Link to home
Start Free TrialLog in
Avatar of samhfoley
samhfoleyFlag for Japan

asked on

Explorer.exe crashes....I am having deja vu

I am having an issue with msiupdater.exe, I think that's the root of this.  Not sure.  My Trend Micro scanner is stalling out at 75% and whenever I try to access C/windows  explorer.exe crashes and I have to restart it via task mgr. I have included a Hijack this log.  Let me know if you have any suggestions.  Thanks.

Running Windows Vista Ultimate
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:05 PM, on 1/23/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
 
Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Proxure\MCE Tunes Pro\MCETunesExtenderSupport.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logicool\Qcam\Qcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Proxure\MCE Tunes Pro\ProxureQTHost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F:\Utorrent\utorrent.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\explorer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: (no name) - {5BE92300-3F82-4DE0-8813-86017B4228C6} - C:\Windows\system32\gebyAqpm.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing)
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logicool\Qcam\Qcam.exe" /hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [svchosts] C:\Windows\system32\svchosts.exe
O4 - HKLM\..\Run: [GroupManager] C:\Windows\msiUpdate.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ssqRLFus.dll,#1
O4 - HKLM\..\RunOnce: [MCE Tunes Extender Support] "C:\Program Files\Proxure\MCE Tunes Pro\LaunchExtenderSupport.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAD81DFC-DF6E-4F0A-AA36-B4178E96B9E0}: NameServer = 192.168.3.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logicool Co., Ltd - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logicool Co., Ltd - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\Vista\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SlingAgent Service (SlingAgentService) - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Transcoding and Broadcast Service (Transcode360) - Unknown owner - C:\Program Files\Transcode360\Transcode360.exe
 
--
End of file - 11983 bytes

Open in new window

Avatar of ACollyer
ACollyer
Flag of United Kingdom of Great Britain and Northern Ireland image

This line looks quite suspicious:
O2 - BHO: (no name) - {5BE92300-3F82-4DE0-8813-86017B4228C6} - C:\Windows\system32\gebyAqpm.dll

I would also try out Autoruns from Microsoft/Sysinternals to see if you have any other rogue processes running at startup:
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

If you have your Vista installation media, i would try running this command to restore any corrupted Windows protected files:
sfc /scannow
Avatar of samhfoley

ASKER

no installation media available.  running sysinternals, here's the log file from "EVERYTHING"  If you want another log let me know

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit                  
+ C:\Windows\system32\userinit.exe      Userinit Logon Application      Microsoft Corporation      c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell                  
+ Explorer.exe      Windows Explorer      Microsoft Corporation      c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run                  
+ AdobeCS4ServiceManager      Adobe CS4 Service Manager      Adobe Systems Incorporated      c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe
+ AppleSyncNotifier      AppleSyncNotifier      Apple Inc.      c:\program files\common files\apple\mobile device support\bin\applesyncnotifier.exe
+ GroupManager                   c:\windows\msiupdate.exe
+ iTunesHelper      iTunesHelper Module      Apple Inc.      c:\program files\itunes\ituneshelper.exe
+ JMB36X IDE Setup                  c:\windows\raidtool\xinside.exe
+ LogitechCommunicationsManager      Communications Manager      Logicool Co., Ltd      c:\program files\common files\logishrd\lcommgr\communications_helper.exe
+ LogitechQuickCamRibbon      Camera Software      Logicool Co., Ltd      c:\program files\logicool\qcam\qcam.exe
+ MSServer                  c:\windows\system32\ssqrlfus.dll
+ NBKeyScan                  File not found: C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
+ QuickTime Task      QuickTime Task      Apple Inc.      c:\program files\quicktime\qttask.exe
+ SoundMAXPnP      SMax4PNP      Analog Devices, Inc.      c:\program files\analog devices\core\smax4pnp.exe
+ SoundTray      SoundTray.exe      Sonic Focus, Inc.      c:\program files\analog devices\soundmax\soundtray.exe
+ StartCCC      Catalyst® Control Center Launcher      Advanced Micro Devices, Inc.      c:\program files\ati technologies\ati.ace\core-static\clistart.exe
+ SunJavaUpdateSched      Java(TM) Platform SE binary      Sun Microsystems, Inc.      c:\program files\java\jre6\bin\jusched.exe
+ svchosts                  c:\windows\system32\svchosts.exe
+ TkBellExe      RealNetworks Scheduler      RealNetworks, Inc.      c:\program files\common files\real\update_ob\realsched.exe
+ UfSeAgnt.exe      Trend Micro Server Agent      Trend Micro Inc.      c:\program files\trend micro\internet security\ufseagnt.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce                  
+ MCE Tunes Extender Support      LaunchExtenderSupport Module            c:\program files\proxure\mce tunes pro\launchextendersupport.exe
C:\Users\Vista\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup                  
+ Stardock ObjectDock.lnk      ObjectDock Plus      Stardock      c:\program files\stardock\objectdock\objectdock.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run                  
+ ehTray.exe      Media Center Tray Applet      Microsoft Corporation      c:\windows\ehome\ehtray.exe
+ IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}                  File not found: C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
+ OE      Trend Micro Anti-Spam Toolbar      Trend Micro Inc.      c:\program files\trend micro\internet security\tmas_oe\tmas_oemon.exe
+ Sidebar      Windows Sidebar      Microsoft Corporation      c:\program files\windows sidebar\sidebar.exe
+ Steam      Steam      Valve Corporation      c:\program files\steam\steam.exe
+ WMPNSCFG      Windows Media Player Network Sharing Service Configuration Application      Microsoft Corporation      c:\program files\windows media player\wmpnscfg.exe
HKLM\SOFTWARE\Classes\Protocols\Filter                  
+ application/octet-stream      Microsoft .NET Runtime Execution Engine      Microsoft Corporation      c:\windows\system32\mscoree.dll
+ application/x-complus      Microsoft .NET Runtime Execution Engine      Microsoft Corporation      c:\windows\system32\mscoree.dll
+ application/x-msdownload      Microsoft .NET Runtime Execution Engine      Microsoft Corporation      c:\windows\system32\mscoree.dll
+ deflate      OLE32 Extensions for Win32      Microsoft Corporation      c:\windows\system32\urlmon.dll
+ gzip      OLE32 Extensions for Win32      Microsoft Corporation      c:\windows\system32\urlmon.dll
+ text/xml      Microsoft Office XML MIME Filter      Microsoft Corporation      c:\program files\common files\microsoft shared\office12\msoxmlmf.dll
HKLM\SOFTWARE\Classes\Protocols\Handler                  
+ about      Microsoft (R) HTML Viewer      Microsoft Corporation      c:\windows\system32\mshtml.dll
+ cdl      OLE32 Extensions for Win32      Microsoft Corporation      c:\windows\system32\urlmon.dll
+ dvd      ActiveX control for streaming video      Microsoft Corporation      c:\windows\system32\msvidctl.dll
+ file      OLE32 Extensions for Win32      Microsoft Corporation      c:\windows\system32\urlmon.dll
+ ftp      OLE32 Extensions for Win32      Microsoft Corporation      c:\windows\system32\urlmon.dll
+ gopher      OLE32 Extensions for Win32      Microsoft Corporation      c:\windows\system32\urlmon.dll
+ http      OLE32 Extensions for Win32      Microsoft Corporation      c:\windows\system32\urlmon.dll
+ https      OLE32 Extensions for Win32      Microsoft Corporation      c:\windows\system32\urlmon.dll
+ its      Microsoft® InfoTech Storage System Library      Microsoft Corporation      c:\windows\system32\itss.dll
+ javascript      Microsoft (R) HTML Viewer      Microsoft Corporation      c:\windows\system32\mshtml.dll
+ local      OLE32 Extensions for Win32      Microsoft Corporation      c:\windows\system32\urlmon.dll
+ mailto      Microsoft (R) HTML Viewer      Microsoft Corporation      c:\windows\system32\mshtml.dll
+ mhtml      Microsoft Internet Messaging API Resources      Microsoft Corporation      c:\windows\system32\inetcomm.dll
+ mk      OLE32 Extensions for Win32      Microsoft Corporation      c:\windows\system32\urlmon.dll
+ ms-help      Microsoft® Help Data Services Module      Microsoft Corporation      c:\program files\common files\microsoft shared\help\hxds.dll
+ ms-its      Microsoft® InfoTech Storage System Library      Microsoft Corporation      c:\windows\system32\itss.dll
+ res      Microsoft (R) HTML Viewer      Microsoft Corporation      c:\windows\system32\mshtml.dll
+ skype4com      Skype for COM API      Skype Technologies      c:\program files\common files\skype\skype4com.dll
+ tmtb      Trend Micro TrendSecure      Trend Micro Inc.      c:\program files\trend micro\trendsecure\tisprotoolbar\tstoolbar.dll
+ tv      ActiveX control for streaming video      Microsoft Corporation      c:\windows\system32\msvidctl.dll
+ vbscript      Microsoft (R) HTML Viewer      Microsoft Corporation      c:\windows\system32\mshtml.dll
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components                  
+ Browser Customizations      IEAK branding      Microsoft Corporation      c:\windows\system32\iedkcs32.dll
+ Internet Explorer      IE Per-User Initialization Utility      Microsoft Corporation      c:\windows\system32\ie4uinit.exe
+ Internet Explorer      IE Per-User Initialization Utility      Microsoft Corporation      c:\windows\system32\ie4uinit.exe
+ LightScribe Control Panel            Hewlett-Packard Company      c:\program files\common files\lightscribe\lsrunonce.exe
+ Microsoft Windows Mail 7      Windows Mail      Microsoft Corporation      c:\program files\windows mail\winmail.exe
+ Microsoft Windows Media Player      Microsoft Windows Media Player Setup Utility      Microsoft Corporation      c:\windows\system32\unregmp2.exe
+ Microsoft Windows Media Player      Microsoft Windows Media Player Setup Utility      Microsoft Corporation      c:\windows\system32\unregmp2.exe
+ n/a                  c:\windows\system32\svchosts.exe
+ n/a      Microsoft .NET IE SECURITY REGISTRATION      Microsoft Corporation      c:\windows\system32\mscories.dll
+ Themes Setup      Microsoft(C) Register Server      Microsoft Corporation      c:\windows\system32\regsvr32.exe
+ Windows Desktop Update      Microsoft(C) Register Server      Microsoft Corporation      c:\windows\system32\regsvr32.exe
+ Windows Ultimate Extras      Ultimate Extras Helper Utility      Microsoft Corporation      c:\windows\system32\soundschemes.exe
+ Windows Ultimate Extras      Ultimate Extras Helper Utility      Microsoft Corporation      c:\windows\system32\soundschemes2.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler                  
+ Component Categories cache daemon      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ Windows DreamScene      Microsoft Windows Vista Ultimate Extra: Windows DreamScene      Microsoft Corporation      c:\windows\system32\dreamscene.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad                  
+ 0aMCPClient      Stardock MCP API Dll      Stardock      c:\program files\common files\stardock\mcpcore.dll
+ IconPackager Repair      IconPackager Repair Module      Stardock.net, Inc      c:\program files\stardock\object desktop\iconpackager\iprepair.dll
+ WebCheck      Web Site Monitor      Microsoft Corporation      c:\windows\system32\webcheck.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks                  
+ ssqrlfus.dll                  c:\windows\system32\ssqrlfus.dll
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers                  
+ BriefcaseMenu      Windows Briefcase      Microsoft Corporation      c:\windows\system32\syncui.dll
+ Cover Designer      Cover Designer      Nero AG      c:\program files\nero\nero 9\nero coverdesigner\coveredextension.dll
+ EPPShellEx            SEIKO EPSON CORPORATION      c:\program files\epson\creativity suite\easy photo print\eppshell.dll
+ IconPackager      IconPackager Shell Extension      Stardock.net, Inc      c:\program files\stardock\object desktop\iconpackager\shellext.dll
+ MagicISO      MagicISO Shell Extension Module      MagicISO, Inc.      c:\program files\magiciso\misosh.dll
+ moveonboot_delete      GiPo@MoveOnBoot Shell Extension that used for deleting or moving files during OS reboot      Gibin Software House (http://www.gibinsoft.net)      c:\program files\gipo@utilities\gipo@moveonboot\mboot.dll
+ Open With      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
+ Open With EncryptionMenu      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
+ Sharing      Shell extensions for sharing      Microsoft Corporation      c:\windows\system32\ntshrui.dll
+ Start Menu Pin      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
+ TMD Shell Extension      Tmdshell Dynamic Link Library      Trend Micro Inc.      c:\program files\trend micro\internet security\tmdshell.dll
+ WinRAR                  c:\program files\winrar\rarext.dll
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers                  
+ Client Side Caching UI      Client Side Caching UI      Microsoft Corporation      c:\windows\system32\cscui.dll
+ CopyAsPathMenu      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
+ Previous Versions Property Page      Previous Versions property page      Microsoft Corporation      c:\windows\system32\twext.dll
+ Send To      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers                  
+ EncryptionMenu      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
+ MagicISO      MagicISO Shell Extension Module      MagicISO, Inc.      c:\program files\magiciso\misosh.dll
+ Offline Files      Client Side Caching UI      Microsoft Corporation      c:\windows\system32\cscui.dll
+ Previous Versions Property Page      Previous Versions property page      Microsoft Corporation      c:\windows\system32\twext.dll
+ Sharing      Shell extensions for sharing      Microsoft Corporation      c:\windows\system32\ntshrui.dll
+ WinRAR                  c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Directory\Shellex\DragDropHandlers                  
+ HardLinkShlExt      GiPo@MoveOnBoot Shell Extension that used for deleting or moving files during OS reboot      Gibin Software House (http://www.gibinsoft.net)      c:\program files\gipo@utilities\gipo@moveonboot\mboot.dll
+ WinRAR                  c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers                  
+ DfsShell Class      Distributed File System shell extension      Microsoft Corporation      c:\windows\system32\dfsshlex.dll
+ Folder Customization Tab      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
+ GiPoPPShellEx      GiPo@Utilities Shell (Property Page)      Gibin Software House (http://www.gibinsoft.net)      c:\program files\common files\gibinsoft shared\gu_shell.dll
+ MyFolder menu and properties      My Documents Folder UI      Microsoft Corporation      c:\windows\system32\mydocs.dll
+ Offline Files      Client Side Caching UI      Microsoft Corporation      c:\windows\system32\cscui.dll
+ Previous Versions Property Page      Previous Versions property page      Microsoft Corporation      c:\windows\system32\twext.dll
+ Security Shell Extension      Security Shell Extension      Microsoft Corporation      c:\windows\system32\rshx32.dll
+ Sharing      Shell extensions for sharing      Microsoft Corporation      c:\windows\system32\ntshrui.dll
HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers                  
+ FileSystem      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
+ Nokia      Phone Browser      Nokia      c:\program files\nokia\nokia pc suite 7\phonebrowser.dll
+ Sharing      Shell extensions for sharing      Microsoft Corporation      c:\windows\system32\ntshrui.dll
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers                  
+ BriefcaseMenu      Windows Briefcase      Microsoft Corporation      c:\windows\system32\syncui.dll
+ MagicISO      MagicISO Shell Extension Module      MagicISO, Inc.      c:\program files\magiciso\misosh.dll
+ Offline Files      Client Side Caching UI      Microsoft Corporation      c:\windows\system32\cscui.dll
+ TMD Shell Extension      Tmdshell Dynamic Link Library      Trend Micro Inc.      c:\program files\trend micro\internet security\tmdshell.dll
+ WinRAR                  c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers                  
+ ACE      ACE Context Menu            c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll
+ DreamScene      Microsoft Windows Vista Ultimate Extra: Windows DreamScene      Microsoft Corporation      c:\windows\system32\dreamscene.dll
+ New      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers                  
+ Offline Files      Client Side Caching UI      Microsoft Corporation      c:\windows\system32\cscui.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved                  
+ &Address      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ &Links      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ .CAB file viewer      Cabinet File Viewer Shell Extension      Microsoft Corporation      c:\windows\system32\cabview.dll
+ .contact shell extension handler      Microsoft (R) Contacts DLL      Microsoft Corporation      c:\program files\common files\system\wab32.dll
+ .cpl, .dll, .exe, .ocx, .rll or .sys files      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
+ .fon, .otf, .ttc or .ttf files      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
+ .group shell extension handler      Microsoft (R) Contacts DLL      Microsoft Corporation      c:\program files\common files\system\wab32.dll
+ ActiveX Cache Folder      Object Control Viewer      Microsoft Corporation      c:\windows\system32\occache.dll
+ Add New Hardware      Add Hardware Wizard      Microsoft Corporation      c:\windows\system32\hdwwiz.exe
+ Address EditBox      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ Administrative Tools      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Alphabetical Categorizer      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
+ Audio Media Properties Handler      Media Metadata Handler      Microsoft Corporation      c:\windows\system32\mediametadatahandler.dll
+ AutoPlay      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Backup and Restore Center      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ BandProxy      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ BitLocker Drive Encryption CPL      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Briefcase      Windows Briefcase      Microsoft Corporation      c:\windows\system32\syncui.dll
+ Catalyst Context Menu extension      ACE Context Menu            c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll
+ Client application shell extension      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
+ Client Side Cache Namespace Extension      MSSearch Vista Platform      Microsoft Corporation      c:\windows\system32\mssvp.dll
+ Code Download Agent      Web Site Monitor      Microsoft Corporation      c:\windows\system32\webcheck.dll
+ Color Control Panel Applet      Microsoft Color Control Panel      Microsoft Corporation      c:\windows\system32\colorcpl.exe
+ Command Folder      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
+ Common Places Folder      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Compatibility Property Page      Compatibility Tab Shell Extension Library      Microsoft Corporation      c:\windows\system32\acppage.dll
+ Compressed (zipped) Folder      Compressed (zipped) Folders      Microsoft Corporation      c:\windows\system32\zipfldr.dll
+ Compressed (zipped) Folder Context Menu      Compressed (zipped) Folders      Microsoft Corporation      c:\windows\system32\zipfldr.dll
+ Compressed (zipped) Folder Drop Handler      Compressed (zipped) Folders      Microsoft Corporation      c:\windows\system32\zipfldr.dll
+ Compressed (zipped) Folder Right Drag Handler      Compressed (zipped) Folders      Microsoft Corporation      c:\windows\system32\zipfldr.dll
+ Compressed (zipped) Folder SendTo Target      Compressed (zipped) Folders      Microsoft Corporation      c:\windows\system32\zipfldr.dll
+ Computers and Devices      Network Explorer      Microsoft Corporation      c:\windows\system32\networkexplorer.dll
+ contact_wab_auto_file      Microsoft (R) Contacts DLL      Microsoft Corporation      c:\program files\common files\system\wab32.dll
+ Control Panel      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
+ Control Panel command object for Start menu      Windows Control Panel      Microsoft Corporation      c:\windows\system32\control.exe
+ Crypto PKO Extension      Crypto Shell Extensions      Microsoft Corporation      c:\windows\system32\cryptext.dll
+ Crypto Sign Extension      Crypto Shell Extensions      Microsoft Corporation      c:\windows\system32\cryptext.dll
+ Custom MRU AutoCompleted List      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ Darwin App Publisher      Shell Application Manager      Microsoft Corporation      c:\windows\system32\appwiz.cpl
+ Default Programs command object for Start menu      Windows Control Panel      Microsoft Corporation      c:\windows\system32\control.exe
+ Desktop Shortcut      Send Mail      Microsoft Corporation      c:\windows\system32\sendmail.dll
+ Device Manager      Device Manager MMC Snapin      Microsoft Corporation      c:\windows\system32\devmgr.dll
+ DfsShell.DfsShell Property Sheet      Distributed File System shell extension      Microsoft Corporation      c:\windows\system32\dfsshlex.dll
+ Directory Context Menu Verbs      Directory Service Common UI      Microsoft Corporation      c:\windows\system32\dsuiext.dll
+ Directory Object Find      Directory Service Find      Microsoft Corporation      c:\windows\system32\dsquery.dll
+ Directory Property UI      Directory Service Common UI      Microsoft Corporation      c:\windows\system32\dsuiext.dll
+ Directory Query UI      Directory Service Find      Microsoft Corporation      c:\windows\system32\dsquery.dll
+ Directory Start/Search Find      Directory Service Find      Microsoft Corporation      c:\windows\system32\dsquery.dll
+ Disk Copy Extension      Windows DiskCopy      Microsoft Corporation      c:\windows\system32\diskcopy.dll
+ Disk Quota UI      Windows Shell Disk Quota UI DLL      Microsoft Corporation      c:\windows\system32\dskquoui.dll
+ Display Adapter CPL Extension      Advanced display adapter properties      Microsoft Corporation      c:\windows\system32\deskadp.dll
+ Display Monitor CPL Extension      Advanced display monitor properties      Microsoft Corporation      c:\windows\system32\deskmon.dll
+ Display TroubleShoot CPL Extension      Advanced display performance properties      Microsoft Corporation      c:\windows\system32\deskperf.dll
+ DropTarget Object for Photo Printing Wizard      Photo Printing Wizard      Microsoft Corporation      c:\windows\system32\photowiz.dll
+ DS Security Page      Directory Service Security UI      Microsoft Corporation      c:\windows\system32\dssec.dll
+ E-mail      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Ease of Access      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ EMDFileProperties      ReadyBoost Service      Microsoft Corporation      c:\windows\system32\emdmgmt.dll
+ Execute Folder      ExplorerFrame      Microsoft Corporation      c:\windows\system32\explorerframe.dll
+ Explorer Browser      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
+ Explorer Navigation Bar      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ Explorer Search Band      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ Explorer Travel Band      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ Extensions Manager Folder      Extensions Manager      Microsoft Corporation      c:\windows\system32\extmgr.dll
+ File Backup Index      Microsoft® Windows Backup Shell Extension      Microsoft Corporation      c:\windows\system32\sdshext.dll
+ File Open Dialog      Common Dialogs DLL      Microsoft Corporation      c:\windows\system32\comdlg32.dll
+ File Save Dialog      Common Dialogs DLL      Microsoft Corporation      c:\windows\system32\comdlg32.dll
+ Folder Options      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
+ Fonts      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ For &People...      Find People      Microsoft Corporation      c:\program files\windows mail\wabfind.dll
+ FTP Folders Webview      Microsoft Internet Explorer FTP Folder Shell Extension      Microsoft Corporation      c:\windows\system32\msieftp.dll
+ Games Folder      Games Explorer      Microsoft Corporation      c:\windows\system32\gameux.dll
+ GameUX.RichGameMediaThumbnail      Games Explorer      Microsoft Corporation      c:\windows\system32\gameux.dll
+ Get Programs Online      Shell Application Manager      Microsoft Corporation      c:\windows\system32\appwiz.cpl
+ Global Folder Settings      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ group_wab_auto_file      Microsoft (R) Contacts DLL      Microsoft Corporation      c:\program files\common files\system\wab32.dll
+ Help and Support      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Help and Support      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ History      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ HTML Document      Microsoft (R) HTML Viewer      Microsoft Corporation      c:\windows\system32\mshtml.dll
+ ICC Profile      Microsoft Color Control Panel      Microsoft Corporation      c:\windows\system32\colorui.dll
+ ICM Monitor Management      Microsoft Color Control Panel      Microsoft Corporation      c:\windows\system32\colorui.dll
+ ICM Printer Management      Microsoft Color Control Panel      Microsoft Corporation      c:\windows\system32\colorui.dll
+ ICM Scanner Management      Microsoft Color Control Panel      Microsoft Corporation      c:\windows\system32\colorui.dll
+ IconPackager Context Menu      IconPackager Shell Extension      Stardock.net, Inc      c:\program files\stardock\object desktop\iconpackager\shellext.dll
+ IconPackager Icon Handler      IconPackager Shell Extension      Stardock.net, Inc      c:\program files\stardock\object desktop\iconpackager\shellext.dll
+ IE AutoComplete      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ IE BandProxy      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ IE Custom MRU AutoCompleted List      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ IE Fade Task      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ IE IShellFolderBand      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ IE Menu Band      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ IE Menu Desk Bar      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ IE Menu Site      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ IE Microsoft BrowserBand      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ IE Microsoft History AutoComplete List      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ IE Microsoft Multiple AutoComplete List Container      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ IE Microsoft Shell Folder AutoComplete List      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ IE MRU AutoComplete List      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ IE Navigation Bar      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ IE Registry Tree Options Utility      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ IE RSS Feeder Folder      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ IE Search Band      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ IE Shell Band Site Menu      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ IE Shell Rebar BandSite      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ IE Tracking Shell Menu      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ IE User Assist      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ IGD Property Sheet Handler      Internet Gateway Device properties      Microsoft Corporation      c:\windows\system32\icsigd.dll
+ In-pane search      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ Install New Programs      Shell Application Manager      Microsoft Corporation      c:\windows\system32\appwiz.cpl
+ Installed Updates      Shell Application Manager      Microsoft Corporation      c:\windows\system32\appwiz.cpl
+ Internet      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Internet Name Space      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ InternetShortcut      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ IPropertyStore Handler for Images      Photo Metadata Handler      Microsoft Corporation      c:\windows\system32\photometadatahandler.dll
+ iSCSI Initiator      Microsoft iSCSI Initiator Configuration Tool      Microsoft Corporation      c:\windows\system32\iscsicpl.exe
+ iTunes      iTunes Mini Player DLL      Apple Inc.      c:\program files\itunes\itunesminiplayer.dll
+ Layout Folder      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
+ Mail Service      Send Mail      Microsoft Corporation      c:\windows\system32\sendmail.dll
+ Manage Wireless Networks      Wireless Preferred Networks      Microsoft Corporation      c:\windows\system32\wlanpref.dll
+ MAPI Search Namespace Extension      MSSearch Vista Platform      Microsoft Corporation      c:\windows\system32\mssvp.dll
+ Microsoft Agent Character Property Sheet Handler      Microsoft Agent Property Sheet Handler      Microsoft Corporation      c:\windows\msagent\agentpsh.dll
+ Microsoft AutoComplete      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ Microsoft Breadcrumb Bar      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ Microsoft Browser Architecture      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ Microsoft BrowserBand      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ Microsoft CommBand      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ Microsoft Data Link      OLE DB Core Services      Microsoft Corporation      c:\program files\common files\system\ole db\oledb32.dll
+ Microsoft History AutoComplete List      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ Microsoft Internet Toolbar      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ Microsoft Multiple AutoComplete List Container      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ Microsoft Office HTML Icon Handler      2007 Microsoft Office component      Microsoft Corporation      c:\program files\microsoft office\office12\msohevi.dll
+ Microsoft Office Metadata Handler      Microsoft Office Shell Extension Handlers      Microsoft Corporation      c:\program files\common files\microsoft shared\office12\msoshext.dll
+ Microsoft Office Outlook Custom Icon Handler      Outlook Shell Hook for Start/Find      Microsoft Corporation      c:\program files\microsoft office\office12\olkfstub.dll
+ Microsoft Office Outlook Desktop Icon Handler      Microsoft Shell Extension Library      Microsoft Corporation      c:\program files\microsoft office\office12\mlshext.dll
+ Microsoft Office Thumbnail Handler      Microsoft Office Shell Extension Handlers      Microsoft Corporation      c:\program files\common files\microsoft shared\office12\msoshext.dll
+ Microsoft Power Options      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Microsoft Shell Folder AutoComplete List      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ Microsoft Url History Service      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ Microsoft Url Search Hook      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ Microsoft Web Browser      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ Microsoft Windows Font File Context Menu Handler      Windows Font Folder      Microsoft Corporation      c:\windows\system32\fontext.dll
+ Microsoft Windows Font File Icon Handler      Windows Font Folder      Microsoft Corporation      c:\windows\system32\fontext.dll
+ Microsoft Windows Font Folder      Windows Font Folder      Microsoft Corporation      c:\windows\system32\fontext.dll
+ Microsoft Windows Font Previewer      Windows Font Folder      Microsoft Corporation      c:\windows\system32\fontext.dll
+ Microsoft Windows Mail Html Preview Handler      Microsoft Internet Messaging API Resources      Microsoft Corporation      c:\windows\system32\inetcomm.dll
+ Microsoft Windows Mail Html Preview Handler      Microsoft Internet Messaging API Resources      Microsoft Corporation      c:\windows\system32\inetcomm.dll
+ Microsoft Windows Mail Html Preview Handler      Microsoft Internet Messaging API Resources      Microsoft Corporation      c:\windows\system32\inetcomm.dll
+ Microsoft Windows MAPI Preview Handler      MSSearch Vista Platform      Microsoft Corporation      c:\windows\system32\mssvp.dll
+ Microsoft Windows RTF Preview Handler      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
+ Microsoft XPS Properties      Package Document Shell Extension Handler      Microsoft Corporation      c:\windows\system32\xpsshhdr.dll
+ Microsoft XPS Thumbnail      Package Document Shell Extension Handler      Microsoft Corporation      c:\windows\system32\xpsshhdr.dll
+ Microsoft.ScannersAndCameras      Imaging Devices Control Panel      Microsoft Corporation      c:\program files\windows photo gallery\imagingdevices.exe
+ MMC Icon Handler      MMC Shell Extension DLL      Microsoft Corporation      c:\windows\system32\mmcshext.dll
+ Mobility Center Control Panel      Windows Mobility Center      Microsoft Corporation      c:\windows\system32\mblctr.exe
+ MRU AutoComplete List      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ MSHTML Document      Microsoft (R) HTML Viewer      Microsoft Corporation      c:\windows\system32\mshtml.dll
+ MyDocs Drop Target      My Documents Folder UI      Microsoft Corporation      c:\windows\system32\mydocs.dll
+ MyDocuments menu and properties      My Documents Folder UI      Microsoft Corporation      c:\windows\system32\mydocs.dll
+ MyFolder Properties      My Documents Folder UI      Microsoft Corporation      c:\windows\system32\mydocs.dll
+ NeroCoverEd Live Icons      Cover Designer      Nero AG      c:\program files\nero\nero 9\nero coverdesigner\coveredextension.dll
+ nethood delegate folder      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Network and Sharing Center      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Network Connections      Network Connections Shell      Microsoft Corporation      c:\windows\system32\netshell.dll
+ Network Connections      Network Connections Shell      Microsoft Corporation      c:\windows\system32\netshell.dll
+ Network Explorer Property Sheet Handler      Advanced network device properties      Microsoft Corporation      c:\windows\system32\ncdprop.dll
+ Network Map      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ New Shortcut Wizard      Shell Application Manager      Microsoft Corporation      c:\windows\system32\appwiz.cpl
+ New Shortcut Wizard Modal      Shell Application Manager      Microsoft Corporation      c:\windows\system32\appwiz.cpl
+ Nokia Phone Browser      Phone Browser      Nokia      c:\program files\nokia\nokia pc suite 7\phonebrowser.dll
+ NTFS Security Page      Security Shell Extension      Microsoft Corporation      c:\windows\system32\rshx32.dll
+ Office Document Property Handler      Microsoft Property System      Microsoft Corporation      c:\windows\system32\propsys.dll
+ Offline Files Context Menu      Client Side Caching UI      Microsoft Corporation      c:\windows\system32\cscui.dll
+ Offline Files Folder      Client Side Caching UI      Microsoft Corporation      c:\windows\system32\cscui.dll
+ Offline Files Folder Options      Client Side Caching UI      Microsoft Corporation      c:\windows\system32\cscui.dll
+ Offline Files Icon Overlay Handler      Client Side Caching UI      Microsoft Corporation      c:\windows\system32\cscui.dll
+ Offline Files Property Sheet Extension      Client Side Caching UI      Microsoft Corporation      c:\windows\system32\cscui.dll
+ OLE Docfile Property Page      OLE DocFile Property Page      Microsoft Corporation      c:\windows\system32\docprop.dll
+ OlePrn.PrinterURL      Oleprn DLL      Microsoft Corporation      c:\windows\system32\oleprn.dll
+ Parental Controls      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Performance Information and Tools      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Personalization CPL Provider      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Photo Thumbnail Extractor      Photo Metadata Handler      Microsoft Corporation      c:\windows\system32\photometadatahandler.dll
+ Photo Thumbnail Provider      Photo Metadata Handler      Microsoft Corporation      c:\windows\system32\photometadatahandler.dll
+ PhotoAcqDropTarget      Photo Acquisition      Microsoft Corporation      c:\program files\windows photo gallery\photoacq.dll
+ PlusPack CPL Extension      Windows Theme API      Microsoft Corporation      c:\windows\system32\themeui.dll
+ Portable Devices      Portable Devices Shell Extension      Microsoft Corporation      c:\windows\system32\wpdshext.dll
+ Portable Devices Menu      Portable Devices Shell Extension      Microsoft Corporation      c:\windows\system32\wpdshext.dll
+ Portable Media Devices      Portable Media Devices Shell Extension      Microsoft Corporation      c:\windows\system32\audiodev.dll
+ Previous Versions      Previous Versions property page      Microsoft Corporation      c:\windows\system32\twext.dll
+ Previous Versions Property Page      Previous Versions property page      Microsoft Corporation      c:\windows\system32\twext.dll
+ Print Ordering via the Web      Windows Shell Web Services      Microsoft Corporation      c:\windows\system32\shwebsvc.dll
+ Printers Security Page      Security Shell Extension      Microsoft Corporation      c:\windows\system32\rshx32.dll
+ printhood delegate folder      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Problem Reports and Solutions      Problem Reports and Solutions      Microsoft Corporation      c:\windows\system32\wercon.exe
+ Programs and Features      Shell Application Manager      Microsoft Corporation      c:\windows\system32\appwiz.cpl
+ Programs Folder and Fast Items      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
+ Property Labels      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Public Folder      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Registry Tree Options Utility      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ Remote Sessions CPL Extension      Remote Sessions CPL Extension      Microsoft Corporation      c:\windows\system32\remotepg.dll
+ RichGameMediaPropertyStore Class      Games Explorer      Microsoft Corporation      c:\windows\system32\gameux.dll
+ Run...      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Search      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Search Band      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ Search Control      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ Search Execute Command      ExplorerFrame      Microsoft Corporation      c:\windows\system32\explorerframe.dll
+ Search Folder      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Search Folders      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
+ Set Program Access and Defaults      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Set User Defaults      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Shell Band Site Menu      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ Shell DeskBarApp      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ Shell DocObject Viewer      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ Shell extensions for Microsoft Windows Network objects      Network object shell UI      Microsoft Corporation      c:\windows\system32\ntlanui2.dll
+ Shell Extensions for RealOne Player      RealPlayer Shell Extensions      RealNetworks, Inc.      c:\program files\real\realplayer\rpshell.dll
+ Shell extensions for sharing      Shell extensions for sharing      Microsoft Corporation      c:\windows\system32\ntshrui.dll
+ Shell extensions for sharing      Shell extensions for sharing      Microsoft Corporation      c:\windows\system32\ntshrui.dll
+ Shell extensions for Windows Script Host      Microsoft (R) Shell Extension for Windows Script Host      Microsoft Corporation      c:\windows\system32\wshext.dll
+ Shell Icon Handler for Application References      Application Deployment Support Library      Microsoft Corporation      c:\windows\system32\dfshim.dll
+ Shell Message Handler      Microsoft Internet Messaging API Resources      Microsoft Corporation      c:\windows\system32\inetcomm.dll
+ Shell properties for a DS object      Directory Service Find      Microsoft Corporation      c:\windows\system32\dsquery.dll
+ Shell Publishing Wizard Object      Windows Shell Web Services      Microsoft Corporation      c:\windows\system32\shwebsvc.dll
+ Shell Rebar BandSite      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ ShellLink for Application References      Application Deployment Support Library      Microsoft Corporation      c:\windows\system32\dfshim.dll
+ Shortcut      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
+ Show Desktop      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Speech Recognition Options      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Start Menu OEM Command      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Subscription Folder      Web Site Monitor      Microsoft Corporation      c:\windows\system32\webcheck.dll
+ Subscription Mgr      Web Site Monitor      Microsoft Corporation      c:\windows\system32\webcheck.dll
+ Summary Info Thumbnail handler (DOCFILES)      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
+ Sync Center Conflict Delegate Folder      Microsoft Sync Center      Microsoft Corporation      c:\windows\system32\synccenter.dll
+ Sync Center Conflict Folder      Microsoft Sync Center      Microsoft Corporation      c:\windows\system32\synccenter.dll
+ Sync Center Conflict Properties Extension      Microsoft Sync Center      Microsoft Corporation      c:\windows\system32\synccenter.dll
+ Sync Center Device Notification Sink      Microsoft Sync Center      Microsoft Corporation      c:\windows\system32\synccenter.dll
+ Sync Center Event Properties Extension      Microsoft Sync Center      Microsoft Corporation      c:\windows\system32\synccenter.dll
+ Sync Center Folder      Microsoft Sync Center      Microsoft Corporation      c:\windows\system32\synccenter.dll
+ Sync Center Handler Properties Extension      Microsoft Sync Center      Microsoft Corporation      c:\windows\system32\synccenter.dll
+ Sync Center Item Properties Extension      Microsoft Sync Center      Microsoft Corporation      c:\windows\system32\synccenter.dll
+ Sync Center Simple Conflict Presenter      Microsoft Sync Center      Microsoft Corporation      c:\windows\system32\synccenter.dll
+ Sync Results Delegate Folder      Microsoft Sync Center      Microsoft Corporation      c:\windows\system32\synccenter.dll
+ Sync Results Folder      Microsoft Sync Center      Microsoft Corporation      c:\windows\system32\synccenter.dll
+ Sync Setup Delegate Folder      Microsoft Sync Center      Microsoft Corporation      c:\windows\system32\synccenter.dll
+ Sync Setup Folder      Microsoft Sync Center      Microsoft Corporation      c:\windows\system32\synccenter.dll
+ System      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Tablet PC Input Panel      Microsoft Tablet Input Band      Microsoft Corporation      c:\program files\common files\microsoft shared\ink\tipband.dll
+ Taskbar and Start Menu      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
+ Temporary Internet Files      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ Temporary Internet Files      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ The Internet      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
+ TMD Shell Extension      Tmdshell Dynamic Link Library      Trend Micro Inc.      c:\program files\trend micro\internet security\tmdshell.dll
+ Touch Band      Microsoft Tablet PC Touch Input Component      Microsoft Corporation      c:\windows\system32\touchx.dll
+ Tree property value folder      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
+ User Accounts      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ User Accounts      Advanced User Accounts Control Panel      Microsoft Corporation      c:\windows\system32\netplwiz.exe
+ User Assist      Shell Browser UI Library      Microsoft Corporation      c:\windows\system32\browseui.dll
+ users files delegate folder      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ VBPropSheet      VBProp Dynamic Link Library      Trend Micro Inc.      c:\program files\trend micro\internet security\vbprop.dll
+ Video Media Properties Handler      Media Metadata Handler      Microsoft Corporation      c:\windows\system32\mediametadatahandler.dll
+ Video Thumbnail Extractor      Media Metadata Handler      Microsoft Corporation      c:\windows\system32\mediametadatahandler.dll
+ View Available Networks      View Available Networks      Microsoft Corporation      c:\windows\system32\van.dll
+ Web Printer Shell Extension      Printer Settings User Interface      Microsoft Corporation      c:\windows\system32\printui.dll
+ Web Publishing Wizard      Windows Shell Web Services      Microsoft Corporation      c:\windows\system32\shwebsvc.dll
+ WebCheck      Web Site Monitor      Microsoft Corporation      c:\windows\system32\webcheck.dll
+ WebCheck SyncMgr Handler      Web Site Monitor      Microsoft Corporation      c:\windows\system32\webcheck.dll
+ WebCheckWebCrawler      Web Site Monitor      Microsoft Corporation      c:\windows\system32\webcheck.dll
+ Welcome Center      Welcome Center      Microsoft Corporation      c:\windows\system32\oobefldr.dll
+ Window Switcher      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Window TXT Preview Handler      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
+ Windows Contact Preview Handler      Microsoft (R) Contacts DLL      Microsoft Corporation      c:\program files\common files\system\wab32.dll
+ Windows Defender      Windows Defender User Interface      Microsoft Corporation      c:\program files\windows defender\msascui.exe
+ Windows Defender IOfficeAntiVirus implementation      IOfficeAntiVirus Module      Microsoft Corporation      c:\program files\windows defender\mpoav.dll
+ Windows Features      Windows Features      Microsoft Corporation      c:\windows\system32\optionalfeatures.exe
+ Windows Firewall      Windows Firewall Control Panel      Microsoft Corporation      c:\windows\system32\firewallcontrolpanel.exe
+ Windows gadget DropTarget      Sidebar droptarget      Microsoft Corporation      c:\program files\windows sidebar\sbdrop.dll
+ Windows Media Player      Windows Media Player Deskband      Microsoft Corporation      c:\program files\windows media player\wmpband.dll
+ Windows Media Player Add to Playlist Context Menu Handler      Windows Media Player Launcher      Microsoft Corporation      c:\windows\system32\wmpshell.dll
+ Windows Media Player Burn Audio CD Context Menu Handler      Windows Media Player Launcher      Microsoft Corporation      c:\windows\system32\wmpshell.dll
+ Windows Media Player Play as Playlist Context Menu Handler      Windows Media Player Launcher      Microsoft Corporation      c:\windows\system32\wmpshell.dll
+ Windows Media Player Play as Playlist Context Menu Handler      Windows Media Player Launcher      Microsoft Corporation      c:\windows\system32\wmpshell.dll
+ Windows Media Player Shop Music Context Menu Handler      Windows Media Player Launcher      Microsoft Corporation      c:\windows\system32\wmpshell.dll
+ Windows Photo Gallery Viewer Image Verbs      Windows Photo Gallery      Microsoft Corporation      c:\program files\windows photo gallery\photoviewer.dll
+ Windows Photo Gallery Viewer Video Verbs      Windows Photo Gallery      Microsoft Corporation      c:\program files\windows photo gallery\photoviewer.dll
+ Windows Sidebar Properties      Windows Sidebar      Microsoft Corporation      c:\program files\windows sidebar\sidebar.exe
+ Windows SideShow      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Windows Ultimate Extras      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ Windows Update      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
+ WinRAR shell extension                  c:\program files\winrar\rarext.dll
+ WPL property store      Shell Doc Object and Control Library      Microsoft Corporation      c:\windows\system32\shdocvw.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects                  
+ Google Toolbar Notifier BHO      GoogleToolbarNotifier      Google Inc.      c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
+ Java(tm) Plug-In 2 SSV Helper      Java(TM) Platform SE binary      Sun Microsystems, Inc.      c:\program files\java\jre6\bin\jp2ssv.dll
+ Java(tm) Plug-In SSV Helper      Java(TM) Platform SE binary      Sun Microsystems, Inc.      c:\program files\java\jre6\bin\ssv.dll
+ Skype add-on (mastermind)      Skype add-on for IE      Skype Technologies S.A.      c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
+ TSToolbarBHO      Trend Micro TrendSecure      Trend Micro Inc.      c:\program files\trend micro\trendsecure\tisprotoolbar\tstoolbar.dll
+ TSToolbarBHO                  File not found: C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
+ {5BE92300-3F82-4DE0-8813-86017B4228C6}                  c:\windows\system32\gebyaqpm.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks                  
+ Microsoft Url Search Hook      Internet Explorer      Microsoft Corporation      c:\windows\system32\ieframe.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar                  
+ TransactionProtector                  File not found: C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
+ Trend Micro Toolbar      Trend Micro TrendSecure      Trend Micro Inc.      c:\program files\trend micro\trendsecure\tisprotoolbar\tstoolbar.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions                  
+ Uninstall BitDefender Online Scanner v8                  c:\windows\bdoscandel.exe
Task Scheduler                  
+ \Ad-Aware Update (Daily)                  File not found: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
+ \Apple\AppleSoftwareUpdate      Apple Software Update      Apple Inc.      c:\program files\apple software update\softwareupdate.exe
+ \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)      Windows Rights Management client      Microsoft Corporation      c:\windows\system32\msdrm.dll
+ \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)      Windows Rights Management client      Microsoft Corporation      c:\windows\system32\msdrm.dll
+ \Microsoft\Windows\Bluetooth\UninstallDeviceTask      Bluetooth Uninstall Device Task      Microsoft Corporation      c:\windows\system32\bthudtask.exe
+ \Microsoft\Windows\CertificateServicesClient\SystemTask      DIMS Job DLL      Microsoft Corporation      c:\windows\system32\dimsjob.dll
+ \Microsoft\Windows\CertificateServicesClient\UserTask      DIMS Job DLL      Microsoft Corporation      c:\windows\system32\dimsjob.dll
+ \Microsoft\Windows\CertificateServicesClient\UserTask-Roam      DIMS Job DLL      Microsoft Corporation      c:\windows\system32\dimsjob.dll
+ \Microsoft\Windows\Customer Experience Improvement Program\Consolidator      Windows SQM Consolidator      Microsoft Corporation      c:\windows\system32\wsqmcons.exe
+ \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification      Windows SQM Consolidator      Microsoft Corporation      c:\windows\system32\wsqmcons.exe
+ \Microsoft\Windows\Defrag\ManualDefrag      Disk Defragmenter Module      Microsoft Corp.      c:\windows\system32\defrag.exe
+ \Microsoft\Windows\Defrag\ScheduledDefrag      Disk Defragmenter Module      Microsoft Corp.      c:\windows\system32\defrag.exe
+ \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver      Windows Disk Diagnostic User Resolver      Microsoft Corporation      c:\windows\system32\dfdwiz.exe
+ \Microsoft\Windows\Media Center\ehDRMInit      Digital Cable device registration application.      Microsoft Corporation      c:\windows\ehome\ehprivjob.exe
+ \Microsoft\Windows\Media Center\mcupdate      Windows Media Center Store Update Manager      Microsoft Corporation      c:\windows\ehome\mcupdate.exe
+ \Microsoft\Windows\Media Center\OCURActivate      Digital Cable device registration application.      Microsoft Corporation      c:\windows\ehome\ehprivjob.exe
+ \Microsoft\Windows\Media Center\OCURDiscovery      Digital Cable device registration application.      Microsoft Corporation      c:\windows\ehome\ehprivjob.exe
+ \Microsoft\Windows\Media Center\UpdateRecordPath      Digital Cable device registration application.      Microsoft Corporation      c:\windows\ehome\ehprivjob.exe
+ \Microsoft\Windows\MobilePC\HotStart      Microsoft Windows HotStart User Agent      Microsoft Corporation      c:\windows\system32\hotstartuseragent.dll
+ \Microsoft\Windows\MobilePC\TMM      Microsoft Transient Multi-Monitor Manager      Microsoft Corporation      c:\windows\system32\tmm.dll
+ \Microsoft\Windows\MUI\LPRemove      MUI Language pack cleanup      Microsoft Corporation      c:\windows\system32\lpremove.exe
+ \Microsoft\Windows\MUI\Mcbuilder      Resource cache builder tool      Microsoft Corporation      c:\windows\system32\mcbuilder.exe
+ \Microsoft\Windows\Multimedia\SystemSoundsService      PlaySound Service      Microsoft Corporation      c:\windows\system32\playsndsrv.dll
+ \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI      Quarantine Agent Proxy      Microsoft Corporation      c:\windows\system32\qagent.dll
+ \Microsoft\Windows\PLA\System\ConvertLogEntries      Performance Logs & Alerts      Microsoft Corporation      c:\windows\system32\pla.dll
+ \Microsoft\Windows\RAC\RACAgent      Reliability analysis metrics calculation executable      Microsoft Corporation      c:\windows\system32\racagent.exe
+ \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask      Windows Remote Assistance COM Server      Microsoft Corporation      c:\windows\system32\raserver.exe
+ \Microsoft\Windows\Shell\CrawlStartPages      Indexing Options      Microsoft Corporation      c:\windows\system32\srchadmin.dll
+ \Microsoft\Windows\SideShow\AutoWake      Microsoft Windows SideShow services      Microsoft Corporation      c:\windows\system32\auxiliarydisplayservices.dll
+ \Microsoft\Windows\SideShow\GadgetManager      Microsoft Windows SideShow services      Microsoft Corporation      c:\windows\system32\auxiliarydisplayservices.dll
+ \Microsoft\Windows\SideShow\SessionAgent      Microsoft Windows SideShow services      Microsoft Corporation      c:\windows\system32\auxiliarydisplayservices.dll
+ \Microsoft\Windows\SideShow\SystemDataProviders      Microsoft Windows SideShow services      Microsoft Corporation      c:\windows\system32\auxiliarydisplayservices.dll
+ \Microsoft\Windows\SystemRestore\SR      Microsoft® Windows System Protection Configuration Library      Microsoft Corporation      c:\windows\system32\srrstr.dll
+ \Microsoft\Windows\Tcpip\IpAddressConflict1      Network Diagnostic Framework Client API      Microsoft Corporation      c:\windows\system32\ndfapi.dll
+ \Microsoft\Windows\Tcpip\IpAddressConflict2      Network Diagnostic Framework Client API      Microsoft Corporation      c:\windows\system32\ndfapi.dll
+ \Microsoft\Windows\TextServicesFramework\MsCtfMonitor      MsCtfMonitor DLL      Microsoft Corporation      c:\windows\system32\msctfmonitor.dll
+ \Microsoft\Windows\UPnP\UPnPHostConfig      A tool to aid in developing services for WindowsNT      Microsoft Corporation      c:\windows\system32\sc.exe
+ \Microsoft\Windows\WDI\ResolutionHost      Windows Diagnostic Infrastructure      Microsoft Corporation      c:\windows\system32\wdi.dll
+ \Microsoft\Windows\Windows Error Reporting\QueueReporting      Windows Problem Reporting      Microsoft Corporation      c:\windows\system32\wermgr.exe
+ \Microsoft\Windows\Wired\GatherWiredInfo                  c:\windows\system32\gatherwiredinfo.vbs
+ \Microsoft\Windows\Wireless\GatherWirelessInfo                  c:\windows\system32\gatherwirelessinfo.vbs
+ \RtlVistaStart                  File not found: C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
+ \User_Feed_Synchronization-{7F9F310D-0426-4678-97CC-49EB98D954A0}      Microsoft Feeds Synchronization      Microsoft Corporation      c:\windows\system32\msfeedssync.exe
+ \{9B144388-B252-441F-9357-074DB86B4194}      Program Compatibility Assistant      Microsoft Corporation      c:\windows\system32\pcalua.exe
+ \{CA75283D-473D-4550-8B6A-D4CB304F497E}      Program Compatibility Assistant      Microsoft Corporation      c:\windows\system32\pcalua.exe
HKLM\System\CurrentControlSet\Services                  
+ AEADIFilters      Andrea filters APO access service (32-bit)      Andrea Electronics Corporation      c:\windows\system32\aeadisrv.exe
+ AeLookupSvc      Processes application compatibility cache requests for applications as they are launched      Microsoft Corporation      c:\windows\system32\aelupsvc.dll
+ Apple Mobile Device      Provides the interface to Apple mobile devices.      Apple Inc.      c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
+ Ati External Event Utility      ATI External Event Utility EXE Module      ATI Technologies Inc.      c:\windows\system32\ati2evxx.exe
+ AudioEndpointBuilder      Manages audio devices for the Windows Audio service.  If this service is stopped, audio devices and effects will not function properly.  If this service is disabled, any services that explicitly depend on it will fail to start      Microsoft Corporation      c:\windows\system32\audiosrv.dll
+ Audiosrv      Manages audio for Windows-based programs.  If this service is stopped, audio devices and effects will not function properly.  If this service is disabled, any services that explicitly depend on it will fail to start      Microsoft Corporation      c:\windows\system32\audiosrv.dll
+ BFE      The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.      Microsoft Corporation      c:\windows\system32\bfe.dll
+ BITS      Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information.      Microsoft Corporation      c:\windows\system32\qmgr.dll
+ Bonjour Service      Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network.  Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour, any network service that explicitly depends on it will fail to start.      Apple Inc.      c:\program files\bonjour\mdnsresponder.exe
+ Browser      Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.      Microsoft Corporation      c:\windows\system32\browser.dll
+ CryptSvc      Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.      Microsoft Corporation      c:\windows\system32\cryptsvc.dll
+ CscService      The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state.      Microsoft Corporation      c:\windows\system32\cscsvc.dll
+ DcomLaunch      Provides launch functionality for DCOM services.      Microsoft Corporation      c:\windows\system32\rpcss.dll
+ Dhcp      Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.      Microsoft Corporation      c:\windows\system32\dhcpcsvc.dll
+ Dnscache      The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.      Microsoft Corporation      c:\windows\system32\dnsrslvr.dll
+ DPS      The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components.  If this service is stopped, diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.      Microsoft Corporation      c:\windows\system32\dps.dll
+ ehstart      Starts Windows Media Center Scheduler and Windows Media Center Receiver services at startup if TV is enabled within Windows Media Center.      Microsoft Corporation      c:\windows\ehome\ehstart.dll
+ EMDMgmt      Provides support for improving system performance using ReadyBoost.      Microsoft Corporation      c:\windows\system32\emdmgmt.dll
+ Eventlog      This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.      Microsoft Corporation      c:\windows\system32\wevtsvc.dll
+ EventSystem      Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.      Microsoft Corporation      c:\windows\system32\es.dll
+ FDResPub      Publishes this computer and resources attached to this computer so they can be discovered over the network.  If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network.      Microsoft Corporation      c:\windows\system32\fdrespub.dll
+ gpsvc      The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is stopped or disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is stopped or disabled.      Microsoft Corporation      c:\windows\system32\gpsvc.dll
+ gusvc      gusvc      Google      c:\program files\google\common\google updater\googleupdaterservice.exe
+ hidserv      Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.      Microsoft Corporation      c:\windows\system32\hidserv.dll
+ IKEEXT      The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running.      Microsoft Corporation      c:\windows\system32\ikeext.dll
+ iPAHelper.exe      iPod Access Helper Module            c:\program files\ipod access for windows\ipahelper.exe
+ IPBusEnum      The PnP-X bus enumerator service manages the virtual network bus. It discovers network connected devices using the SSDP/WS discovery protocols and gives them presence in PnP. If this service is stopped or disabled, presence of NCD devices will not be maintained in PnP. All pnpx based scenarios will stop functioning.      Microsoft Corporation      c:\windows\system32\ipbusenum.dll
+ iphlpsvc      Provides automatic IPv6 connectivity over an IPv4 network.  If this service is stopped, the machine will only have IPv6 connectivity if it is connected to a native IPv6 network.      Microsoft Corporation      c:\windows\system32\iphlpsvc.dll
+ KtmRm      Coordinates transactions between MSDTC and the Kernel Transaction Manager (KTM).      Microsoft Corporation      c:\windows\system32\msdtckrm.dll
+ LanmanServer      Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.      Microsoft Corporation      c:\windows\system32\srvsvc.dll
+ LanmanWorkstation      Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.      Microsoft Corporation      c:\windows\system32\wkssvc.dll
+ LightScribeService      Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work.      Hewlett-Packard Company      c:\program files\common files\lightscribe\lssrvc.exe
+ lmhosts      Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.      Microsoft Corporation      c:\windows\system32\lmhsvc.dll
+ LVCOMSer      Logitech Video COM Service      Logicool Co., Ltd      c:\program files\common files\logishrd\lvcomser\lvcomser.exe
+ LVPrcSrv      Injector service      Logicool Co., Ltd      c:\program files\common files\logishrd\lvmvfm\lvprcsrv.exe
+ Mcx2Svc      Allows Windows Media Center Extender devices to locate and connect to the computer.      Microsoft Corporation      c:\windows\system32\mcx2svc.dll
+ MMCSS      Enables relative prioritization of work based on system-wide task priorities. This is intended mainly for multimedia applications.  If this service is stopped, individual tasks resort to their default priority.      Microsoft Corporation      c:\windows\system32\mmcss.dll
+ MpsSvc      Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.      Microsoft Corporation      c:\windows\system32\mpssvc.dll
+ MSSQL$MYMOVIES      Provides storage, processing and controlled access of data and rapid transaction processing.      Microsoft Corporation      c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe
+ Nero BackItUp Scheduler 4.0      Nero BackItUp Scheduler 4.0 is responsible to control all jobs created using Nero BackItUp. These jobs can create backups of selected files/folders/partitions or complete hard disk to hard disk, network drive, disc or FTP.      Nero AG      c:\program files\common files\nero\nero backitup 4\nbservice.exe
+ netprofm      Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change.      Microsoft Corporation      c:\windows\system32\netprofm.dll
+ NlaSvc      Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.      Microsoft Corporation      c:\windows\system32\nlasvc.dll
+ NoIPDUCService      No-IP.com DUC      Vitalwerks LLC      c:\program files\no-ip\duc20.exe
+ nsi      This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start.      Microsoft Corporation      c:\windows\system32\nsisvc.dll
+ PcaSvc      Provides support for the Program Compatibility Assistant. If this service is stopped, the Program Compatibility Assistant will not function properly. If this service is disabled, any services that depend on it will fail to start.      Microsoft Corporation      c:\windows\system32\pcasvc.dll
+ PlugPlay      Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.      Microsoft Corporation      c:\windows\system32\umpnpmgr.dll
+ PolicyAgent      Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection.  This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool "netsh ipsec".  If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec.  Also,remote management of Windows Firewall is not available when this service is stopped.      Microsoft Corporation      c:\windows\system32\ipsecsvc.dll
+ ProfSvc      This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully logon or logoff, applications may have problems getting to users' data, and components registered to receive profile event notifications will not receive them.      Microsoft Corporation      c:\windows\system32\profsvc.dll
+ ProtexisLicensing      Protexis Licensing Service            c:\windows\system32\psiservice.exe
+ RoxLiveShare10      Allows remote users to view through WEB browsers your authorized multimedia content managed by Roxio Media Manager9.            File not found: C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
+ RpcSs      Serves as the endpoint mapper and COM Service Control Manager. If this service is stopped or disabled, programs using COM or Remote Procedure Call (RPC) services will not function properly.      Microsoft Corporation      c:\windows\system32\rpcss.dll
+ SamSs      The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests.  Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.      Microsoft Corporation      c:\windows\system32\lsass.exe
+ Schedule      Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.      Microsoft Corporation      c:\windows\system32\schedsvc.dll
+ seclogon      Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.      Microsoft Corporation      c:\windows\system32\seclogon.dll
+ Security Activity Dashboard Service      Security Activity Dashboard Service Description      Trend Micro Inc.      c:\program files\trend micro\trendsecure\securityactivitydashboard\tmarsvc.exe
+ SENS      Monitors system events and notifies subscribers to COM+ Event System of these events.      Microsoft Corporation      c:\windows\system32\sens.dll
+ SessionLauncher      Sonic            File not found: C:\Users\Vista\AppData\Local\Temp\DX9\SessionLauncher.exe
+ SfCtlCom      Manages all components of Trend Micro Internet Security.      Trend Micro Inc.      c:\program files\trend micro\internet security\sfctlcom.exe
+ SharedAccess      Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.      Microsoft Corporation      c:\windows\system32\ipnathlp.dll
+ ShellHWDetection      Provides notifications for AutoPlay hardware events.      Microsoft Corporation      c:\windows\system32\shsvcs.dll
+ SlingAgentService      Enables Clip + Sling functionality for SlingPlayer(v0.9.0.136)      Sling Media Inc.      c:\program files\sling media\slingagent\slingagentservice.exe
+ slsvc      Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a reduced function mode.      Microsoft Corporation      c:\windows\system32\slsvc.exe
+ Spooler      Loads files to memory for later printing      Microsoft Corporation      c:\windows\system32\spoolsv.exe
+ SQLBrowser      Provides SQL Server connection information to client computers.      Microsoft Corporation      c:\program files\microsoft sql server\90\shared\sqlbrowser.exe
+ SQLWriter      Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure.      Microsoft Corporation      c:\program files\microsoft sql server\90\shared\sqlwriter.exe
+ STacSV      Manages audio jack configurations.      IDT, Inc.      c:\windows\system32\stacsv.exe
+ stisvc      Provides image acquisition services for scanners and cameras      Microsoft Corporation      c:\windows\system32\wiaservc.dll
+ SysMain      Maintains and improves system performance over time.      Microsoft Corporation      c:\windows\system32\sysmain.dll
+ TabletInputService      Enables Tablet PC pen and ink functionality      Microsoft Corporation      c:\windows\system32\tabsvc.dll
+ TBS      Enables access to the Trusted Platform Module (TPM), which provides hardware-based cryptographic services to system components and applications.  If this service is stopped or disabled, applications will be unable to use keys protected by the TPM.      Microsoft Corporation      c:\windows\system32\tbssvc.dll
+ TermService      Allows users to connect interactively to a remote computer. Remote Desktop and Terminal Server depend on this service.  To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item.      Microsoft Corporation      c:\windows\system32\termsrv.dll
+ Themes      Provides user experience theme management.      Microsoft Corporation      c:\windows\system32\shsvcs.dll
+ TMBMServer      Manages the Trend Micro unauthorized change prevention feature      Trend Micro Inc.      c:\program files\trend micro\bm\tmbmsrv.exe
+ TmPfw      Manages the Trend Micro Personal Firewall.      Trend Micro Inc.      c:\program files\trend micro\internet security\tmpfw.exe
+ TmProxy      Manages the Trend Micro Proxy.      Trend Micro Inc.      c:\program files\trend micro\internet security\tmproxy.exe
+ Transcode360      Provides transcoding and streaming services.            c:\program files\transcode360\transcode360.exe
+ TrkWks      Maintains links between NTFS files within a computer or across computers in a network.      Microsoft Corporation      c:\windows\system32\trkwks.dll
+ UxSms      Provides Desktop Window Manager startup and maintenance services      Microsoft Corporation      c:\windows\system32\uxsms.dll
+ W32Time      Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.      Microsoft Corporation      c:\windows\system32\w32time.dll
+ WebClient      Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.      Microsoft Corporation      c:\windows\system32\webclnt.dll
+ WerSvc      Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed.      Microsoft Corporation      c:\windows\system32\wersvc.dll
+ WinDefend      Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions.      Microsoft Corporation      c:\program files\windows defender\mpsvc.dll
+ Winmgmt      Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.      Microsoft Corporation      c:\windows\system32\wbem\wmisvc.dll
+ Wlansvc      This service enumerates WLAN adapters, manages WLAN connections and profiles.      Microsoft Corporation      c:\windows\system32\wlansvc.dll
+ WPDBusEnum      Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices.      Microsoft Corporation      c:\windows\system32\wpdbusenum.dll
+ wscsvc      Monitors system security settings and configurations.      Microsoft Corporation      c:\windows\system32\wscsvc.dll
+ WSearch      Provides content indexing and property caching for file, email and other content (via extensibility APIs).  The service responds to file and email notifications to index modified content.  If the service is stopped or disabled, the Explorer will not be able to display virtual folder views of items, and search in the Explorer will fall back to item-by-item slow search.      Microsoft Corporation      c:\windows\system32\searchindexer.exe
+ wuauserv      Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.      Microsoft Corporation      c:\windows\system32\wuaueng.dll
+ wudfsvc      Manages user-mode driver host processes      Microsoft Corporation      c:\windows\system32\wudfsvc.dll
HKLM\System\CurrentControlSet\Services                  
+ a91xa9o2      ATAPI IDE Miniport Driver      Microsoft Corporation      c:\windows\system32\drivers\a91xa9o2.sys
+ ACPI      ACPI Driver for NT      Microsoft Corporation      c:\windows\system32\drivers\acpi.sys
+ ADIHdAudAddService      High Definition Audio Function Driver      Analog Devices, Inc.      c:\windows\system32\drivers\adihdaud.sys
+ AFD      Ancilliary Function Driver for Winsock      Microsoft Corporation      c:\windows\system32\drivers\afd.sys
+ agp440      440 NT AGP Filter      Microsoft Corporation      c:\windows\system32\drivers\agp440.sys
+ amdagp      AMD NT AGP Filter      Microsoft Corporation      c:\windows\system32\drivers\amdagp.sys
+ AsyncMac      RAS Asynchronous Media Driver      Microsoft Corporation      c:\windows\system32\drivers\asyncmac.sys
+ atapi      ATAPI IDE Miniport Driver      Microsoft Corporation      c:\windows\system32\drivers\atapi.sys
+ atikmdag      ATI Radeon Kernel Mode Driver      ATI Technologies Inc.      c:\windows\system32\drivers\atikmdag.sys
+ Beep      BEEP Driver      Microsoft Corporation      c:\windows\system32\drivers\beep.sys
+ bowser      Implements the datagram receiver for the computer browser browser service.      Microsoft Corporation      c:\windows\system32\drivers\bowser.sys
+ BrFiltLo      Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver      Brother Industries, Ltd.      c:\windows\system32\drivers\brfiltlo.sys
+ BrFiltUp      Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver      Brother Industries, Ltd.      c:\windows\system32\drivers\brfiltup.sys
+ BrUsbSer      Brother USB Serial Driver      Brother Industries Ltd.      c:\windows\system32\drivers\brusbser.sys
+ BUFADPT      BUFFALO Wireless Network Adapter Manager      BUFFALO INC.      c:\windows\system32\bufadpt.sys
+ c2scsi      Roxio virtual SCSI miniport      Sonic Solutions      c:\windows\system32\drivers\c2scsi.sys
+ catchme                  File not found: C:\ComboFix\catchme.sys
+ cdrom      SCSI CD-ROM Driver      Microsoft Corporation      c:\windows\system32\drivers\cdrom.sys
+ CLFS      Common Log (CLFS)      Microsoft Corporation      c:\windows\system32\clfs.sys
+ crcdisk      Disk Block Verification Filter Driver      Microsoft Corporation      c:\windows\system32\drivers\crcdisk.sys
+ CSC      Allows network files to be used while the local computer is offline.      Microsoft Corporation      c:\windows\system32\drivers\csc.sys
+ DfsC      Client driver for access to DFS Namespaces      Microsoft Corporation      c:\windows\system32\drivers\dfsc.sys
+ disk      PnP Disk Driver      Microsoft Corporation      c:\windows\system32\drivers\disk.sys
+ drmkaud      Microsoft Kernel DRM Audio Descrambler Filter      Microsoft Corporation      c:\windows\system32\drivers\drmkaud.sys
+ DXGKrnl      Controls the underlying video driver stacks to provide fully-featured display capabilities.      Microsoft Corporation      c:\windows\system32\drivers\dxgkrnl.sys
+ E1G60      Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver      Intel Corporation      c:\windows\system32\drivers\e1g60i32.sys
+ Ecache      ReadyBoost Caching Driver      Microsoft Corporation      c:\windows\system32\drivers\ecache.sys
+ exfat      exFAT File System Driver      Microsoft Corporation      c:\windows\system32\drivers\exfat.sys
+ fastfat      Note - dependance on CDROM.SYS only if required to read/write DVD-RAM media (which appears as CD class device). (Core) (All pieces)      Microsoft Corporation      c:\windows\system32\drivers\fastfat.sys
+ fdc      Floppy Disk Controller Driver      Microsoft Corporation      c:\windows\system32\drivers\fdc.sys
+ FileInfo      Collects information about files in memory to be consumed by other system services.      Microsoft Corporation      c:\windows\system32\drivers\fileinfo.sys
+ Filetrace      ETW File Trace Filter      Microsoft Corporation      c:\windows\system32\drivers\filetrace.sys
+ flpydisk      Floppy Driver      Microsoft Corporation      c:\windows\system32\drivers\flpydisk.sys
+ FltMgr      File System Filter Manager Driver      Microsoft Corporation      c:\windows\system32\drivers\fltmgr.sys
+ fvevol      Bitlocker Drive Encryption Filter Driver      Microsoft Corporation      c:\windows\system32\drivers\fvevol.sys
+ gagp30kx      MS Generic AGPv3.0 Filter for K8/9 Processor Platforms      Microsoft Corporation      c:\windows\system32\drivers\gagp30kx.sys
+ GEARAspiWDM      CD DVD Filter      GEAR Software Inc.      c:\windows\system32\drivers\gearaspiwdm.sys
+ HabuFltr      Diamondback USB Optical Mouse Driver      Razer (Asia-Pacific) Pte Ltd      c:\windows\system32\drivers\habu.sys
+ HdAudAddService      High Definition Audio Function Driver      Microsoft Corporation      c:\windows\system32\drivers\hdaudio.sys
+ HDAudBus      High Definition Audio Bus Driver      Microsoft Corporation      c:\windows\system32\drivers\hdaudbus.sys
+ HidUsb      USB Miniport Driver for Input Devices      Microsoft Corporation      c:\windows\system32\drivers\hidusb.sys
+ HTTP      This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.      Microsoft Corporation      c:\windows\system32\drivers\http.sys
+ i8042prt      i8042 Port Driver      Microsoft Corporation      c:\windows\system32\drivers\i8042prt.sys
+ intelppm      Processor Device Driver      Microsoft Corporation      c:\windows\system32\drivers\intelppm.sys
+ IpFilterDriver      IP Traffic Filter Driver      Microsoft Corporation      c:\windows\system32\drivers\ipfltdrv.sys
+ IpInIp      IP in IP Tunnel Driver            File not found: system32\DRIVERS\ipinip.sys
+ IPNAT      IP Network Address Translator      Microsoft Corporation      c:\windows\system32\drivers\ipnat.sys
+ IRENUM      IR Bus Enumerator      Microsoft Corporation      c:\windows\system32\drivers\irenum.sys
+ iScsiPrt      Microsoft iSCSI Initiator Driver      Microsoft Corporation      c:\windows\system32\drivers\msiscsi.sys
+ JGOGO      SCSI Port upper filter driver      JMicron       c:\windows\system32\drivers\jgogo.sys
+ JRAID      JMicron JMB36X RAID Driver      JMicron Technology Corp.      c:\windows\system32\drivers\jraid.sys
+ kbdclass      Keyboard Class Driver      Microsoft Corporation      c:\windows\system32\drivers\kbdclass.sys
+ kbdhid      HID Keyboard Filter Driver      Microsoft Corporation      c:\windows\system32\drivers\kbdhid.sys
+ KSecDD      Kernel Security Support Provider Interface      Microsoft Corporation      c:\windows\system32\drivers\ksecdd.sys
+ lltdio      Link-Layer Topology Mapper I/O Driver      Microsoft Corporation      c:\windows\system32\drivers\lltdio.sys
+ luafv      Virtualizes file write failures to per-user locations.      Microsoft Corporation      c:\windows\system32\drivers\luafv.sys
+ lvpopflt      Logitech AudioProcessing Filter Driver      Logitech Inc.      c:\windows\system32\drivers\lvpopflt.sys
+ LVPr2Mon      Logitech ProcMon Driver      Logicool Co., Ltd      c:\windows\system32\drivers\lvpr2mon.sys
+ LVRS      Logitech Kernel Audio Improvement Filter Driver      Logitech Inc.      c:\windows\system32\drivers\lvrs.sys
+ LVUSBSta      USB Statistic Driver      Logitech Inc.      c:\windows\system32\drivers\lvusbsta.sys
+ LVUVC      Logitech USB Video Class Driver      Logitech Inc.      c:\windows\system32\drivers\lvuvc.sys
+ Modem      Modem Device Driver      Microsoft Corporation      c:\windows\system32\drivers\modem.sys
+ monitor      Monitor Driver      Microsoft Corporation      c:\windows\system32\drivers\monitor.sys
+ mouclass      Mouse Class Driver      Microsoft Corporation      c:\windows\system32\drivers\mouclass.sys
+ mouhid      HID Mouse Filter Driver      Microsoft Corporation      c:\windows\system32\drivers\mouhid.sys
+ MountMgr      Driver responsible with maintaining persistent drive letters and names for volumes      Microsoft Corporation      c:\windows\system32\drivers\mountmgr.sys
+ mpsdrv      Windows Firewall Authorization Driver is a kernel mode driver that provides deep inspection services on inbound and outbound network traffic.      Microsoft Corporation      c:\windows\system32\drivers\mpsdrv.sys
+ MRxDAV      WebDav Client Redirector Driver      Microsoft Corporation      c:\windows\system32\drivers\mrxdav.sys
+ mrxsmb      Implements the framework for the SMB filesystem redirector      Microsoft Corporation      c:\windows\system32\drivers\mrxsmb.sys
+ mrxsmb10      Implements the SMB 1.x (CIFS) protocol. This protocol provides connectivity to network resources on pre-Windows Vista servers      Microsoft Corporation      c:\windows\system32\drivers\mrxsmb10.sys
+ mrxsmb20      Implements the SMB 2.0 protocol, which provides connectivity to network resources on Windows Vista and later servers      Microsoft Corporation      c:\windows\system32\drivers\mrxsmb20.sys
+ Msfs      Mailslot driver      Microsoft Corporation      c:\windows\system32\drivers\msfs.sys
+ msisadrv      ISA Driver      Microsoft Corporation      c:\windows\system32\drivers\msisadrv.sys
+ MSKSSRV      MS KS Server      Microsoft Corporation      c:\windows\system32\drivers\mskssrv.sys
+ MSPCLOCK      MS Proxy Clock      Microsoft Corporation      c:\windows\system32\drivers\mspclock.sys
+ MSPQM      MS Proxy Quality Manager      Microsoft Corporation      c:\windows\system32\drivers\mspqm.sys
+ MsRPC      Kernel Remote Procedure Call Provider      Microsoft Corporation      c:\windows\system32\drivers\msrpc.sys
+ mssmbios      System Management BIOS Driver      Microsoft Corporation      c:\windows\system32\drivers\mssmbios.sys
+ MSTEE      WDM Tee/Communication Transform Filter       Microsoft Corporation      c:\windows\system32\drivers\mstee.sys
+ MTsensor      ATK0110 ACPI Utility            c:\windows\system32\drivers\asacpi.sys
+ Mup      Multiple UNC Provider      Microsoft Corporation      c:\windows\system32\drivers\mup.sys
+ NativeWifiP      NativeWiFi Miniport Driver      Microsoft Corporation      c:\windows\system32\drivers\nwifi.sys
+ NDIS      NDIS System Driver      Microsoft Corporation      c:\windows\system32\drivers\ndis.sys
+ NdisTapi      Remote Access NDIS TAPI Driver      Microsoft Corporation      c:\windows\system32\drivers\ndistapi.sys
+ Ndisuio      NDIS User mode I/O driver      Microsoft Corporation      c:\windows\system32\drivers\ndisuio.sys
+ NdisWan      Remote Access NDIS WAN Driver      Microsoft Corporation      c:\windows\system32\drivers\ndiswan.sys
+ NDProxy      NDIS Proxy      Microsoft Corporation      c:\windows\system32\drivers\ndproxy.sys
+ NetBIOS      NetBIOS Interface      Microsoft Corporation      c:\windows\system32\drivers\netbios.sys
+ netbt      This service implements NetBios over TCP/IP.      Microsoft Corporation      c:\windows\system32\drivers\netbt.sys
+ nmwcd      Nokia USB Phone Bus Driver      Nokia      c:\windows\system32\drivers\ccdcmb.sys
+ nmwcdc      Nokia USB Phone Bus Driver      Nokia      c:\windows\system32\drivers\ccdcmbo.sys
+ Npfs      NPFS Driver      Microsoft Corporation      c:\windows\system32\drivers\npfs.sys
+ nsiproxy      NSI proxy service      Microsoft Corporation      c:\windows\system32\drivers\nsiproxy.sys
+ Ntfs      NT File System Driver      Microsoft Corporation      c:\windows\system32\drivers\ntfs.sys
+ Null      NULL Driver      Microsoft Corporation      c:\windows\system32\drivers\null.sys
+ nv_agp      NForce NT AGP Filter      Microsoft Corporation      c:\windows\system32\drivers\nv_agp.sys
+ NwlnkFlt      IPX Traffic Filter Driver            File not found: system32\DRIVERS\nwlnkflt.sys
+ NwlnkFwd      IPX Traffic Forwarder Driver            File not found: system32\DRIVERS\nwlnkfwd.sys
+ OemBiosDevice      Release Build v1.00      PARADOX      c:\windows\system32\drivers\royal.sys
+ ohci1394      1394 OpenHCI Port Driver      Microsoft Corporation      c:\windows\system32\drivers\ohci1394.sys
+ partmgr      Disk class filter driver that auctions out partitions to volume managers      Microsoft Corporation      c:\windows\system32\drivers\partmgr.sys
+ Parvdm      VDM Parallel Driver      Microsoft Corporation      c:\windows\system32\drivers\parvdm.sys
+ pccsmcfd      PCCS Mode Change Filter Driver      Nokia      c:\windows\system32\drivers\pccsmcfd.sys
+ pci      NT Plug and Play PCI Enumerator      Microsoft Corporation      c:\windows\system32\drivers\pci.sys
+ pciide      Generic PCI IDE Bus Driver      Microsoft Corporation      c:\windows\system32\drivers\pciide.sys
+ pcouffin      low level access layer for CD/DVD/BD devices      VSO Software      c:\windows\system32\drivers\pcouffin.sys
+ PEAUTH      Protected Environment Authentication and Authorization Export Driver      Microsoft Corporation      c:\windows\system32\drivers\peauth.sys
+ PptpMiniport      WAN Miniport (PPTP)      Microsoft Corporation      c:\windows\system32\drivers\raspptp.sys
+ PSched      QoS Packet Scheduler      Microsoft Corporation      c:\windows\system32\drivers\pacer.sys
+ Pxrmcet      MCETunes mini-filter driver      Proxure, Inc.      c:\windows\system32\drivers\pxrmcet.sys
+ QWAVEdrv      Quality Windows Audio/Video Experience component driver      Microsoft Corporation      c:\windows\system32\drivers\qwavedrv.sys
+ R300      ATI Radeon Kernel Mode Driver      ATI Technologies Inc.      c:\windows\system32\drivers\atikmdag.sys
+ RasAcd      Remote Access Auto Connection Driver      Microsoft Corporation      c:\windows\system32\drivers\rasacd.sys
+ Rasl2tp      WAN Miniport (L2TP)      Microsoft Corporation      c:\windows\system32\drivers\rasl2tp.sys
+ RasPppoe      Remote Access PPPOE Driver      Microsoft Corporation      c:\windows\system32\drivers\raspppoe.sys
+ RasSstp      WAN Miniport (SSTP)      Microsoft Corporation      c:\windows\system32\drivers\rassstp.sys
+ rdbss      Provides the framework for network mini-redirectors      Microsoft Corporation      c:\windows\system32\drivers\rdbss.sys
+ RDPCDD      RDPDD Chained DD      Microsoft Corporation      c:\windows\system32\drivers\rdpcdd.sys
+ rdpdr      Microsoft RDP Device redirector      Microsoft Corporation      c:\windows\system32\drivers\rdpdr.sys
+ RDPENCDD      RDP Encoder Mirror Driver      Microsoft Corporation      c:\windows\system32\drivers\rdpencdd.sys
+ RDPWD      RDP Terminal Stack Driver      Microsoft Corporation      c:\windows\system32\drivers\rdpwd.sys
+ rspndr      Link-Layer Topology Responder Driver for NDIS 6      Microsoft Corporation      c:\windows\system32\drivers\rspndr.sys
+ RTL8187      Realtek RTL8187 NDIS Driver      Realtek Semiconductor Corporation                                 c:\windows\system32\drivers\rtl8187.sys
+ RtlProt      Realtke RtlProt WLAN Utility Protocol Driver            File not found: system32\DRIVERS\rtlprot.sys
+ secdrv      Macrovision SECURITY Driver      Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.      c:\windows\system32\drivers\secdrv.sys
+ Serenum      Serial Port Enumerator      Microsoft Corporation      c:\windows\system32\drivers\serenum.sys
+ Serial      Serial Device Driver      Microsoft Corporation      c:\windows\system32\drivers\serial.sys
+ sffp_mmc      Small Form Factor MMC Protocol Driver      Microsoft Corporation      c:\windows\system32\drivers\sffp_mmc.sys
+ sffp_sd      Small Form Factor SD Protocol Driver      Microsoft Corporation      c:\windows\system32\drivers\sffp_sd.sys
+ sisagp      SIS NT AGP Filter      Microsoft Corporation      c:\windows\system32\drivers\sisagp.sys
+ SjyPkt                  File not found: C:\Windows\System32\Drivers\SjyPkt.sys
+ Smb      Microsoft NetbiosSmb Device Driver      Microsoft Corporation      c:\windows\system32\drivers\smb.sys
+ spldr      loader for security processor      Microsoft Corporation      c:\windows\system32\drivers\spldr.sys
+ sptd                  c:\windows\system32\drivers\sptd.sys
+ srv      Server driver      Microsoft Corporation      c:\windows\system32\drivers\srv.sys
+ srv2      Default SDDL for Windows Resource Protected file      Microsoft Corporation      c:\windows\system32\drivers\srv2.sys
+ srvnet      Server Network driver      Microsoft Corporation      c:\windows\system32\drivers\srvnet.sys
+ STHDA      NDRC      IDT, Inc.      c:\windows\system32\drivers\stwrt.sys
+ swenum      Plug and Play Software Device Enumerator      Microsoft Corporation      c:\windows\system32\drivers\swenum.sys
+ Tcpip      TCP/IP Protocol Driver      Microsoft Corporation      c:\windows\system32\drivers\tcpip.sys
+ Tcpip6      Microsoft IPv6 Protocol Driver      Microsoft Corporation      c:\windows\system32\drivers\tcpip.sys
+ tcpipreg      Provides compatibility for legacy applications which interact with TCP/IP through the registry. If this service is stopped, certain applications may have impaired functionality.      Microsoft Corporation      c:\windows\system32\drivers\tcpipreg.sys
+ TDPIPE      Named Pipe Transport Driver      Microsoft Corporation      c:\windows\system32\drivers\tdpipe.sys
+ TDTCP      TCP Transport Driver      Microsoft Corporation      c:\windows\system32\drivers\tdtcp.sys
+ tdx      NetIO Legacy TDI Support Driver      Microsoft Corporation      c:\windows\system32\drivers\tdx.sys
+ TermDD      Terminal Server Driver      Microsoft Corporation      c:\windows\system32\drivers\termdd.sys
+ tmactmon      Trend Micro Activity Monitor Driver      Trend Micro Inc.      c:\windows\system32\drivers\tmactmon.sys
+ tmcomm      Trend Micro Common Engine Driver      Trend Micro Inc.      c:\windows\system32\drivers\tmcomm.sys
+ tmevtmgr      Trend Micro Event Manager Driver      Trend Micro Inc.      c:\windows\system32\drivers\tmevtmgr.sys
+ tmlwf      Trend Micro NDIS 6.0 Filter Driver      Trend Micro Inc.      c:\windows\system32\drivers\tmlwf.sys
+ tmpreflt      Trend Filter Driver      Trend Micro Inc.      c:\windows\system32\drivers\tmpreflt.sys
+ tmtdi      Trend Micro TDI Driver (i386-fre)      Trend Micro Inc.      c:\windows\system32\drivers\tmtdi.sys
+ tmwfp      Trend Micro WFP Callout Driver      Trend Micro Inc.      c:\windows\system32\drivers\tmwfp.sys
+ tmxpflt      Trend Functionality Driver      Trend Micro Inc.      c:\windows\system32\drivers\tmxpflt.sys
+ tssecsrv      Terminal Services Security Filter Driver      Microsoft Corporation      c:\windows\system32\drivers\tssecsrv.sys
+ tunmp      Microsoft Tunnel Interface Driver      Microsoft Corporation      c:\windows\system32\drivers\tunmp.sys
+ tunnel      Microsoft Tunnel Interface Driver      Microsoft Corporation      c:\windows\system32\drivers\tunnel.sys
+ uagp35      MS AGPv3.5 Filter      Microsoft Corporation      c:\windows\system32\drivers\uagp35.sys
+ uliagpkx      ULi AGPv3.0 Filter for K8/9 Processor Platforms      Microsoft Corporation      c:\windows\system32\drivers\uliagpkx.sys
+ umbus      User-Mode Bus Enumerator      Microsoft Corporation      c:\windows\system32\drivers\umbus.sys
+ UMPass      Generic pass-through driver      Microsoft Corporation      c:\windows\system32\drivers\umpass.sys
+ upperdev      Filter Driver for the Toaster Stack      Windows (R) Codename Longhorn DDK provider      c:\windows\system32\drivers\usbser_lowerflt.sys
+ USBAAPL                  File not found: System32\Drivers\usbaapl.sys
+ usbaudio      USB Audio Class Driver      Microsoft Corporation      c:\windows\system32\drivers\usbaudio.sys
+ usbccgp      USB Common Class Generic Parent Driver      Microsoft Corporation      c:\windows\system32\drivers\usbccgp.sys
+ usbehci      EHCI eUSB Miniport Driver      Microsoft Corporation      c:\windows\system32\drivers\usbehci.sys
+ usbhub      Default Hub Driver for USB      Microsoft Corporation      c:\windows\system32\drivers\usbhub.sys
+ usbprint      USB Printer driver      Microsoft Corporation      c:\windows\system32\drivers\usbprint.sys
+ usbscan      USB Scanner Driver      Microsoft Corporation      c:\windows\system32\drivers\usbscan.sys
+ usbser      USB Modem Driver      Microsoft Corporation      c:\windows\system32\drivers\usbser.sys
+ UsbserFilt      Filter Driver for the Toaster Stack      Windows (R) Codename Longhorn DDK provider      c:\windows\system32\drivers\usbser_lowerfltj.sys
+ USBSTOR      USB Mass Storage Class Driver      Microsoft Corporation      c:\windows\system32\drivers\usbstor.sys
+ usbuhci      UHCI USB Miniport Driver      Microsoft Corporation      c:\windows\system32\drivers\usbuhci.sys
+ usbvideo      USB Video Class Driver      Microsoft Corporation      c:\windows\system32\drivers\usbvideo.sys
+ vga      VGA/Super VGA Video Driver      Microsoft Corporation      c:\windows\system32\drivers\vgapnp.sys
+ VgaSave      VGA/Super VGA Video Driver      Microsoft Corporation      c:\windows\system32\drivers\vga.sys
+ viaagp      VIA NT AGP Filter      Microsoft Corporation      c:\windows\system32\drivers\viaagp.sys
+ volmgr      Volume Manager Driver      Microsoft Corporation      c:\windows\system32\drivers\volmgr.sys
+ volmgrx      Extension of the volume manager driver that manages software RAID volumes (spanned, striped, mirrored, RAID-5) on dynamic disks      Microsoft Corporation      c:\windows\system32\drivers\volmgrx.sys
+ volsnap      Volume Shadow Copy Driver      Microsoft Corporation      c:\windows\system32\drivers\volsnap.sys
+ vsapint      Trend Virus ScanEngine      Trend Micro Inc.      c:\windows\system32\drivers\vsapint.sys
+ Wanarp      Remote Access IP ARP Driver      Microsoft Corporation      c:\windows\system32\drivers\wanarp.sys
+ Wanarpv6      Remote Access IPv6 ARP Driver      Microsoft Corporation      c:\windows\system32\drivers\wanarp.sys
+ Wdf01000      WDF Dynamic      Microsoft Corporation      c:\windows\system32\drivers\wdf01000.sys
+ WpdUsb      WPD USB Driver      Microsoft Corporation      c:\windows\system32\drivers\wpdusb.sys
+ WUDFRd      Windows Driver Foundation - User-mode Driver Framework Reflector      Microsoft Corporation      c:\windows\system32\drivers\wudfrd.sys
+ yukonwlh      Miniport Driver for Marvell Yukon Ethernet Controller.      Marvell      c:\windows\system32\drivers\yk60x86.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute                  
+ autocheck autochk *      Auto Check Utility      Microsoft Corporation      c:\windows\system32\autochk.exe
+ autocheck lsdelete                  File not found: lsdelete
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls                  
+ advapi32      Advanced Windows 32 Base API      Microsoft Corporation      c:\windows\system32\advapi32.dll
+ clbcatq      COM+ Configuration Catalog      Microsoft Corporation      c:\windows\system32\clbcatq.dll
+ COMDLG32      Common Dialogs DLL      Microsoft Corporation      c:\windows\system32\comdlg32.dll
+ gdi32      GDI Client DLL      Microsoft Corporation      c:\windows\system32\gdi32.dll
+ IERTUTIL      Run time utility for Internet Explorer      Microsoft Corporation      c:\windows\system32\iertutil.dll
+ IMAGEHLP      Windows NT Image Helper      Microsoft Corporation      c:\windows\system32\imagehlp.dll
+ IMM32      Multi-User Windows IMM32 API Client DLL      Microsoft Corporation      c:\windows\system32\imm32.dll
+ kernel32      Windows NT BASE API Client DLL      Microsoft Corporation      c:\windows\system32\kernel32.dll
+ LPK      Language Pack      Microsoft Corporation      c:\windows\system32\lpk.dll
+ MSCTF      MSCTF Server DLL      Microsoft Corporation      c:\windows\system32\msctf.dll
+ MSVCRT      Windows NT CRT DLL      Microsoft Corporation      c:\windows\system32\msvcrt.dll
+ NORMALIZ      Unicode Normalization DLL      Microsoft Corporation      c:\windows\system32\normaliz.dll
+ NSI      NSI User-mode interface DLL      Microsoft Corporation      c:\windows\system32\nsi.dll
+ ole32      Microsoft OLE for Windows      Microsoft Corporation      c:\windows\system32\ole32.dll
+ OLEAUT32            Microsoft Corporation      c:\windows\system32\oleaut32.dll
+ rpcrt4      Remote Procedure Call Runtime      Microsoft Corporation      c:\windows\system32\rpcrt4.dll
+ Setupapi      Windows Setup API      Microsoft Corporation      c:\windows\system32\setupapi.dll
+ SHELL32      Windows Shell Common Dll      Microsoft Corporation      c:\windows\system32\shell32.dll
+ SHLWAPI      Shell Light-weight Utility Library      Microsoft Corporation      c:\windows\system32\shlwapi.dll
+ URLMON      OLE32 Extensions for Win32      Microsoft Corporation      c:\windows\system32\urlmon.dll
+ user32      Multi-User Windows USER API Client DLL      Microsoft Corporation      c:\windows\system32\user32.dll
+ USP10      Uniscribe Unicode script processor      Microsoft Corporation      c:\windows\system32\usp10.dll
+ WININET      Internet Extensions for Win32      Microsoft Corporation      c:\windows\system32\wininet.dll
+ WLDAP32      Win32 LDAP API DLL      Microsoft Corporation      c:\windows\system32\wldap32.dll
+ WS2_32      Windows Socket 2.0 32-Bit DLL      Microsoft Corporation      c:\windows\system32\ws2_32.dll
HKCU\Control Panel\Desktop\Scrnsave.exe                  
+ C:\Windows\system32\PhotoScreensaver.scr      Photos Screen Saver      Microsoft Corporation      c:\windows\system32\photoscreensaver.scr
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries                  
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{1E77E1A7-A7E2-4F57-B225-5709C88BD875}] DATAGRAM 6      Microsoft Windows Sockets 2.0 Service Provider      Microsoft Corporation      c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{1E77E1A7-A7E2-4F57-B225-5709C88BD875}] SEQPACKET 6      Microsoft Windows Sockets 2.0 Service Provider      Microsoft Corporation      c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{2A971016-126D-4038-9364-30FA2B98029D}] DATAGRAM 2      Microsoft Windows Sockets 2.0 Service Provider      Microsoft Corporation      c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{2A971016-126D-4038-9364-30FA2B98029D}] SEQPACKET 2      Microsoft Windows Sockets 2.0 Service Provider      Microsoft Corporation      c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4F6B9AD0-EC2D-4104-B876-60C9A9F62013}] DATAGRAM 5      Microsoft Windows Sockets 2.0 Service Provider      Microsoft Corporation      c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4F6B9AD0-EC2D-4104-B876-60C9A9F62013}] SEQPACKET 5      Microsoft Windows Sockets 2.0 Service Provider      Microsoft Corporation      c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{61D08904-297A-4E50-98FB-E042FB73868C}] DATAGRAM 1      Microsoft Windows Sockets 2.0 Service Provider      Microsoft Corporation      c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{61D08904-297A-4E50-98FB-E042FB73868C}] SEQPACKET 1      Microsoft Windows Sockets 2.0 Service Provider      Microsoft Corporation      c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DAD81DFC-DF6E-4F0A-AA36-B4178E96B9E0}] DATAGRAM 4      Microsoft Windows Sockets 2.0 Service Provider      Microsoft Corporation      c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DAD81DFC-DF6E-4F0A-AA36-B4178E96B9E0}] SEQPACKET 4      Microsoft Windows Sockets 2.0 Service Provider      Microsoft Corporation      c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{61D08904-297A-4E50-98FB-E042FB73868C}] DATAGRAM 0      Microsoft Windows Sockets 2.0 Service Provider      Microsoft Corporation      c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{61D08904-297A-4E50-98FB-E042FB73868C}] SEQPACKET 0      Microsoft Windows Sockets 2.0 Service Provider      Microsoft Corporation      c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{DAD81DFC-DF6E-4F0A-AA36-B4178E96B9E0}] DATAGRAM 3      Microsoft Windows Sockets 2.0 Service Provider      Microsoft Corporation      c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{DAD81DFC-DF6E-4F0A-AA36-B4178E96B9E0}] SEQPACKET 3      Microsoft Windows Sockets 2.0 Service Provider      Microsoft Corporation      c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [RAW/IP]      Microsoft Windows Sockets 2.0 Service Provider      Microsoft Corporation      c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [RAW/IPv6]      Microsoft Windows Sockets 2.0 Service Provider      Microsoft Corporation      c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [TCP/IP]      Microsoft Windows Sockets 2.0 Service Provider      Microsoft Corporation      c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [TCP/IPv6]      Microsoft Windows Sockets 2.0 Service Provider      Microsoft Corporation      c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [UDP/IP]      Microsoft Windows Sockets 2.0 Service Provider      Microsoft Corporation      c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [UDP/IPv6]      Microsoft Windows Sockets 2.0 Service Provider      Microsoft Corporation      c:\windows\system32\mswsock.dll
+ RSVP TCP Service Provider      Microsoft Windows Sockets 2.0 Service Provider      Microsoft Corporation      c:\windows\system32\mswsock.dll
+ RSVP TCPv6 Service Provider      Microsoft Windows Sockets 2.0 Service Provider      Microsoft Corporation      c:\windows\system32\mswsock.dll
+ RSVP UDP Service Provider      Microsoft Windows Sockets 2.0 Service Provider      Microsoft Corporation      c:\windows\system32\mswsock.dll
+ RSVP UDPv6 Service Provider      Microsoft Windows Sockets 2.0 Service Provider      Microsoft Corporation      c:\windows\system32\mswsock.dll
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries                  
+ E-mail Naming Shim Provider      E-mail Naming Shim Provider      Microsoft Corporation      c:\windows\system32\napinsp.dll
+ mdnsNSP      Bonjour Namespace Provider      Apple Inc.      c:\program files\bonjour\mdnsnsp.dll
+ Network Location Awareness Legacy (NLAv1) Namespace      Network Location Awareness 2      Microsoft Corporation      c:\windows\system32\nlaapi.dll
+ NTDS      LDAP RnR Provider DLL      Microsoft Corporation      c:\windows\system32\winrnr.dll
+ PNRP Cloud Namespace Provider      PNRP Name Space Provider      Microsoft Corporation      c:\windows\system32\pnrpnsp.dll
+ PNRP Name Namespace Provider      PNRP Name Space Provider      Microsoft Corporation      c:\windows\system32\pnrpnsp.dll
+ Tcpip      Microsoft Windows Sockets 2.0 Service Provider      Microsoft Corporation      c:\windows\system32\mswsock.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors                  
+ EPSON PX-A650 2KMonitor5J      EPSON Bi-directional Monitor      SEIKO EPSON CORPORATION      c:\windows\system32\e_flmadj.dll
+ EPSON PX-A650 32MonitorBJ      EPSON Bi-directional Monitor x86      SEIKO EPSON CORPORATION      c:\windows\system32\e_flbadj.dll
+ LIDIL hpzlllhn      LanguageMonitor      Hewlett-Packard Company      c:\windows\system32\hpzlllhn.dll
+ Local Port      Local Spooler DLL      Microsoft Corporation      c:\windows\system32\localspl.dll
+ Microsoft Shared Fax Monitor      Microsoft  Fax Print Monitor      Microsoft Corporation      c:\windows\system32\fxsmon.dll
+ PJL Language Monitor      PJL Language monitor      Microsoft Corporation      c:\windows\system32\pjlmon.dll
+ Standard TCP/IP Port      Standard TCP/IP Port Monitor DLL      Microsoft Corporation      c:\windows\system32\tcpmon.dll
+ USB Monitor      Standard Dynamic Printing Port Monitor DLL      Microsoft Corporation      c:\windows\system32\usbmon.dll
+ WSD Port      WSD Printer Port Monitor      Microsoft Corporation      c:\windows\system32\wsdmon.dll
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders                  
+ credssp.dll      TS Single Sign On Security Package      Microsoft Corporation      c:\windows\system32\credssp.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages                  
+ C:\Windows\system32\gebyAqpm                  c:\windows\system32\gebyaqpm.dll
+ msv1_0      Microsoft Authentication Package v1.0      Microsoft Corporation      c:\windows\system32\msv1_0.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages                  
+ scecli      Windows Security Configuration Editor Client Engine      Microsoft Corporation      c:\windows\system32\scecli.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages                  
+ kerberos      Kerberos Security Package      Microsoft Corporation      c:\windows\system32\kerberos.dll
+ msv1_0      Microsoft Authentication Package v1.0      Microsoft Corporation      c:\windows\system32\msv1_0.dll
+ schannel      TLS / SSL Security Provider      Microsoft Corporation      c:\windows\system32\schannel.dll
+ tspkg      Web Service Security Package      Microsoft Corporation      c:\windows\system32\tspkg.dll
+ wdigest      Microsoft Digest Access      Microsoft Corporation      c:\windows\system32\wdigest.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers                  
+ GenericProvider      Windows Authentication UI      Microsoft Corporation      c:\windows\system32\authui.dll
+ NPProvider      Windows Authentication UI      Microsoft Corporation      c:\windows\system32\authui.dll
+ PasswordProvider      Windows Authentication UI      Microsoft Corporation      c:\windows\system32\authui.dll
+ Smartcard Credential Provider      Windows Smartcard Credential Provider      Microsoft Corporation      c:\windows\system32\smartcardcredentialprovider.dll
+ Smartcard Pin Provider      Windows Smartcard Credential Provider      Microsoft Corporation      c:\windows\system32\smartcardcredentialprovider.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters                  
+ GenericFilter      Windows Authentication UI      Microsoft Corporation      c:\windows\system32\authui.dll
+ RemoteLogonFilter      Windows Authentication UI      Microsoft Corporation      c:\windows\system32\authui.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers                  
+ CRasProvider      RAS PLAP Credential Provider      Microsoft Corporation      c:\windows\system32\rasplap.dll
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order                  
+ LanmanWorkstation      Microsoft Windows Network      Microsoft Corporation      c:\windows\system32\ntlanman.dll
+ RDPNP      Microsoft Terminal Services      Microsoft Corporation      c:\windows\system32\drprov.dll
+ webclient      Web Client Network      Microsoft Corporation      c:\windows\system32\davclnt.dll
C:\Users\Vista\AppData\Local\Microsoft\Windows Sidebar\Settings.ini                  
+                   C:\Program Files\Windows Sidebar\Gadgets\NeroDiscCopy.Gadget
+ All CPU Meter      The All Cpu Meter will show you all core cpu usage and temperatures. It also displayes all core usage history.      AddGadget.com      C:\Users\Vista\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All CPU Meter.gadget\Gadget.xml
+ Calendar      Browse the days of the calendar.      Microsoft Corporation      C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\Gadget.xml
+ Clock      Watch the clock in your own time zone or any city in the world.      Microsoft Corporation      C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\Gadget.xml
+ Currency      Convert from one currency to another.      Microsoft Corporation      C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\Gadget.xml
+ Notes      Capture ideas, notes, and reminders in a quick and easy way.      Microsoft Corporation      C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\Gadget.xml
+ Stocks      Monitor your favorite stocks.      Microsoft Corporation      C:\Program Files\Windows Sidebar\Gadgets\Stocks.Gadget\en-US\Gadget.xml
+ Weather      See what the weather looks like around the world.      Microsoft Corporation      C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\Gadget.xml
+ Weather      See what the weather looks like around the world.      Microsoft Corporation      C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\Gadget.xml
+ Weather      See what the weather looks like around the world.      Microsoft Corporation      C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\Gadget.xml
ASKER CERTIFIED SOLUTION
Avatar of rpggamergirl
rpggamergirl
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
From your Autoruns log, I would be concerned about the following:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run  
--> + GroupManager                   c:\windows\msiupdate.exe
--> + MSServer                  c:\windows\system32\ssqrlfus.dll
--> + svchosts                  c:\windows\system32\svchosts.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks    
--> + ssqrlfus.dll                  c:\windows\system32\ssqrlfus.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects  
--> + {5BE92300-3F82-4DE0-8813-86017B4228C6}                  c:\windows\system32\gebyaqpm.dll

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages  
+ C:\Windows\system32\gebyAqpm                  c:\windows\system32\gebyaqpm.dll

I need to do all of the above in safe mode?
O2 - BHO: (no name) - {5BE92300-3F82-4DE0-8813-86017B4228C6} - C:\Windows\system32\gebyAqpm.dll

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ssqRLFus.dll,#1

still remain after running fix this...not in safe mode though.  
Instead of deleting them manually, just run combofix and show us the logfile to make sure all bad files had been deleted.
in safe mode or not?  With networking or without?
malwarebytes full scan or quick one?
It's Vista so combofix might not run well on normal mode, try it anyway, then if it doesn't finished the run then run it in safe mode.
Just plain safe mode (no networking), as long as you don't install RC and it's the latest version of combofix.
>>>malwarebytes full scan or quick one?<<<
Okay you can try Malwarebyes full scan, then if it doesn't remove all the bad files, try combofix next.
Please show us the log.
I ran combofix, but it killed the internet connection on my desktop.  I am connected with my wife's laptop,  How to get my desktop internet connection back?
have a log file on there, but obviously cannot upload it till I get connection back
I seem to have had this issue before as well.  I think someone told me to go into computer...manage, device manager and then uninstall the network adaptor.  Is that right?  waiting for guidance...
>>> How to get my desktop internet connection back?<<<
Just reboot.
Can you also attach the combofix log.
I already rebooted, no internet.  diconnected both the DSL modem and the wireless router.  Get internet on the wireless but not on the desktop...cannot upload log file until I get desktop back online
rebooted a 3rd time, still no internet on desktop
I get a message that pops up just before my log on screen to Vista that says something like ISLED program not found skipping autocheck.  
It supposed to restore it.

Disabling/re-enabling the network connection also restores it. Try it.
Going to Control Panel > Network Connections. Right click on Network icon in the notification area in the lower right corner of Desktop & select "Repair".
no repair did not work. Tried that.  says windows detected a problem that cannot be repaired automatically.  tried disabling network and reenabling.  NOt working
Check this guide for restoring connection after running combofix.
Manually restoring the Internet connection,scroll right down the page.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix#restore
 
also try this,
In the Start > Run > 

cmd

run the command --> netsh winsock reset

I'm sorry i have to go, I'll check back in few hours.
not working, tried repairing network connection  no good

tried
run the command --> netsh winsock reset

didn't work
ok got it to work, had to alter my ip configuration.  Ok here are the logsssssssssss.
Malwarebytes' Anti-Malware 1.33
Database version: 1682
Windows 6.0.6001 Service Pack 1
 
1/23/2009 11:11:50 PM
mbam-log-2009-01-23 (23-11-30).txt
 
Scan type: Quick Scan
Objects scanned: 55284
Time elapsed: 5 minute(s), 41 second(s)
 
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3
 
Memory Processes Infected:
(No malicious items detected)
 
Memory Modules Infected:
(No malicious items detected)
 
Registry Keys Infected:
(No malicious items detected)
 
Registry Values Infected:
(No malicious items detected)
 
Registry Data Items Infected:
(No malicious items detected)
 
Folders Infected:
C:\Windows\System32\pnVes06 (Trojan.Agent) -> No action taken.
 
Files Infected:
C:\Windows\System32\ssqRLFus.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> No action taken.
C:\Windows\System32\eFwVOeFv.dll (Trojan.vundo) -> No action taken.
 
ComboFix 09-01-21.04 - Vista 2009-01-23 21:55:17.3 - NTFSx86
Microsoft® Windows Vista" Ultimate   6.0.6001.1.1252.1.1033.18.3326.1644 [GMT 9:00]
Running from: c:\users\Vista\Desktop\ComboFix.exe
AV: Trend Micro Internet Security Pro *On-access scanning enabled* (Updated)
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
c:\users\Vista\AppData\Roaming\inst.exe
c:\windows\system32\gebyAqpm.dll
c:\windows\System32\mpqAybeg.ini
c:\windows\System32\mpqAybeg.ini2
c:\windows\System32\MUFNmnpo.ini
c:\windows\System32\MUFNmnpo.ini2
c:\windows\system32\opnmNFUM.dll
c:\windows\system32\svchosts.exe
c:\windows\system32\uuddc32.dll
 
.
(((((((((((((((((((((((((   Files Created from 2008-12-23 to 2009-01-23  )))))))))))))))))))))))))))))))
.
 
2009-01-23 21:38 . 2009-01-23 21:38	<DIR>	d--------	c:\users\Vista\AppData\Roaming\Malwarebytes
2009-01-23 21:37 . 2009-01-23 21:37	<DIR>	d--------	c:\users\All Users\Malwarebytes
2009-01-23 21:37 . 2009-01-23 21:37	<DIR>	d--------	c:\programdata\Malwarebytes
2009-01-23 21:37 . 2009-01-23 21:37	<DIR>	d--------	c:\program files\Malwarebytes' Anti-Malware
2009-01-23 21:37 . 2009-01-14 16:11	38,496	--a------	c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-23 21:37 . 2009-01-14 16:11	15,504	--a------	c:\windows\System32\drivers\mbam.sys
2009-01-23 20:25 . 2009-01-23 21:58	37,376	--a------	c:\windows\System32\ssqRLFus.dll
2009-01-23 15:09 . 2009-01-23 20:21	<DIR>	d--h-c---	c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-23 15:09 . 2009-01-23 20:21	<DIR>	d--h-c---	c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-23 15:07 . 2009-01-23 15:07	5,928	--a------	c:\windows\System32\eFwVOeFv.dll
2009-01-22 20:04 . 2006-11-02 19:23	<DIR>	dr-------	c:\users\Mcx1\Videos
2009-01-22 20:04 . 2006-11-02 19:23	<DIR>	d--------	c:\users\Mcx1\Saved Games
2009-01-22 20:04 . 2006-11-02 19:23	<DIR>	dr-------	c:\users\Mcx1\Pictures
2009-01-22 20:04 . 2006-11-02 19:23	<DIR>	dr-------	c:\users\Mcx1\Music
2009-01-22 20:04 . 2006-11-02 19:23	<DIR>	dr-------	c:\users\Mcx1\Links
2009-01-22 20:04 . 2006-11-02 19:23	<DIR>	dr-------	c:\users\Mcx1\Downloads
2009-01-22 20:04 . 2009-01-22 20:04	<DIR>	dr-------	c:\users\Mcx1\Documents
2009-01-22 20:04 . 2009-01-22 20:05	<DIR>	d--h-----	c:\users\Mcx1\AppData
2009-01-22 20:04 . 2009-01-22 20:04	<DIR>	d--------	c:\users\Mcx1
2009-01-20 21:51 . 2009-01-22 20:07	<DIR>	d--------	c:\users\All Users\LightScribe
2009-01-20 21:51 . 2009-01-22 20:07	<DIR>	d--------	c:\programdata\LightScribe
2009-01-20 21:23 . 2009-01-20 21:23	4,767	--a------	c:\windows\Irremote.ini
2009-01-20 20:53 . 2009-01-20 20:53	<DIR>	d--------	c:\program files\Common Files\LightScribe
2009-01-20 20:24 . 2008-02-28 14:26	1,414,440	--a------	c:\windows\System32\ShellManager310E2D762.dll
2009-01-20 20:24 . 2008-02-28 14:01	774,144	--a------	c:\windows\System32\NEROINSTAEC43759.DB
2009-01-20 16:34 . 2009-01-20 16:34	<DIR>	d--------	c:\users\All Users\EPSON
2009-01-20 16:34 . 2009-01-20 16:34	<DIR>	d--------	c:\programdata\EPSON
2009-01-20 16:33 . 2007-12-07 02:08	86,528	--a------	c:\windows\System32\E_FLBADJ.DLL
2009-01-20 16:33 . 2007-12-07 02:01	78,848	--a------	c:\windows\System32\E_FD4BADJ.DLL
2009-01-20 16:33 . 2004-09-10 20:12	49,152	--a------	c:\windows\System32\E_DCINST.DLL
2009-01-15 10:01 . 2008-12-16 11:42	288,768	--a------	c:\windows\System32\drivers\srv.sys
2009-01-15 08:08 . 2009-01-21 10:09	22,528	--a------	c:\windows\msiUpdate.exe
2009-01-12 19:50 . 2006-05-20 16:16	1,184,984	--a------	c:\windows\System32\wvc1dmod.dll
2009-01-12 19:50 . 2006-05-11 19:21	626,688	--a------	c:\windows\System32\vp7vfw.dll
2009-01-12 19:50 . 2002-12-10 02:20	102,439	--a------	c:\windows\System32\sipr3260.dll
2009-01-10 13:54 . 2008-12-08 03:08	795,648	--a------	c:\windows\System32\xvidcore.dll
2009-01-10 13:54 . 2008-12-08 03:08	130,048	--a------	c:\windows\System32\xvidvfw.dll
2009-01-06 22:45 . 2009-01-06 22:45	<DIR>	d--------	c:\program files\Earth
2009-01-03 19:08 . 2009-01-10 13:54	<DIR>	d--------	c:\program files\K-Lite Codec Pack
2009-01-02 21:12 . 2009-01-02 21:12	<DIR>	d--------	c:\users\All Users\FLEXnet
2009-01-02 21:12 . 2009-01-02 21:12	<DIR>	d--------	c:\programdata\FLEXnet
2009-01-02 20:59 . 2009-01-03 06:42	<DIR>	d--------	c:\users\All Users\Adobe
2009-01-01 09:51 . 2009-01-01 09:51	81,920	--a------	c:\users\Vista\AppData\Roaming\ezpinst.exe
2008-12-31 16:38 . 2008-12-31 16:38	<DIR>	d--------	c:\program files\Domain Software
2008-12-29 20:18 . 2008-12-29 20:18	<DIR>	d--------	c:\program files\Common Files\Logicool
2008-12-29 20:10 . 2009-01-20 15:48	<DIR>	d--------	c:\windows\System32\Service
2008-12-29 17:02 . 2009-01-01 10:13	<DIR>	d--------	c:\users\All Users\DVD Shrink
2008-12-29 17:02 . 2009-01-01 10:13	<DIR>	d--------	c:\programdata\DVD Shrink
2008-12-29 17:02 . 2008-12-29 17:02	<DIR>	d--------	c:\program files\DVD Shrink
2008-12-29 16:56 . 2008-12-29 16:56	<DIR>	d--------	c:\program files\DVD Decrypter
2008-12-25 21:13 . 2008-12-25 21:36	<DIR>	d--------	C:\OutputFolder
2008-12-25 21:12 . 2008-12-25 21:13	<DIR>	d--------	c:\program files\Allok Video Joiner
2008-12-25 21:12 . 2007-04-12 14:19	129,024	--a------	c:\windows\System32\AVERM.dll
2008-12-25 21:12 . 2006-09-26 13:57	28,672	--a------	c:\windows\System32\AVEQT.dll
2008-12-25 21:05 . 2008-12-25 21:05	<DIR>	d--------	C:\VideoOutput
2008-12-25 16:16 . 2008-12-25 16:16	<DIR>	d--------	c:\users\Vista\AppData\Roaming\DAEMON Tools Pro
2008-12-25 16:16 . 2008-12-25 16:16	<DIR>	d--------	c:\users\Vista\AppData\Roaming\DAEMON Tools Lite
2008-12-25 16:16 . 2008-12-25 16:16	<DIR>	d--------	c:\users\All Users\DAEMON Tools Lite
2008-12-25 16:16 . 2008-12-25 16:16	<DIR>	d--------	c:\programdata\DAEMON Tools Lite
2008-12-25 16:16 . 2008-12-25 16:16	<DIR>	d--------	c:\program files\DAEMON Tools Lite
2008-12-23 09:05 . 2008-11-27 10:39	1,195,384	--a------	c:\windows\System32\drivers\vsapint.sys
2008-12-23 09:05 . 2008-12-23 09:05	256,528	--a------	c:\windows\System32\drivers\tmwfp.sys
2008-12-23 09:05 . 2008-11-27 10:42	205,328	--a------	c:\windows\System32\drivers\tmxpflt.sys
2008-12-23 09:05 . 2008-12-23 09:05	145,424	--a------	c:\windows\System32\drivers\tmlwf.sys
2008-12-23 09:05 . 2008-12-23 09:05	144,912	--a------	c:\windows\System32\drivers\tmcomm.sys
2008-12-23 09:05 . 2008-12-23 09:05	80,400	--a------	c:\windows\System32\drivers\tmtdi.sys
2008-12-23 09:05 . 2008-12-23 09:05	50,192	--a------	c:\windows\System32\drivers\tmactmon.sys
2008-12-23 09:05 . 2008-12-23 09:05	49,680	--a------	c:\windows\System32\drivers\tmevtmgr.sys
2008-12-23 09:05 . 2008-11-27 10:42	36,368	--a------	c:\windows\System32\drivers\tmpreflt.sys
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 13:05	---------	d-----w	c:\program files\Steam
2009-01-23 13:03	32,725	----a-w	c:\windows\system32\drivers\stwrte.log
2009-01-23 13:03	0	----a-w	c:\windows\system32\drivers\lvuvc.hs
2009-01-23 13:03	---------	d-----w	c:\program files\Transcode360
2009-01-23 12:30	---------	d-----w	c:\users\Vista\AppData\Roaming\uTorrent
2009-01-23 12:06	---------	d-----w	c:\users\Vista\AppData\Roaming\Skype
2009-01-23 11:20	---------	d-----w	c:\programdata\Lavasoft
2009-01-23 09:16	---------	d-----w	c:\users\Vista\AppData\Roaming\skypePM
2009-01-22 21:54	---------	d-----w	c:\programdata\Google Updater
2009-01-21 13:08	---------	d-----w	c:\program files\CCleaner
2009-01-20 12:51	---------	d-----w	c:\users\Vista\AppData\Roaming\Nero
2009-01-20 12:49	---------	d-----w	c:\program files\Nero
2009-01-20 12:34	---------	d-----w	c:\program files\Common Files\Nero
2009-01-20 12:13	---------	d-----w	c:\programdata\Nero
2009-01-20 07:18	---------	d-----w	c:\program files\Common Files\Steam
2009-01-18 23:22	---------	d-----w	c:\users\Vista\AppData\Roaming\.purple
2009-01-15 04:19	---------	d-----w	c:\program files\Windows Mail
2009-01-15 04:18	---------	d-----w	c:\programdata\Microsoft Help
2009-01-12 11:27	---------	d-----w	c:\users\Vista\AppData\Roaming\Vso
2009-01-12 10:50	---------	d-----w	c:\program files\VSO
2009-01-12 10:49	47,360	----a-w	c:\users\Vista\AppData\Roaming\pcouffin.sys
2009-01-11 20:37	---------	d-----w	c:\users\Vista\AppData\Roaming\LimeWire
2009-01-11 20:37	---------	d-----w	c:\program files\NCH Swift Sound
2009-01-11 20:36	---------	d-----w	c:\users\Vista\AppData\Roaming\NCH Swift Sound
2009-01-08 04:29	977	----a-w	c:\program files\Txt2Vobsub_Settings.ini
2009-01-02 21:31	---------	d-----w	c:\program files\Common Files\Adobe
2008-12-31 12:21	---------	d-----w	c:\program files\Mozilla Thunderbird
2008-12-29 23:51	---------	d-----w	c:\program files\Dreamweaver
2008-12-29 04:29	---------	d-----w	c:\users\Vista\AppData\Roaming\dvdcss
2008-12-25 09:45	---------	d-----w	c:\program files\AviSynth 2.5
2008-12-25 07:16	---------	d-----w	c:\users\Vista\AppData\Roaming\DAEMON Tools
2008-12-23 00:13	---------	d-----w	c:\program files\Trend Micro
2008-12-23 00:09	---------	d-----w	c:\programdata\Trend Micro
2008-12-22 11:09	---------	d-----w	c:\users\Vista\AppData\Roaming\Nokia
2008-12-21 21:53	---------	d-----w	c:\programdata\Installations
2008-12-21 21:53	---------	d-----w	c:\program files\Nokia
2008-12-21 21:53	---------	d-----w	c:\program files\Common Files\PCSuite
2008-12-21 21:53	---------	d-----w	c:\program files\Common Files\Nokia
2008-12-21 21:51	---------	d-----w	c:\program files\PC Connectivity Solution
2008-12-12 10:53	---------	d-----w	c:\users\Vista\AppData\Roaming\Media Player Classic
2008-12-08 23:26	---------	d-----w	c:\program files\Java
2008-12-05 06:57	---------	d-----w	c:\program files\Adobe Photoshop
2008-12-03 13:06	---------	d-----w	c:\program files\Pidgin
2008-12-03 13:06	---------	d-----w	c:\program files\Common Files\GTK
2008-11-24 09:14	---------	d-----w	c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 09:14	---------	d-----w	c:\program files\iTunes
2008-11-24 09:14	---------	d-----w	c:\program files\iPod
2008-11-24 09:14	---------	d-----w	c:\program files\Common Files\Apple
2008-11-24 09:12	---------	d-----w	c:\program files\QuickTime
2008-11-01 03:44	541,696	----a-w	c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44	52,736	----a-w	c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44	460,288	----a-w	c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44	2,154,496	----a-w	c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44	173,056	----a-w	c:\windows\AppPatch\AcXtrnal.dll
2008-10-29 06:29	2,927,104	----a-w	c:\windows\explorer.exe
2008-10-18 08:18	722,176	----a-w	c:\users\Vista\gotomypc_428.exe
2008-09-12 12:42	1,347,072	----a-w	c:\program files\Txt2VobSub.exe
2008-09-05 21:18	1,715	----a-w	c:\program files\sg_backup_2008-09-06-0618.spg
2008-09-04 02:32	1,715	----a-w	c:\program files\sg_backup_2008-09-04-1132.spg
2008-08-29 21:17	1,715	----a-w	c:\program files\sg_backup_2008-08-30-0617.spg
2008-08-15 13:32	1,715	----a-w	c:\program files\sg_backup_2008-08-15-2232.spg
2008-05-25 07:30	32	----a-w	c:\users\All Users\ezsid.dat
2008-05-25 07:30	32	----a-w	c:\programdata\ezsid.dat
2008-03-21 23:51	174	--sha-w	c:\program files\desktop.ini
2008-03-02 00:11	1,721	----a-w	c:\program files\FirstBackup.spg
2008-02-04 01:54	398,488	----a-w	c:\program files\switchsetup.exe
2007-12-16 22:15	610,304	----a-w	c:\program files\TCPOptimizer.exe
2007-05-13 16:01	1,413,120	----a-w	c:\program files\winsockfix(2).exe
2008-05-25 09:36	8	--sh--r	c:\windows\System32\DA135328D0.sys
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-12-23 497008]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-09 185896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SoundTray"="c:\program files\Analog Devices\SoundMAX\SoundTray.exe" [2007-08-02 53248]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-28 1282048]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 563984]
"LogitechQuickCamRibbon"="c:\program files\Logicool\Qcam\Qcam.exe" [2008-08-14 2406160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-12-23 970808]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MCE Tunes Extender Support"="c:\program files\Proxure\MCE Tunes Pro\LaunchExtenderSupport.exe" [2007-11-13 45056]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-12-23 497008]
 
c:\users\Vista\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-02-09 3683824]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.divxa32"= divxa32.acm
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\[u]0[/u]autocheck lsdelete
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
--a------ 2007-10-30 19:52 16200 c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-10 18:02 216520 c:\program files\DAEMON Tools Lite\daemon.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-08 18:44 1410296 c:\program files\Steam\Steam.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-761222596-1403191366-214991424-1000]
"EnableNotificationsRef"=dword:00000001
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B216B66B-F51B-4A56-A2C3-194FE8716820}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9ECDCC38-E417-42C6-97F5-D4CB99693FBE}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7FA9F5AF-D342-4E46-BB4D-CEF9BA29C22E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{0F926F84-A939-421A-A299-447EF9DB7D23}"= UDP:49152:Utorrent
"{1AAA4DEB-FEB8-46E8-B312-7984278715BD}"= TCP:49152:utorrent
"{78C23670-3BE8-4BE4-B576-A8F75DEB03C1}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{3C001CA9-DB67-478F-A752-071BBBBC4653}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{E7C87C99-D816-45D6-A3B9-042BB05C3061}c:\\program files\\foldershare\\foldershare.exe"= UDP:c:\program files\foldershare\foldershare.exe:FolderShare
"UDP Query User{F539C203-274F-4AC1-B335-02A7856CA65E}c:\\program files\\foldershare\\foldershare.exe"= TCP:c:\program files\foldershare\foldershare.exe:FolderShare
"TCP Query User{1EF3BB52-2D61-4FA8-B42A-E89030731630}c:\\program files\\steam\\steamapps\\samhfoley\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\samhfoley\counter-strike source\hl2.exe:hl2
"UDP Query User{525969F4-44D2-4ADA-8310-10632A70A62C}c:\\program files\\steam\\steamapps\\samhfoley\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\samhfoley\counter-strike source\hl2.exe:hl2
"TCP Query User{485C5A82-F77B-461C-8B8B-D7AB824120B9}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{ABECFF1F-7928-42A7-A8C2-18B03ACA77D6}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{B461BBFE-C7B2-47D8-AEA4-C166D7BB7C45}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process 
"UDP Query User{EBDA8E9D-66B1-4450-AE59-19CFB1633F31}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process 
"TCP Query User{22D0546B-CB65-49F2-A06B-356F633E9404}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{9D2DE96E-ED25-4337-80D6-8C2BCCEACDE8}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{151DF907-0AB4-41FA-8DBF-9041C1BF2554}"= UDP:f:\program files\Utorrent\utorrent.exe:µTorrent
"{D3D42A59-441F-47D3-9E7B-CD8EAFF30CE1}"= TCP:f:\program files\Utorrent\utorrent.exe:µTorrent
"{F4BD9734-77F1-48F9-9A0E-06D2211A7C76}"= UDP:g:\utorrent\utorrent.exe:µTorrent
"{888CAFB0-28E7-47D7-B1F0-12A9F5A778FA}"= TCP:g:\utorrent\utorrent.exe:µTorrent
"{BEF08F72-8A84-47FF-914A-775E0E89ACDF}"= UDP:f:\utorrent\utorrent.exe:µTorrent
"{BBA1D60C-384E-48E8-9138-548F7678ACFE}"= TCP:f:\utorrent\utorrent.exe:µTorrent
"{D502EB84-B106-463E-B0B8-6F3C9E94C4EA}"= UDP:c:\program files\Steam\Steam.exe:Steam
"{A8405F21-25E0-49D8-B9B1-4C8CA5BF075E}"= TCP:c:\program files\Steam\Steam.exe:Steam
"TCP Query User{607C305E-524F-43BA-A7D6-8BB7D89E5E5B}c:\\users\\vista\\appdata\\local\\foldershare\\foldershare.exe"= UDP:c:\users\vista\appdata\local\foldershare\foldershare.exe:foldershare.exe
"UDP Query User{4A8AFC4D-D30E-4010-9FAA-3649A9F4869A}c:\\users\\vista\\appdata\\local\\foldershare\\foldershare.exe"= TCP:c:\users\vista\appdata\local\foldershare\foldershare.exe:foldershare.exe
"TCP Query User{88FC65F3-4094-4007-9387-1C7D5D5B28DE}c:\\program files\\media control\\remotecontrolhook.exe"= UDP:c:\program files\media control\remotecontrolhook.exe: 
"UDP Query User{603D6C04-188F-42D8-8962-12037EB15FFE}c:\\program files\\media control\\remotecontrolhook.exe"= TCP:c:\program files\media control\remotecontrolhook.exe: 
"TCP Query User{88C2CD8B-A1C1-446B-BBFD-60CA56DCA558}c:\\windows\\ehome\\ehexthost.exe"= UDP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"UDP Query User{0A86D967-006B-40C8-AB0C-A5069889D60A}c:\\windows\\ehome\\ehexthost.exe"= TCP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"{276E4ECA-B4A2-4B58-881A-619CB1CFFD97}"= UDP:c:\users\Vista\AppData\Roaming\uTorrent\wget.exe:wget
"{329ECABE-B5EE-480F-988C-9E62602E27A3}"= TCP:c:\users\Vista\AppData\Roaming\uTorrent\wget.exe:wget
"TCP Query User{F800C4E4-A6A6-4053-8E5C-684FBC9BA9C7}c:\\program files\\mozilla firefox 3 beta 4\\firefox.exe"= UDP:c:\program files\mozilla firefox 3 beta 4\firefox.exe:Firefox
"UDP Query User{9E87F8AF-8CD1-48AB-A058-C48595E6FBD9}c:\\program files\\mozilla firefox 3 beta 4\\firefox.exe"= TCP:c:\program files\mozilla firefox 3 beta 4\firefox.exe:Firefox
"{A1021C89-3608-4860-9A3E-90CC01938D30}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{234A8D2D-8936-4488-8E9F-F4905651EE80}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{C9BAD34B-F985-44B3-94D3-989F38B556F2}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath 
"UDP Query User{5E1CD267-5F28-4A60-AA85-040F84E527FE}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath 
"TCP Query User{6F9B8D66-86AC-4CF1-88FD-4E39D5877920}c:\\windows\\ehome\\ehexthost.exe"= UDP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"UDP Query User{FFD47436-C599-45C2-B387-798802ACF0FA}c:\\windows\\ehome\\ehexthost.exe"= TCP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"TCP Query User{8DC3A4E8-2C39-4601-999E-339EBFA335F9}c:\\program files\\media control\\remotecontrolhook.exe"= UDP:c:\program files\media control\remotecontrolhook.exe: 
"UDP Query User{8112E52F-3978-4B17-BA2C-9DEC61B53729}c:\\program files\\media control\\remotecontrolhook.exe"= TCP:c:\program files\media control\remotecontrolhook.exe: 
"{0BA494E6-3CD2-4BA0-A1D4-6A67DA384E3D}"= UDP:f:\utorrent\utorrent.exe:µTorrent
"{0B48C81D-E2F7-4C2C-88B7-7275466B9D97}"= TCP:f:\utorrent\utorrent.exe:µTorrent
"TCP Query User{8A2EC43E-ABB4-4599-92F7-27A1138F88A8}c:\\program files\\lightningware\\vme 1.2\\vme manager.exe"= UDP:c:\program files\lightningware\vme 1.2\vme manager.exe:VME Manager
"UDP Query User{8676ACC1-9EEB-4794-B875-78E5256952D6}c:\\program files\\lightningware\\vme 1.2\\vme manager.exe"= TCP:c:\program files\lightningware\vme 1.2\vme manager.exe:VME Manager
"{AEC46CE6-8055-4D29-86B5-471655056878}"= UDP:c:\program files\Sling Media\SlingPlayer\SlingPlayer.exe:Launch SlingPlayer
"{F5CC849A-F237-4CC9-894E-910C5AB4FB1A}"= TCP:c:\program files\Sling Media\SlingPlayer\SlingPlayer.exe:Launch SlingPlayer
"{3FACC12B-40A0-42FD-92CE-19090CD8EBF7}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{D3171D72-599E-4FC3-AEEE-6061398684BC}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{CB20A671-5F69-4304-A7A2-11EED617AD6F}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{6FD7C3E5-0F89-4633-A3D1-58B290D66C72}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{2BC55FC6-8B53-41BE-B0B5-4E9A7DDCB2F2}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process 
"UDP Query User{21FB5244-2FEE-428E-AD9A-729E20E48119}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process 
"TCP Query User{7865576A-85F4-41B0-9F82-660C36F0E2C7}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath 
"UDP Query User{321909A0-D8AD-4F43-8617-71A675CF3C30}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath 
"{C69A8D74-337A-4DF8-91D3-E75B4E6A4E7E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{936D87C5-64EE-4E6B-AC54-E69021701E47}"= UDP:f:\utorrent\utorrent.exe:µTorrent (TCP-In)
"{E49224BE-F975-4897-8CFF-C2D501B8D65B}"= TCP:f:\utorrent\utorrent.exe:µTorrent (UDP-In)
"{03E32A78-916E-48C1-AA9B-2A9D6BC860FF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{34D8A968-C6F2-48B4-AF1D-297BA2BBFF4F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CFA8FB4C-D5D2-4072-9B9F-DA8A611DBD1C}"= UDP:c:\program files\Transcode360\Transcode360.exe:Transcode 360
"{869A7164-F357-41E3-B8A7-831042B38F89}"= TCP:c:\program files\Transcode360\Transcode360.exe:Transcode 360
"{11AEFD2D-8731-411D-A546-F42B7ACA051D}"= TCP:1041:Transcode 360
"{E95BAD62-41FB-4203-B962-23F1A4DB4762}"= TCP:10244:Transcode 360
"TCP Query User{5CB84706-3111-429E-A496-51C79B1DB27D}c:\\program files\\steam\\steamapps\\samhfoley\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\samhfoley\counter-strike source\hl2.exe:hl2
"UDP Query User{AF2C2758-8EEC-450B-B4F1-A2076E6663DC}c:\\program files\\steam\\steamapps\\samhfoley\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\samhfoley\counter-strike source\hl2.exe:hl2
"{0660ECFF-1142-494B-B0EB-CC627DC2EF45}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo
"{1BBA5738-BDE2-496D-A743-C46C568E8EAB}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo
"{9C32DD41-0808-42EE-BE8F-34CA81B38F4B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A2731A37-989E-4EEE-B937-E406EE24CF3A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{806BF5A3-4E34-4080-9604-BF4A1B6AD826}"= UDP:5353:Adobe CSI CS4
"{2D71730A-3EB4-44B1-965C-B03F14C806D9}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{50EA2307-718C-4D53-8B12-C8F35C742B93}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
 
R1 c2scsi;c2scsi;c:\windows\System32\drivers\C2SCSI.SYS [2007-08-18 252152]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\System32\drivers\tmlwf.sys [2008-12-23 145424]
R3 HabuFltr;Habu Mouse;c:\windows\System32\drivers\habu.sys [2006-10-23 27776]
R3 Pxrmcet;Pxrmcet;c:\windows\System32\drivers\Pxrmcet.sys [2007-11-13 15104]
R4 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R4 SlingAgentService;SlingAgent Service;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [2008-12-10 88576]
R4 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [2008-12-23 36368]
R4 tmwfp;Trend Micro WFP Callout Driver;c:\windows\System32\drivers\tmwfp.sys [2008-12-23 256528]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [2008-02-08 240128]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [2009-01-23 38496]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187.sys [2008-06-27 335872]
S4 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?]
S4 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [2008-12-23 181584]
S4 SessionLauncher;SessionLauncher;c:\users\Vista\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\users\Vista\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S4 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [2008-12-23 49680]
S4 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2008-12-23 492888]
S4 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2008-12-23 677128]
 
--- Other Services/Drivers In Memory ---
 
*Deregistered* - sptd
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93a25499-8d22-11dd-b5c8-001e8c8ec339}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\pagefiles.exe
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93a254a1-8d22-11dd-b5c8-001e8c8ec339}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93a254aa-8d22-11dd-b5c8-001e8c8ec339}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3ca94cb-fe90-11d5-850d-806e6f6e6963}]
\shell\AutoRun\command - d:\.\Bin\Assetup.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
 
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3520B2D6-3492-EEFD-AE4A-78731E2FE27C}]
c:\windows\system32\svchosts.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
 
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder
 
2009-01-23 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
 
2009-01-23 c:\windows\Tasks\RtlVistaStart.job
- c:\program files\ASUS WiFi-AP Solo\RtWLan.exe []
 
2009-01-23 c:\windows\Tasks\User_Feed_Synchronization-{7F9F310D-0426-4678-97CC-49EB98D954A0}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 16:33]
.
- - - - ORPHANS REMOVED - - - -
 
BHO-{5BE92300-3F82-4DE0-8813-86017B4228C6} - c:\windows\system32\gebyAqpm.dll
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe
MSConfigStartUp-DMXLauncher - c:\program files\Roxio\CinePlayer\DMXLauncher.exe
MSConfigStartUp-FolderShare - c:\program files\FolderShare\FolderShare.exe
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
MSConfigStartUp-Windows Live FolderShare - c:\users\Vista\AppData\Local\FolderShare\FolderShare.exe
 
 
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {DAD81DFC-DF6E-4F0A-AA36-B4178E96B9E0} = 192.168.3.1
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
FF - ProfilePath - c:\users\Vista\AppData\Roaming\Mozilla\Firefox\Profiles\[u]0[/u]x3drx7z.New Age 1-2009\
FF - prefs.js: browser.search.selectedEngine - Mininova
FF - prefs.js: browser.startup.homepage - hxxp://www.espn.com
FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFTMUFEHelper.dll
FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFToolbarComm.dll
FF - component: c:\users\Vista\AppData\Roaming\Mozilla\Firefox\Profiles\[u]0[/u]x3drx7z.New Age 1-2009\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
 
**************************************************************************
 
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 22:05:44
Windows 6.0.6001 Service Pack 1 NTFS
 
scanning hidden processes ...  
 
scanning hidden autostart entries ... 
 
scanning hidden files ...  
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\iPod Access for Windows\iPAHelper.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\No-IP\DUC20.exe
c:\windows\System32\PSIService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
c:\program files\Transcode360\Transcode360.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\windows\System32\conime.exe
c:\program files\Proxure\MCE Tunes Pro\MCETunesExtenderSupport.exe
c:\program files\Proxure\MCE Tunes Pro\ProxureQTHost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
c:\program files\Trend Micro\TrendSecure\TSCFCommander.exe
c:\program files\Trend Micro\TrendSecure\TSCFCmdrLauncher.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-01-23 22:12:36 - machine was rebooted
ComboFix-quarantined-files.txt  2009-01-23 13:12:25
 
Pre-Run: 61,692,874,752 bytes free
Post-Run: 66,965,561,344 bytes free
 
426	--- E O F ---	2009-01-15 04:19:09

Open in new window

You did very well fixing the connection problem, excellent.
Looks like you didn't let MalwareBytes take action or deleted those 3 vundo files found, you need to let it delete them.


Did you run Combofix 3 times?
After that problem, I'm not sure if you like to run combofix again, but if you're game to run it again, then use this script.

1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:
------------------------------------------------------------------------
File::
c:\windows\System32\ssqRLFus.dll
c:\windows\System32\eFwVOeFv.dll

FileLook::
c:\windows\msiUpdate.exe

DirLook::
c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
c:\windows\System32\Service

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3520B2D6-3492-EEFD-AE4A-78731E2FE27C}]
------------------------------------------------------------------------
3. Save the above as CFScript.txt on your desktop.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.
 


Or scan with MalwareBytes again and let it removed all threats found, or you can also delete them manually.
c:\windows\System32\ssqRLFus.dll
c:\windows\System32\eFwVOeFv.dll

and this reg entry below is bad, it's pointing to a bad file.
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3520B2D6-3492-EEFD-AE4A-78731E2FE27C}]

G:\pagefiles.exe <-- did you created this file in one of your USB/external drive?


 
In explorer, please check the properties of these files and folders and see what their info say. You can also submit the files for online check at http://virusscan.jotti.org/
c:\windows\msiUpdate.exe
c:\windows\System32\DA135328D0.sys
c:\windows\System32\drivers\Pxrmcet.sys

c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}

 


Deleted this key
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3520B2D6-3492-EEFD-AE4A-78731E2FE27C}]

 
No problems found
c:\windows\msiUpdate.exe
c:\windows\System32\drivers\Pxrmcet.sys

Could not find these files
c:\windows\System32\DA135328D0.sys
c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
c:\windows\System32\ssqRLFus.dll
c:\windows\System32\eFwVOeFv.dll
nothing in G drive.  Says please insert disc into drive.
G:\pagefiles.exe <-- did you created this file in one of your USB/external drive?

How do I get rid of that message saying "1sdelete program not found skipping autocheck"  that appears just before my Vista log in screen?

running combofix again.  I'll update the logs when it's done

combofix.txt   This time it didn't restart my PC and no internet trouble.  Much better

ComboFix 09-01-21.04 - Vista 2009-01-24 13:18:08.4 - NTFSx86
Microsoft® Windows Vista" Ultimate   6.0.6001.1.1252.1.1033.18.3326.2052 [GMT 9:00]
Running from: c:\users\Vista\Desktop\ComboFix.exe
Command switches used :: c:\users\Vista\Desktop\CFScript.txt
AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated)
 * Created a new restore point
 
FILE ::
c:\windows\System32\eFwVOeFv.dll
c:\windows\System32\ssqRLFus.dll
.
 
(((((((((((((((((((((((((   Files Created from 2008-12-24 to 2009-01-24  )))))))))))))))))))))))))))))))
.
 
2009-01-23 21:38 . 2009-01-23 21:38	<DIR>	d--------	c:\users\Vista\AppData\Roaming\Malwarebytes
2009-01-23 21:37 . 2009-01-23 21:37	<DIR>	d--------	c:\users\All Users\Malwarebytes
2009-01-23 21:37 . 2009-01-23 21:37	<DIR>	d--------	c:\programdata\Malwarebytes
2009-01-23 21:37 . 2009-01-23 21:37	<DIR>	d--------	c:\program files\Malwarebytes' Anti-Malware
2009-01-23 21:37 . 2009-01-14 16:11	38,496	--a------	c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-23 21:37 . 2009-01-14 16:11	15,504	--a------	c:\windows\System32\drivers\mbam.sys
2009-01-22 20:04 . 2006-11-02 19:23	<DIR>	dr-------	c:\users\Mcx1\Videos
2009-01-22 20:04 . 2006-11-02 19:23	<DIR>	d--------	c:\users\Mcx1\Saved Games
2009-01-22 20:04 . 2006-11-02 19:23	<DIR>	dr-------	c:\users\Mcx1\Pictures
2009-01-22 20:04 . 2006-11-02 19:23	<DIR>	dr-------	c:\users\Mcx1\Music
2009-01-22 20:04 . 2006-11-02 19:23	<DIR>	dr-------	c:\users\Mcx1\Links
2009-01-22 20:04 . 2006-11-02 19:23	<DIR>	dr-------	c:\users\Mcx1\Downloads
2009-01-22 20:04 . 2009-01-22 20:04	<DIR>	dr-------	c:\users\Mcx1\Documents
2009-01-22 20:04 . 2009-01-22 20:05	<DIR>	d--h-----	c:\users\Mcx1\AppData
2009-01-22 20:04 . 2009-01-22 20:04	<DIR>	d--------	c:\users\Mcx1
2009-01-20 21:51 . 2009-01-22 20:07	<DIR>	d--------	c:\users\All Users\LightScribe
2009-01-20 21:51 . 2009-01-22 20:07	<DIR>	d--------	c:\programdata\LightScribe
2009-01-20 21:23 . 2009-01-20 21:23	4,767	--a------	c:\windows\Irremote.ini
2009-01-20 20:53 . 2009-01-20 20:53	<DIR>	d--------	c:\program files\Common Files\LightScribe
2009-01-20 20:24 . 2008-02-28 14:26	1,414,440	--a------	c:\windows\System32\ShellManager310E2D762.dll
2009-01-20 20:24 . 2008-02-28 14:01	774,144	--a------	c:\windows\System32\NEROINSTAEC43759.DB
2009-01-20 16:34 . 2009-01-20 16:34	<DIR>	d--------	c:\users\All Users\EPSON
2009-01-20 16:34 . 2009-01-20 16:34	<DIR>	d--------	c:\programdata\EPSON
2009-01-20 16:33 . 2007-12-07 02:08	86,528	--a------	c:\windows\System32\E_FLBADJ.DLL
2009-01-20 16:33 . 2007-12-07 02:01	78,848	--a------	c:\windows\System32\E_FD4BADJ.DLL
2009-01-20 16:33 . 2004-09-10 20:12	49,152	--a------	c:\windows\System32\E_DCINST.DLL
2009-01-15 10:01 . 2008-12-16 11:42	288,768	--a------	c:\windows\System32\drivers\srv.sys
2009-01-15 08:08 . 2009-01-21 10:09	22,528	--a------	c:\windows\msiUpdate.exe
2009-01-12 19:50 . 2006-05-20 16:16	1,184,984	--a------	c:\windows\System32\wvc1dmod.dll
2009-01-12 19:50 . 2006-05-11 19:21	626,688	--a------	c:\windows\System32\vp7vfw.dll
2009-01-12 19:50 . 2002-12-10 02:20	102,439	--a------	c:\windows\System32\sipr3260.dll
2009-01-10 13:54 . 2008-12-08 03:08	795,648	--a------	c:\windows\System32\xvidcore.dll
2009-01-10 13:54 . 2008-12-08 03:08	130,048	--a------	c:\windows\System32\xvidvfw.dll
2009-01-06 22:45 . 2009-01-06 22:45	<DIR>	d--------	c:\program files\Earth
2009-01-03 19:08 . 2009-01-10 13:54	<DIR>	d--------	c:\program files\K-Lite Codec Pack
2009-01-02 21:12 . 2009-01-02 21:12	<DIR>	d--------	c:\users\All Users\FLEXnet
2009-01-02 21:12 . 2009-01-02 21:12	<DIR>	d--------	c:\programdata\FLEXnet
2009-01-02 20:59 . 2009-01-03 06:42	<DIR>	d--------	c:\users\All Users\Adobe
2009-01-01 09:51 . 2009-01-01 09:51	81,920	--a------	c:\users\Vista\AppData\Roaming\ezpinst.exe
2008-12-31 16:38 . 2008-12-31 16:38	<DIR>	d--------	c:\program files\Domain Software
2008-12-29 20:18 . 2008-12-29 20:18	<DIR>	d--------	c:\program files\Common Files\Logicool
2008-12-29 20:10 . 2009-01-23 22:16	<DIR>	d--------	c:\windows\System32\Service
2008-12-29 17:02 . 2009-01-01 10:13	<DIR>	d--------	c:\users\All Users\DVD Shrink
2008-12-29 17:02 . 2009-01-01 10:13	<DIR>	d--------	c:\programdata\DVD Shrink
2008-12-29 17:02 . 2008-12-29 17:02	<DIR>	d--------	c:\program files\DVD Shrink
2008-12-29 16:56 . 2008-12-29 16:56	<DIR>	d--------	c:\program files\DVD Decrypter
2008-12-25 21:13 . 2008-12-25 21:36	<DIR>	d--------	C:\OutputFolder
2008-12-25 21:12 . 2008-12-25 21:13	<DIR>	d--------	c:\program files\Allok Video Joiner
2008-12-25 21:12 . 2007-04-12 14:19	129,024	--a------	c:\windows\System32\AVERM.dll
2008-12-25 21:12 . 2006-09-26 13:57	28,672	--a------	c:\windows\System32\AVEQT.dll
2008-12-25 21:05 . 2008-12-25 21:05	<DIR>	d--------	C:\VideoOutput
2008-12-25 16:16 . 2008-12-25 16:16	<DIR>	d--------	c:\users\Vista\AppData\Roaming\DAEMON Tools Pro
2008-12-25 16:16 . 2008-12-25 16:16	<DIR>	d--------	c:\users\Vista\AppData\Roaming\DAEMON Tools Lite
2008-12-25 16:16 . 2008-12-25 16:16	<DIR>	d--------	c:\users\All Users\DAEMON Tools Lite
2008-12-25 16:16 . 2008-12-25 16:16	<DIR>	d--------	c:\programdata\DAEMON Tools Lite
2008-12-25 16:16 . 2008-12-25 16:16	<DIR>	d--------	c:\program files\DAEMON Tools Lite
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 04:15	---------	d-----w	c:\users\Vista\AppData\Roaming\Skype
2009-01-24 03:50	---------	d-----w	c:\users\Vista\AppData\Roaming\skypePM
2009-01-23 23:43	---------	d-----w	c:\program files\Transcode360
2009-01-23 23:43	---------	d-----w	c:\program files\Steam
2009-01-23 23:42	34,408	----a-w	c:\windows\system32\drivers\stwrte.log
2009-01-23 23:42	0	----a-w	c:\windows\system32\drivers\lvuvc.hs
2009-01-23 23:41	---------	d-----w	c:\users\Vista\AppData\Roaming\uTorrent
2009-01-23 22:54	---------	d-----w	c:\programdata\Google Updater
2009-01-23 11:20	---------	d-----w	c:\programdata\Lavasoft
2009-01-21 13:08	---------	d-----w	c:\program files\CCleaner
2009-01-20 13:17	17,192,960	----a-w	c:\windows\System32\imageres.dll
2009-01-20 12:51	---------	d-----w	c:\users\Vista\AppData\Roaming\Nero
2009-01-20 12:49	---------	d-----w	c:\program files\Nero
2009-01-20 12:34	---------	d-----w	c:\program files\Common Files\Nero
2009-01-20 12:13	---------	d-----w	c:\programdata\Nero
2009-01-20 07:18	---------	d-----w	c:\program files\Common Files\Steam
2009-01-18 23:22	---------	d-----w	c:\users\Vista\AppData\Roaming\.purple
2009-01-15 04:19	---------	d-----w	c:\program files\Windows Mail
2009-01-15 04:18	---------	d-----w	c:\programdata\Microsoft Help
2009-01-12 11:27	---------	d-----w	c:\users\Vista\AppData\Roaming\Vso
2009-01-12 10:50	---------	d-----w	c:\program files\VSO
2009-01-12 10:49	47,360	----a-w	c:\users\Vista\AppData\Roaming\pcouffin.sys
2009-01-11 20:37	---------	d-----w	c:\users\Vista\AppData\Roaming\LimeWire
2009-01-11 20:37	---------	d-----w	c:\program files\NCH Swift Sound
2009-01-11 20:36	---------	d-----w	c:\users\Vista\AppData\Roaming\NCH Swift Sound
2009-01-08 04:29	977	----a-w	c:\program files\Txt2Vobsub_Settings.ini
2009-01-02 21:31	---------	d-----w	c:\program files\Common Files\Adobe
2009-01-02 06:06	3,192	----a-w	c:\windows\System32\KGyGaAvL.sys
2008-12-31 12:21	---------	d-----w	c:\program files\Mozilla Thunderbird
2008-12-29 23:51	---------	d-----w	c:\program files\Dreamweaver
2008-12-29 04:29	---------	d-----w	c:\users\Vista\AppData\Roaming\dvdcss
2008-12-28 22:48	2,330,643	----a-w	c:\windows\System32\x264vfw.dll
2008-12-25 09:45	---------	d-----w	c:\program files\AviSynth 2.5
2008-12-25 07:16	---------	d-----w	c:\users\Vista\AppData\Roaming\DAEMON Tools
2008-12-23 00:13	---------	d-----w	c:\program files\Trend Micro
2008-12-23 00:09	---------	d-----w	c:\programdata\Trend Micro
2008-12-23 00:05	80,400	----a-w	c:\windows\system32\drivers\tmtdi.sys
2008-12-23 00:05	50,192	----a-w	c:\windows\system32\drivers\tmactmon.sys
2008-12-23 00:05	49,680	----a-w	c:\windows\system32\drivers\tmevtmgr.sys
2008-12-23 00:05	256,528	----a-w	c:\windows\system32\drivers\tmwfp.sys
2008-12-23 00:05	145,424	----a-w	c:\windows\system32\drivers\tmlwf.sys
2008-12-23 00:05	144,912	----a-w	c:\windows\system32\drivers\tmcomm.sys
2008-12-22 11:09	---------	d-----w	c:\users\Vista\AppData\Roaming\Nokia
2008-12-21 21:53	---------	d-----w	c:\programdata\Installations
2008-12-21 21:53	---------	d-----w	c:\program files\Nokia
2008-12-21 21:53	---------	d-----w	c:\program files\Common Files\PCSuite
2008-12-21 21:53	---------	d-----w	c:\program files\Common Files\Nokia
2008-12-21 21:51	---------	d-----w	c:\program files\PC Connectivity Solution
2008-12-12 10:53	---------	d-----w	c:\users\Vista\AppData\Roaming\Media Player Classic
2008-12-08 23:26	---------	d-----w	c:\program files\Java
2008-12-08 11:53	57,344	----a-w	c:\windows\System32\ff_vfw.dll
2008-12-05 06:57	---------	d-----w	c:\program files\Adobe Photoshop
2008-12-03 13:06	---------	d-----w	c:\program files\Pidgin
2008-12-03 13:06	---------	d-----w	c:\program files\Common Files\GTK
2008-11-27 01:42	36,368	----a-w	c:\windows\system32\drivers\tmpreflt.sys
2008-11-27 01:42	205,328	----a-w	c:\windows\system32\drivers\tmxpflt.sys
2008-11-27 01:39	1,195,384	----a-w	c:\windows\system32\drivers\vsapint.sys
2008-11-24 09:14	---------	d-----w	c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 09:14	---------	d-----w	c:\program files\iTunes
2008-11-24 09:14	---------	d-----w	c:\program files\iPod
2008-11-24 09:14	---------	d-----w	c:\program files\Common Files\Apple
2008-11-24 09:12	---------	d-----w	c:\program files\QuickTime
2008-11-19 12:39	107,888	----a-w	c:\windows\System32\CmdLineExt.dll
2008-11-09 20:43	410,984	----a-w	c:\windows\System32\deploytk.dll
2008-11-01 03:44	541,696	----a-w	c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44	52,736	----a-w	c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44	460,288	----a-w	c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44	28,672	----a-w	c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44	2,154,496	----a-w	c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44	173,056	----a-w	c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21	4,240,384	----a-w	c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29	2,927,104	----a-w	c:\windows\explorer.exe
2008-10-28 22:35	684,032	----a-w	c:\windows\System32\divx.dll
2008-10-27 01:04	70,992	----a-w	c:\windows\System32\XAPOFX1_2.dll
2008-10-27 01:04	514,384	----a-w	c:\windows\System32\XAudio2_3.dll
2008-10-27 01:04	235,856	----a-w	c:\windows\System32\xactengine3_3.dll
2008-10-27 01:04	23,376	----a-w	c:\windows\System32\X3DAudio1_5.dll
2008-10-18 08:18	722,176	----a-w	c:\users\Vista\gotomypc_428.exe
2008-09-12 12:42	1,347,072	----a-w	c:\program files\Txt2VobSub.exe
2008-09-05 21:18	1,715	----a-w	c:\program files\sg_backup_2008-09-06-0618.spg
2008-09-04 02:32	1,715	----a-w	c:\program files\sg_backup_2008-09-04-1132.spg
2008-08-29 21:17	1,715	----a-w	c:\program files\sg_backup_2008-08-30-0617.spg
2008-08-15 13:32	1,715	----a-w	c:\program files\sg_backup_2008-08-15-2232.spg
2008-05-25 07:30	32	----a-w	c:\users\All Users\ezsid.dat
2008-05-25 07:30	32	----a-w	c:\programdata\ezsid.dat
2008-03-21 23:51	174	--sha-w	c:\program files\desktop.ini
2008-03-02 00:11	1,721	----a-w	c:\program files\FirstBackup.spg
2008-02-04 01:54	398,488	----a-w	c:\program files\switchsetup.exe
2007-12-16 22:15	610,304	----a-w	c:\program files\TCPOptimizer.exe
2007-05-13 16:01	1,413,120	----a-w	c:\program files\winsockfix(2).exe
2008-05-25 09:36	8	--sh--r	c:\windows\System32\DA135328D0.sys
.
 
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
 
 
---- c:\windows\msiUpdate.exe ----
Company: 
File Description: 
File Version: 1.0.0.5
Product Name: 
Copyright: Copyright c  2008
Original file name: groupmanager.exe
MD5: 5a8afbb2e1816b29325dd2eb1b2ef9a1
 
---- Directory of c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800} ----
 
			c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}\ 
 
---- Directory of c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800} ----
 
			c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}\ 
 
---- Directory of c:\windows\System32\Service ----
 
2009-01-23 23:50	2784	--a------	c:\windows\System32\Service\23012009_TIS17_SfFniAU.log 
2009-01-20 15:48	928	--a------	c:\windows\System32\Service\20012009_TIS17_SfFniAU.log 
2008-12-29 20:10	928	--a------	c:\windows\System32\Service\29122008_TIS17_SfFniAU.log 
 
 
(((((((((((((((((((((((((((((   snapshot@2009-01-23_22.08.15.86   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-23 13:03:42	2,048	--sha-w	c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-23 23:42:58	2,048	--sha-w	c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-01-23 13:03:42	2,048	--sha-w	c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-01-23 23:42:58	2,048	--sha-w	c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-23 13:04:17	262,144	--sha-w	c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-01-23 23:43:18	262,144	--sha-w	c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-01-23 23:43:18	262,144	---ha-w	c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-01-23 13:04:59	262,144	--sha-w	c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-01-23 23:44:32	262,144	--sha-w	c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-01-23 23:44:32	262,144	---ha-w	c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-01-23 11:12:19	16,384	------w	c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-24 04:14:39	16,384	------w	c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-23 11:12:19	49,152	----a-w	c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-24 04:14:39	49,152	----a-w	c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-23 11:12:19	16,384	------w	c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-24 04:14:39	16,384	------w	c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-23 11:30:59	123,536	----a-w	c:\windows\System32\perfc009.dat
+ 2009-01-24 02:36:37	123,536	----a-w	c:\windows\System32\perfc009.dat
- 2009-01-23 11:30:59	123,536	----a-w	c:\windows\System32\perfc011.dat
+ 2009-01-24 02:36:37	123,536	----a-w	c:\windows\System32\perfc011.dat
- 2009-01-23 11:30:59	653,826	----a-w	c:\windows\System32\perfh009.dat
+ 2009-01-24 02:36:37	653,826	----a-w	c:\windows\System32\perfh009.dat
- 2009-01-23 11:30:59	435,912	----a-w	c:\windows\System32\perfh011.dat
+ 2009-01-24 02:36:37	435,912	----a-w	c:\windows\System32\perfh011.dat
- 2009-01-23 13:05:47	12,066	----a-w	c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761222596-1403191366-214991424-1000_UserData.bin
+ 2009-01-23 23:45:02	12,318	----a-w	c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761222596-1403191366-214991424-1000_UserData.bin
- 2009-01-23 13:05:47	93,194	----a-w	c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-23 23:45:02	93,714	----a-w	c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-23 11:26:35	61,816	----a-w	c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-23 23:45:00	62,104	----a-w	c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-25 23:25:24	109,080	----a-w	c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-12-23 497008]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-09 185896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SoundTray"="c:\program files\Analog Devices\SoundMAX\SoundTray.exe" [2007-08-02 53248]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-28 1282048]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 563984]
"LogitechQuickCamRibbon"="c:\program files\Logicool\Qcam\Qcam.exe" [2008-08-14 2406160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-12-23 970808]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MCE Tunes Extender Support"="c:\program files\Proxure\MCE Tunes Pro\LaunchExtenderSupport.exe" [2007-11-13 45056]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-12-23 497008]
 
c:\users\Vista\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-02-09 3683824]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.divxa32"= divxa32.acm
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\[u]0[/u]autocheck lsdelete
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
--a------ 2007-10-30 19:52 16200 c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-10 18:02 216520 c:\program files\DAEMON Tools Lite\daemon.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-08 18:44 1410296 c:\program files\Steam\Steam.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-761222596-1403191366-214991424-1000]
"EnableNotificationsRef"=dword:00000001
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B216B66B-F51B-4A56-A2C3-194FE8716820}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9ECDCC38-E417-42C6-97F5-D4CB99693FBE}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7FA9F5AF-D342-4E46-BB4D-CEF9BA29C22E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{0F926F84-A939-421A-A299-447EF9DB7D23}"= UDP:49152:Utorrent
"{1AAA4DEB-FEB8-46E8-B312-7984278715BD}"= TCP:49152:utorrent
"{78C23670-3BE8-4BE4-B576-A8F75DEB03C1}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{3C001CA9-DB67-478F-A752-071BBBBC4653}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{E7C87C99-D816-45D6-A3B9-042BB05C3061}c:\\program files\\foldershare\\foldershare.exe"= UDP:c:\program files\foldershare\foldershare.exe:FolderShare
"UDP Query User{F539C203-274F-4AC1-B335-02A7856CA65E}c:\\program files\\foldershare\\foldershare.exe"= TCP:c:\program files\foldershare\foldershare.exe:FolderShare
"TCP Query User{1EF3BB52-2D61-4FA8-B42A-E89030731630}c:\\program files\\steam\\steamapps\\samhfoley\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\samhfoley\counter-strike source\hl2.exe:hl2
"UDP Query User{525969F4-44D2-4ADA-8310-10632A70A62C}c:\\program files\\steam\\steamapps\\samhfoley\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\samhfoley\counter-strike source\hl2.exe:hl2
"TCP Query User{485C5A82-F77B-461C-8B8B-D7AB824120B9}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{ABECFF1F-7928-42A7-A8C2-18B03ACA77D6}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{B461BBFE-C7B2-47D8-AEA4-C166D7BB7C45}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process 
"UDP Query User{EBDA8E9D-66B1-4450-AE59-19CFB1633F31}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process 
"TCP Query User{22D0546B-CB65-49F2-A06B-356F633E9404}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{9D2DE96E-ED25-4337-80D6-8C2BCCEACDE8}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{151DF907-0AB4-41FA-8DBF-9041C1BF2554}"= UDP:f:\program files\Utorrent\utorrent.exe:µTorrent
"{D3D42A59-441F-47D3-9E7B-CD8EAFF30CE1}"= TCP:f:\program files\Utorrent\utorrent.exe:µTorrent
"{F4BD9734-77F1-48F9-9A0E-06D2211A7C76}"= UDP:g:\utorrent\utorrent.exe:µTorrent
"{888CAFB0-28E7-47D7-B1F0-12A9F5A778FA}"= TCP:g:\utorrent\utorrent.exe:µTorrent
"{BEF08F72-8A84-47FF-914A-775E0E89ACDF}"= UDP:f:\utorrent\utorrent.exe:µTorrent
"{BBA1D60C-384E-48E8-9138-548F7678ACFE}"= TCP:f:\utorrent\utorrent.exe:µTorrent
"{D502EB84-B106-463E-B0B8-6F3C9E94C4EA}"= UDP:c:\program files\Steam\Steam.exe:Steam
"{A8405F21-25E0-49D8-B9B1-4C8CA5BF075E}"= TCP:c:\program files\Steam\Steam.exe:Steam
"TCP Query User{607C305E-524F-43BA-A7D6-8BB7D89E5E5B}c:\\users\\vista\\appdata\\local\\foldershare\\foldershare.exe"= UDP:c:\users\vista\appdata\local\foldershare\foldershare.exe:foldershare.exe
"UDP Query User{4A8AFC4D-D30E-4010-9FAA-3649A9F4869A}c:\\users\\vista\\appdata\\local\\foldershare\\foldershare.exe"= TCP:c:\users\vista\appdata\local\foldershare\foldershare.exe:foldershare.exe
"TCP Query User{88FC65F3-4094-4007-9387-1C7D5D5B28DE}c:\\program files\\media control\\remotecontrolhook.exe"= UDP:c:\program files\media control\remotecontrolhook.exe: 
"UDP Query User{603D6C04-188F-42D8-8962-12037EB15FFE}c:\\program files\\media control\\remotecontrolhook.exe"= TCP:c:\program files\media control\remotecontrolhook.exe: 
"TCP Query User{88C2CD8B-A1C1-446B-BBFD-60CA56DCA558}c:\\windows\\ehome\\ehexthost.exe"= UDP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"UDP Query User{0A86D967-006B-40C8-AB0C-A5069889D60A}c:\\windows\\ehome\\ehexthost.exe"= TCP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"{276E4ECA-B4A2-4B58-881A-619CB1CFFD97}"= UDP:c:\users\Vista\AppData\Roaming\uTorrent\wget.exe:wget
"{329ECABE-B5EE-480F-988C-9E62602E27A3}"= TCP:c:\users\Vista\AppData\Roaming\uTorrent\wget.exe:wget
"TCP Query User{F800C4E4-A6A6-4053-8E5C-684FBC9BA9C7}c:\\program files\\mozilla firefox 3 beta 4\\firefox.exe"= UDP:c:\program files\mozilla firefox 3 beta 4\firefox.exe:Firefox
"UDP Query User{9E87F8AF-8CD1-48AB-A058-C48595E6FBD9}c:\\program files\\mozilla firefox 3 beta 4\\firefox.exe"= TCP:c:\program files\mozilla firefox 3 beta 4\firefox.exe:Firefox
"{A1021C89-3608-4860-9A3E-90CC01938D30}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{234A8D2D-8936-4488-8E9F-F4905651EE80}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{C9BAD34B-F985-44B3-94D3-989F38B556F2}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath 
"UDP Query User{5E1CD267-5F28-4A60-AA85-040F84E527FE}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath 
"TCP Query User{6F9B8D66-86AC-4CF1-88FD-4E39D5877920}c:\\windows\\ehome\\ehexthost.exe"= UDP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"UDP Query User{FFD47436-C599-45C2-B387-798802ACF0FA}c:\\windows\\ehome\\ehexthost.exe"= TCP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"TCP Query User{8DC3A4E8-2C39-4601-999E-339EBFA335F9}c:\\program files\\media control\\remotecontrolhook.exe"= UDP:c:\program files\media control\remotecontrolhook.exe: 
"UDP Query User{8112E52F-3978-4B17-BA2C-9DEC61B53729}c:\\program files\\media control\\remotecontrolhook.exe"= TCP:c:\program files\media control\remotecontrolhook.exe: 
"{0BA494E6-3CD2-4BA0-A1D4-6A67DA384E3D}"= UDP:f:\utorrent\utorrent.exe:µTorrent
"{0B48C81D-E2F7-4C2C-88B7-7275466B9D97}"= TCP:f:\utorrent\utorrent.exe:µTorrent
"TCP Query User{8A2EC43E-ABB4-4599-92F7-27A1138F88A8}c:\\program files\\lightningware\\vme 1.2\\vme manager.exe"= UDP:c:\program files\lightningware\vme 1.2\vme manager.exe:VME Manager
"UDP Query User{8676ACC1-9EEB-4794-B875-78E5256952D6}c:\\program files\\lightningware\\vme 1.2\\vme manager.exe"= TCP:c:\program files\lightningware\vme 1.2\vme manager.exe:VME Manager
"{AEC46CE6-8055-4D29-86B5-471655056878}"= UDP:c:\program files\Sling Media\SlingPlayer\SlingPlayer.exe:Launch SlingPlayer
"{F5CC849A-F237-4CC9-894E-910C5AB4FB1A}"= TCP:c:\program files\Sling Media\SlingPlayer\SlingPlayer.exe:Launch SlingPlayer
"{3FACC12B-40A0-42FD-92CE-19090CD8EBF7}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{D3171D72-599E-4FC3-AEEE-6061398684BC}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{CB20A671-5F69-4304-A7A2-11EED617AD6F}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{6FD7C3E5-0F89-4633-A3D1-58B290D66C72}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{2BC55FC6-8B53-41BE-B0B5-4E9A7DDCB2F2}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process 
"UDP Query User{21FB5244-2FEE-428E-AD9A-729E20E48119}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process 
"TCP Query User{7865576A-85F4-41B0-9F82-660C36F0E2C7}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath 
"UDP Query User{321909A0-D8AD-4F43-8617-71A675CF3C30}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath 
"{C69A8D74-337A-4DF8-91D3-E75B4E6A4E7E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{936D87C5-64EE-4E6B-AC54-E69021701E47}"= UDP:f:\utorrent\utorrent.exe:µTorrent (TCP-In)
"{E49224BE-F975-4897-8CFF-C2D501B8D65B}"= TCP:f:\utorrent\utorrent.exe:µTorrent (UDP-In)
"{03E32A78-916E-48C1-AA9B-2A9D6BC860FF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{34D8A968-C6F2-48B4-AF1D-297BA2BBFF4F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CFA8FB4C-D5D2-4072-9B9F-DA8A611DBD1C}"= UDP:c:\program files\Transcode360\Transcode360.exe:Transcode 360
"{869A7164-F357-41E3-B8A7-831042B38F89}"= TCP:c:\program files\Transcode360\Transcode360.exe:Transcode 360
"{11AEFD2D-8731-411D-A546-F42B7ACA051D}"= TCP:1041:Transcode 360
"{E95BAD62-41FB-4203-B962-23F1A4DB4762}"= TCP:10244:Transcode 360
"TCP Query User{5CB84706-3111-429E-A496-51C79B1DB27D}c:\\program files\\steam\\steamapps\\samhfoley\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\samhfoley\counter-strike source\hl2.exe:hl2
"UDP Query User{AF2C2758-8EEC-450B-B4F1-A2076E6663DC}c:\\program files\\steam\\steamapps\\samhfoley\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\samhfoley\counter-strike source\hl2.exe:hl2
"{0660ECFF-1142-494B-B0EB-CC627DC2EF45}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo
"{1BBA5738-BDE2-496D-A743-C46C568E8EAB}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo
"{9C32DD41-0808-42EE-BE8F-34CA81B38F4B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A2731A37-989E-4EEE-B937-E406EE24CF3A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{806BF5A3-4E34-4080-9604-BF4A1B6AD826}"= UDP:5353:Adobe CSI CS4
"{2D71730A-3EB4-44B1-965C-B03F14C806D9}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{50EA2307-718C-4D53-8B12-C8F35C742B93}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
 
R1 c2scsi;c2scsi;c:\windows\System32\drivers\C2SCSI.SYS [2007-08-18 252152]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\System32\drivers\tmlwf.sys [2008-12-23 145424]
R3 HabuFltr;Habu Mouse;c:\windows\System32\drivers\habu.sys [2006-10-23 27776]
R3 Pxrmcet;Pxrmcet;c:\windows\System32\drivers\Pxrmcet.sys [2007-11-13 15104]
R4 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R4 SlingAgentService;SlingAgent Service;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [2008-12-10 88576]
R4 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [2008-12-23 36368]
R4 tmwfp;Trend Micro WFP Callout Driver;c:\windows\System32\drivers\tmwfp.sys [2008-12-23 256528]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [2008-02-08 240128]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187.sys [2008-06-27 335872]
S4 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?]
S4 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [2008-12-23 181584]
S4 SessionLauncher;SessionLauncher;c:\users\Vista\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\users\Vista\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S4 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [2008-12-23 49680]
S4 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2008-12-23 492888]
S4 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2008-12-23 677128]
 
--- Other Services/Drivers In Memory ---
 
*Deregistered* - sptd
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93a25499-8d22-11dd-b5c8-001e8c8ec339}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\pagefiles.exe
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93a254a1-8d22-11dd-b5c8-001e8c8ec339}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93a254aa-8d22-11dd-b5c8-001e8c8ec339}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3ca94cb-fe90-11d5-850d-806e6f6e6963}]
\shell\AutoRun\command - d:\.\Bin\Assetup.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
 
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
 
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder
 
2009-01-23 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
 
2009-01-23 c:\windows\Tasks\RtlVistaStart.job
- c:\program files\ASUS WiFi-AP Solo\RtWLan.exe []
 
2009-01-24 c:\windows\Tasks\User_Feed_Synchronization-{7F9F310D-0426-4678-97CC-49EB98D954A0}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 16:33]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
FF - ProfilePath - c:\users\Vista\AppData\Roaming\Mozilla\Firefox\Profiles\[u]0[/u]x3drx7z.New Age 1-2009\
FF - prefs.js: browser.startup.homepage - hxxp://www.espn.com
FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFTMUFEHelper.dll
FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFToolbarComm.dll
FF - component: c:\users\Vista\AppData\Roaming\Mozilla\Firefox\Profiles\[u]0[/u]x3drx7z.New Age 1-2009\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
 
**************************************************************************
 
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 13:19:46
Windows 6.0.6001 Service Pack 1 NTFS
 
scanning hidden processes ...  
 
scanning hidden autostart entries ... 
 
scanning hidden files ...  
 
scan completed successfully
hidden files: 0
 
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
 
- - - - - - - > 'Explorer.exe'(2420)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\Stardock\ObjectDock\Docklets\menuhook.func
.
Completion time: 2009-01-24 13:21:45
ComboFix-quarantined-files.txt  2009-01-24 04:21:43
ComboFix2.txt  2009-01-23 13:12:40
 
Pre-Run: 63,810,924,544 bytes free
Post-Run: 63,562,825,728 bytes free
 
436	--- E O F ---	2009-01-15 04:19:09

Open in new window

Looks like you've uninstalled Ad-Aware.

Navigate to this registry:
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute  
               
on the right pane you can doubleclick on BootExecute and modify the data,  and delete this data  --> + autocheck lsdelete    

mine is just the default --> autocheck autochk *            
I have currentcontrolset 001 and 003
neither of them contain BootExecute
combofix log look OK? nothing else hiding anywhere I need to search for?
Can I delete the file Qoobox which contains the quarrantine folder?
reinstalled Adaware, same message appears on startup
I am encountering the message vssvc.exe is trying to make changes to the startup area of the registry.  Is this OK?  Never seen it before
>>>I have currentcontrolset 001 and 003

Just "currentcontrolset" without any numbers.

And no please do not delete the Qoobox folder yet, it will be deleted when you uninstall combofix. I don't see any obvious malicious files in the log, bside that suspicous "msiUpdate.exe" and the others which you said were okay,

Do you recognize all of the installed programs showing in the log?

vssvc.exe <-- in system32 folder is legit
 
I RAN A REG KEY CLEANER AND GOT RID OF THE MESSAGE.  REINSTALLED ADAWARE AND SO FAR THINGS LOOK OK.  ANYTHING ELSE i SHOULD DO?
Good job, I guess that's it.
You can then uninstall Combofix. The process will delete it's backup and also will reset System Restore but will create one restore point.

To uninstall Combofix:
Go to Start > Run and 'copy and paste' next command in the field:

ComboFix /u
well once again, thank you!  You saved me last time and you saved me again this time!  Like a superhero of virus fighting.  Always arrive on the scene whenever help is needed.  many thanks!
wonderful instructions.  very easy to follow.  Very thorough