152:utorrent
"{78C23670-3BE8-4BE4-B576-A8F75DEB03C1}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{3C001CA9-DB67-478F-A752-071BBBBC4653}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{E7C87C99-D816-45D6-A3B9-042BB05C3061}c:\\program files\\foldershare\\foldershare.exe"= UDP:c:\program files\foldershare\foldershare.exe:FolderShare
"UDP Query User{F539C203-274F-4AC1-B335-02A7856CA65E}c:\\program files\\foldershare\\foldershare.exe"= TCP:c:\program files\foldershare\foldershare.exe:FolderShare
"TCP Query User{1EF3BB52-2D61-4FA8-B42A-E89030731630}c:\\program files\\steam\\steamapps\\samhfoley\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\samhfoley\counter-strike source\hl2.exe:hl2
"UDP Query User{525969F4-44D2-4ADA-8310-10632A70A62C}c:\\program files\\steam\\steamapps\\samhfoley\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\samhfoley\counter-strike source\hl2.exe:hl2
"TCP Query User{485C5A82-F77B-461C-8B8B-D7AB824120B9}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{ABECFF1F-7928-42A7-A8C2-18B03ACA77D6}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{B461BBFE-C7B2-47D8-AEA4-C166D7BB7C45}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{EBDA8E9D-66B1-4450-AE59-19CFB1633F31}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{22D0546B-CB65-49F2-A06B-356F633E9404}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{9D2DE96E-ED25-4337-80D6-8C2BCCEACDE8}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{151DF907-0AB4-41FA-8DBF-9041C1BF2554}"= UDP:f:\program files\Utorrent\utorrent.exe:µTorrent
"{D3D42A59-441F-47D3-9E7B-CD8EAFF30CE1}"= TCP:f:\program files\Utorrent\utorrent.exe:µTorrent
"{F4BD9734-77F1-48F9-9A0E-06D2211A7C76}"= UDP:g:\utorrent\utorrent.exe:µTorrent
"{888CAFB0-28E7-47D7-B1F0-12A9F5A778FA}"= TCP:g:\utorrent\utorrent.exe:µTorrent
"{BEF08F72-8A84-47FF-914A-775E0E89ACDF}"= UDP:f:\utorrent\utorrent.exe:µTorrent
"{BBA1D60C-384E-48E8-9138-548F7678ACFE}"= TCP:f:\utorrent\utorrent.exe:µTorrent
"{D502EB84-B106-463E-B0B8-6F3C9E94C4EA}"= UDP:c:\program files\Steam\Steam.exe:Steam
"{A8405F21-25E0-49D8-B9B1-4C8CA5BF075E}"= TCP:c:\program files\Steam\Steam.exe:Steam
"TCP Query User{607C305E-524F-43BA-A7D6-8BB7D89E5E5B}c:\\users\\vista\\appdata\\local\\foldershare\\foldershare.exe"= UDP:c:\users\vista\appdata\local\foldershare\foldershare.exe:foldershare.exe
"UDP Query User{4A8AFC4D-D30E-4010-9FAA-3649A9F4869A}c:\\users\\vista\\appdata\\local\\foldershare\\foldershare.exe"= TCP:c:\users\vista\appdata\local\foldershare\foldershare.exe:foldershare.exe
"TCP Query User{88FC65F3-4094-4007-9387-1C7D5D5B28DE}c:\\program files\\media control\\remotecontrolhook.exe"= UDP:c:\program files\media control\remotecontrolhook.exe:
"UDP Query User{603D6C04-188F-42D8-8962-12037EB15FFE}c:\\program files\\media control\\remotecontrolhook.exe"= TCP:c:\program files\media control\remotecontrolhook.exe:
"TCP Query User{88C2CD8B-A1C1-446B-BBFD-60CA56DCA558}c:\\windows\\ehome\\ehexthost.exe"= UDP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"UDP Query User{0A86D967-006B-40C8-AB0C-A5069889D60A}c:\\windows\\ehome\\ehexthost.exe"= TCP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"{276E4ECA-B4A2-4B58-881A-619CB1CFFD97}"= UDP:c:\users\Vista\AppData\Roaming\uTorrent\wget.exe:wget
"{329ECABE-B5EE-480F-988C-9E62602E27A3}"= TCP:c:\users\Vista\AppData\Roaming\uTorrent\wget.exe:wget
"TCP Query User{F800C4E4-A6A6-4053-8E5C-684FBC9BA9C7}c:\\program files\\mozilla firefox 3 beta 4\\firefox.exe"= UDP:c:\program files\mozilla firefox 3 beta 4\firefox.exe:Firefox
"UDP Query User{9E87F8AF-8CD1-48AB-A058-C48595E6FBD9}c:\\program files\\mozilla firefox 3 beta 4\\firefox.exe"= TCP:c:\program files\mozilla firefox 3 beta 4\firefox.exe:Firefox
"{A1021C89-3608-4860-9A3E-90CC01938D30}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{234A8D2D-8936-4488-8E9F-F4905651EE80}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{C9BAD34B-F985-44B3-94D3-989F38B556F2}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{5E1CD267-5F28-4A60-AA85-040F84E527FE}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{6F9B8D66-86AC-4CF1-88FD-4E39D5877920}c:\\windows\\ehome\\ehexthost.exe"= UDP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"UDP Query User{FFD47436-C599-45C2-B387-798802ACF0FA}c:\\windows\\ehome\\ehexthost.exe"= TCP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"TCP Query User{8DC3A4E8-2C39-4601-999E-339EBFA335F9}c:\\program files\\media control\\remotecontrolhook.exe"= UDP:c:\program files\media control\remotecontrolhook.exe:
"UDP Query User{8112E52F-3978-4B17-BA2C-9DEC61B53729}c:\\program files\\media control\\remotecontrolhook.exe"= TCP:c:\program files\media control\remotecontrolhook.exe:
"{0BA494E6-3CD2-4BA0-A1D4-6A67DA384E3D}"= UDP:f:\utorrent\utorrent.exe:µTorrent
"{0B48C81D-E2F7-4C2C-88B7-7275466B9D97}"= TCP:f:\utorrent\utorrent.exe:µTorrent
"TCP Query User{8A2EC43E-ABB4-4599-92F7-27A1138F88A8}c:\\program files\\lightningware\\vme 1.2\\vme manager.exe"= UDP:c:\program files\lightningware\vme 1.2\vme manager.exe:VME Manager
"UDP Query User{8676ACC1-9EEB-4794-B875-78E5256952D6}c:\\program files\\lightningware\\vme 1.2\\vme manager.exe"= TCP:c:\program files\lightningware\vme 1.2\vme manager.exe:VME Manager
"{AEC46CE6-8055-4D29-86B5-471655056878}"= UDP:c:\program files\Sling Media\SlingPlayer\SlingPlayer.exe:Launch SlingPlayer
"{F5CC849A-F237-4CC9-894E-910C5AB4FB1A}"= TCP:c:\program files\Sling Media\SlingPlayer\SlingPlayer.exe:Launch SlingPlayer
"{3FACC12B-40A0-42FD-92CE-19090CD8EBF7}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{D3171D72-599E-4FC3-AEEE-6061398684BC}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{CB20A671-5F69-4304-A7A2-11EED617AD6F}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{6FD7C3E5-0F89-4633-A3D1-58B290D66C72}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{2BC55FC6-8B53-41BE-B0B5-4E9A7DDCB2F2}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{21FB5244-2FEE-428E-AD9A-729E20E48119}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{7865576A-85F4-41B0-9F82-660C36F0E2C7}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{321909A0-D8AD-4F43-8617-71A675CF3C30}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{C69A8D74-337A-4DF8-91D3-E75B4E6A4E7E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{936D87C5-64EE-4E6B-AC54-E69021701E47}"= UDP:f:\utorrent\utorrent.exe:µTorrent (TCP-In)
"{E49224BE-F975-4897-8CFF-C2D501B8D65B}"= TCP:f:\utorrent\utorrent.exe:µTorrent (UDP-In)
"{03E32A78-916E-48C1-AA9B-2A9D6BC860FF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{34D8A968-C6F2-48B4-AF1D-297BA2BBFF4F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CFA8FB4C-D5D2-4072-9B9F-DA8A611DBD1C}"= UDP:c:\program files\Transcode360\Transcode360.exe:Transcode 360
"{869A7164-F357-41E3-B8A7-831042B38F89}"= TCP:c:\program files\Transcode360\Transcode360.exe:Transcode 360
"{11AEFD2D-8731-411D-A546-F42B7ACA051D}"= TCP:1041:Transcode 360
"{E95BAD62-41FB-4203-B962-23F1A4DB4762}"= TCP:10244:Transcode 360
"TCP Query User{5CB84706-3111-429E-A496-51C79B1DB27D}c:\\program files\\steam\\steamapps\\samhfoley\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\samhfoley\counter-strike source\hl2.exe:hl2
"UDP Query User{AF2C2758-8EEC-450B-B4F1-A2076E6663DC}c:\\program files\\steam\\steamapps\\samhfoley\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\samhfoley\counter-strike source\hl2.exe:hl2
"{0660ECFF-1142-494B-B0EB-CC627DC2EF45}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo
"{1BBA5738-BDE2-496D-A743-C46C568E8EAB}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo
"{9C32DD41-0808-42EE-BE8F-34CA81B38F4B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A2731A37-989E-4EEE-B937-E406EE24CF3A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{806BF5A3-4E34-4080-9604-BF4A1B6AD826}"= UDP:5353:Adobe CSI CS4
"{2D71730A-3EB4-44B1-965C-B03F14C806D9}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{50EA2307-718C-4D53-8B12-C8F35C742B93}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 c2scsi;c2scsi;c:\windows\System32\drivers\C2SCSI.SYS [2007-08-18 252152]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\System32\drivers\tmlwf.sys [2008-12-23 145424]
R3 HabuFltr;Habu Mouse;c:\windows\System32\drivers\habu.sys [2006-10-23 27776]
R3 Pxrmcet;Pxrmcet;c:\windows\System32\drivers\Pxrmcet.sys [2007-11-13 15104]
R4 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R4 SlingAgentService;SlingAgent Service;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [2008-12-10 88576]
R4 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [2008-12-23 36368]
R4 tmwfp;Trend Micro WFP Callout Driver;c:\windows\System32\drivers\tmwfp.sys [2008-12-23 256528]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [2008-02-08 240128]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187.sys [2008-06-27 335872]
S4 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?]
S4 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [2008-12-23 181584]
S4 SessionLauncher;SessionLauncher;c:\users\Vista\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\users\Vista\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S4 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [2008-12-23 49680]
S4 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2008-12-23 492888]
S4 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2008-12-23 677128]
--- Other Services/Drivers In Memory ---
*Deregistered* - sptd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93a25499-8d22-11dd-b5c8-001e8c8ec339}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\pagefiles.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93a254a1-8d22-11dd-b5c8-001e8c8ec339}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93a254aa-8d22-11dd-b5c8-001e8c8ec339}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3ca94cb-fe90-11d5-850d-806e6f6e6963}]
\shell\AutoRun\command - d:\.\Bin\Assetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder
2009-01-23 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
2009-01-23 c:\windows\Tasks\RtlVistaStart.job
- c:\program files\ASUS WiFi-AP Solo\RtWLan.exe []
2009-01-24 c:\windows\Tasks\User_Feed_Synchronization-{7F9F310D-0426-4678-97CC-49EB98D954A0}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 16:33]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
FF - ProfilePath - c:\users\Vista\AppData\Roaming\Mozilla\Firefox\Profiles\[u]0[/u]x3drx7z.New Age 1-2009\
FF - prefs.js: browser.startup.homepage - hxxp://www.espn.com
FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFTMUFEHelper.dll
FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFToolbarComm.dll
FF - component: c:\users\Vista\AppData\Roaming\Mozilla\Firefox\Profiles\[u]0[/u]x3drx7z.New Age 1-2009\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 13:19:46
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(2420)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\Stardock\ObjectDock\Docklets\menuhook.func
.
Completion time: 2009-01-24 13:21:45
ComboFix-quarantined-files.txt 2009-01-24 04:21:43
ComboFix2.txt 2009-01-23 13:12:40
Pre-Run: 63,810,924,544 bytes free
Post-Run: 63,562,825,728 bytes free
436 --- E O F --- 2009-01-15 04:19:09
Looks like you've uninstalled Ad-Aware.
Navigate to this registry:
HKLM\System\CurrentControl Set\Contro l\Session Manager\BootExecute
on the right pane you can doubleclick on BootExecute and modify the data, and delete this data --> + autocheck lsdelete
mine is just the default --> autocheck autochk *
Navigate to this registry:
HKLM\System\CurrentControl
on the right pane you can doubleclick on BootExecute and modify the data, and delete this data --> + autocheck lsdelete
mine is just the default --> autocheck autochk *
ASKER
I have currentcontrolset 001 and 003
ASKER
neither of them contain BootExecute
ASKER
combofix log look OK? nothing else hiding anywhere I need to search for?
ASKER
Can I delete the file Qoobox which contains the quarrantine folder?
ASKER
reinstalled Adaware, same message appears on startup
ASKER
I am encountering the message vssvc.exe is trying to make changes to the startup area of the registry. Is this OK? Never seen it before
>>>I have currentcontrolset 001 and 003
Just "currentcontrolset" without any numbers.
And no please do not delete the Qoobox folder yet, it will be deleted when you uninstall combofix. I don't see any obvious malicious files in the log, bside that suspicous "msiUpdate.exe" and the others which you said were okay,
Do you recognize all of the installed programs showing in the log?
vssvc.exe <-- in system32 folder is legit
Just "currentcontrolset" without any numbers.
And no please do not delete the Qoobox folder yet, it will be deleted when you uninstall combofix. I don't see any obvious malicious files in the log, bside that suspicous "msiUpdate.exe" and the others which you said were okay,
Do you recognize all of the installed programs showing in the log?
vssvc.exe <-- in system32 folder is legit
ASKER
I RAN A REG KEY CLEANER AND GOT RID OF THE MESSAGE. REINSTALLED ADAWARE AND SO FAR THINGS LOOK OK. ANYTHING ELSE i SHOULD DO?
Good job, I guess that's it.
You can then uninstall Combofix. The process will delete it's backup and also will reset System Restore but will create one restore point.
To uninstall Combofix:
Go to Start > Run and 'copy and paste' next command in the field:
ComboFix /u
You can then uninstall Combofix. The process will delete it's backup and also will reset System Restore but will create one restore point.
To uninstall Combofix:
Go to Start > Run and 'copy and paste' next command in the field:
ComboFix /u
ASKER
well once again, thank you! You saved me last time and you saved me again this time! Like a superhero of virus fighting. Always arrive on the scene whenever help is needed. many thanks!
ASKER
wonderful instructions. very easy to follow. Very thorough
O2 - BHO: (no name) - {5BE92300-3F82-4DE0-8813-8
I would also try out Autoruns from Microsoft/Sysinternals to see if you have any other rogue processes running at startup:
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
If you have your Vista installation media, i would try running this command to restore any corrupted Windows protected files:
sfc /scannow