StartupList report, 9/24/2006, 11:40:14 PM StartupList version 2.01.0 Started from: C:\Documents and Settings\momo\Desktop\startuplist\StartupList.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Logged on as 'momo' to 'MOMOR' * Using default options (see end of log for possible options) ================================================== Running processes (30): [C:\Documents and Settings\momo\Desktop\startuplist\StartupList.exe (41)] C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\asycfilt.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\COMCTL32.dll C:\WINDOWS\system32\comdlg32.dll C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\DNSAPI.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\MSCOMCTL.OCX C:\WINDOWS\system32\MSCTF.dll C:\WINDOWS\system32\msi.dll C:\WINDOWS\system32\MSVBVM60.DLL C:\WINDOWS\system32\MSVCP60.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\NETAPI32.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\NTDSAPI.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\Secur32.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\SXS.DLL C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\wbem\fastprox.dll C:\WINDOWS\system32\wbem\wbemcomn.dll C:\WINDOWS\system32\wbem\wbemdisp.dll C:\WINDOWS\system32\wbem\wbemprox.dll C:\WINDOWS\system32\wbem\wbemsvc.dll C:\WINDOWS\system32\wbem\wmiutils.dll C:\WINDOWS\system32\WLDAP32.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (22)] C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\comdlg32.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\MPR.dll C:\WINDOWS\system32\MSCTF.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\NTMARTA.DLL C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\oleaut32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\SAMLIB.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\Version.DLL C:\WINDOWS\system32\WLDAP32.dll C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll [C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe (28)] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\ash_inet.dll C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\system32\advapi32.dll C:\WINDOWS\system32\comdlg32.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\hhctrl.ocx C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\mpr.dll C:\WINDOWS\system32\MSCTF.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\oleaut32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\serwvdrv.dll C:\WINDOWS\system32\shell32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\umdmxfrm.dll C:\WINDOWS\system32\user32.dll C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\version.dll C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\system32\winspool.drv C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (14)] C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\NTMARTA.DLL C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\oleaut32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\SAMLIB.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\WLDAP32.dll [C:\Program Files\ewido anti-spyware 4.0\ewido.exe (45)] C:\Program Files\ewido anti-spyware 4.0\engine.dll C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\appHelp.dll C:\WINDOWS\system32\ATL.DLL C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\comdlg32.dll C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\System32\CSCDLL.dll C:\WINDOWS\System32\cscui.dll C:\WINDOWS\system32\DNSAPI.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\hnetcfg.dll C:\WINDOWS\system32\iphlpapi.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\LINKINFO.dll C:\WINDOWS\system32\MSCTF.dll C:\WINDOWS\system32\MSIMG32.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\mswsock.dll C:\WINDOWS\system32\NETAPI32.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ntshrui.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\oleaut32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\rasadhlp.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\serwvdrv.dll C:\WINDOWS\system32\SETUPAPI.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\umdmxfrm.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\System32\winrnr.dll C:\WINDOWS\system32\WLDAP32.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\System32\wshtcpip.dll C:\WINDOWS\system32\WSOCK32.dll C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll [C:\Program Files\ewido anti-spyware 4.0\guard.exe (26)] C:\Program Files\ewido anti-spyware 4.0\engine.dll C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\NTMARTA.DLL C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\oleaut32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\SAMLIB.dll C:\WINDOWS\system32\serwvdrv.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\umdmxfrm.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\system32\WLDAP32.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe (35)] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\BCGCB59.dll C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\perfiloc.dll C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\wcswmi.dll C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\appHelp.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\MFC42.DLL C:\WINDOWS\system32\MSCTF.dll C:\WINDOWS\system32\MSVCP60.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\RICHED20.dll C:\WINDOWS\system32\RICHED32.DLL C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\serwvdrv.dll C:\WINDOWS\system32\SETUPAPI.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\umdmxfrm.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\system32\WSOCK32.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (135)] c:\program files\kaspersky lab\kaspersky anti-virus 6.0\arj.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avlib.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp1.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp3info.ppl C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\AVPGS.PPL c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avpmgr.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avs.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avspm.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\base64.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\base64p.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\baseinstaller.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\bl.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\btdisk.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\btimages.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\buffer.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\cab.ppl C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\CKAHComm.dll C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ckahrule.dll C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\CKAHUM.dll c:\program files\kaspersky lab\kaspersky anti-virus 6.0\crpthlpr.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\diff.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\dtreg.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\execinstaller.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\FSSync.dll c:\program files\kaspersky lab\kaspersky anti-virus 6.0\ftpsession.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\hashcont.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\hashmd5.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\hccmp.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\httpanlz.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\httpscan.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\httpsession.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\icheckersa.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\ichk2.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\imapprotocoller.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\inflate.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\inifile.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\iwgen.ppl C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klaveng.dll c:\program files\kaspersky lab\kaspersky anti-virus 6.0\l_llio.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\lha.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\lic60.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\mc.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\mdb.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\memmodsc.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\memscan.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\minizip.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\msoe.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\ndetect.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\netsession.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nntpprotocoller.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\ntfsstrm.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\ntlm.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\oas.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\ods.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\og.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pdm.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pop3protocoller.ppl C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll c:\program files\kaspersky lab\kaspersky anti-virus 6.0\procmon.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\productinfo.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\prseqio.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\prutil.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\qb.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\rar.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\report.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\sc.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\schedule.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\sfdb.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\smtpprotocoller.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\socket.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\startupenum2.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\thpimpl.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\timer.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tm.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\trafficmonitor2.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\uniarc.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\updatecategory.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\updateinfo.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\updateinstaller.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\updateobjectinfo.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\updater.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\updater2005.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\wdiskio.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\wmihlpr.ppl C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\CRYPT32.dll C:\WINDOWS\system32\DNSAPI.dll C:\WINDOWS\system32\fltlib.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\hnetcfg.dll C:\WINDOWS\system32\iphlpapi.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\MAPI32.dll C:\WINDOWS\system32\MSASN1.dll C:\WINDOWS\system32\msv1_0.dll C:\WINDOWS\system32\MSVCP60.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\mswsock.dll C:\WINDOWS\system32\NETAPI32.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\oleaut32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\rasadhlp.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\rsaenh.dll C:\WINDOWS\system32\Secur32.dll C:\WINDOWS\system32\SETUPAPI.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\userenv.dll C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\wininet.dll C:\WINDOWS\System32\winrnr.dll C:\WINDOWS\system32\WINSTA.dll C:\WINDOWS\system32\WLDAP32.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\System32\wshtcpip.dll C:\WINDOWS\system32\wtsapi32.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (50)] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\AVPGS.PPL c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avpgui.ppl C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\basegui.dll c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\FSSync.dll c:\program files\kaspersky lab\kaspersky anti-virus 6.0\inflate.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\qb.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\report.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\thpimpl.ppl c:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\appHelp.dll C:\WINDOWS\system32\asycfilt.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\System32\CSCDLL.dll C:\WINDOWS\System32\cscui.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\MSCTF.dll C:\WINDOWS\system32\MSVCP60.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\NETAPI32.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\oleaut32.dll C:\WINDOWS\system32\OLEPRO32.DLL C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\Secur32.dll C:\WINDOWS\system32\SETUPAPI.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\userenv.dll C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\WINSTA.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\system32\wtsapi32.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [C:\Program Files\Mozilla Firefox\firefox.exe (66)] C:\PROGRA~1\MOZILL~1\nssckbi.dll C:\Program Files\Microsoft Office\Office10\msohev.dll C:\Program Files\Mozilla Firefox\components\jar50.dll C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll C:\Program Files\Mozilla Firefox\js3250.dll C:\Program Files\Mozilla Firefox\nspr4.dll C:\Program Files\Mozilla Firefox\nss3.dll C:\Program Files\Mozilla Firefox\plc4.dll C:\Program Files\Mozilla Firefox\plds4.dll C:\Program Files\Mozilla Firefox\smime3.dll C:\Program Files\Mozilla Firefox\softokn3.dll C:\Program Files\Mozilla Firefox\ssl3.dll C:\Program Files\Mozilla Firefox\xpcom_compat.dll C:\Program Files\Mozilla Firefox\xpcom_core.dll C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\appHelp.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\comdlg32.dll C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\CRYPT32.dll C:\WINDOWS\System32\CSCDLL.dll C:\WINDOWS\System32\cscui.dll C:\WINDOWS\system32\DNSAPI.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\hnetcfg.dll C:\WINDOWS\system32\IMAGEHLP.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\midimap.dll C:\WINDOWS\system32\mlang.dll C:\WINDOWS\system32\MSACM32.dll C:\WINDOWS\system32\msacm32.drv C:\WINDOWS\system32\MSASN1.dll C:\WINDOWS\system32\MSCTF.dll C:\WINDOWS\system32\msimg32.dll C:\WINDOWS\system32\msimtf.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\mswsock.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\rasadhlp.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\serwvdrv.dll C:\WINDOWS\system32\SETUPAPI.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\umdmxfrm.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\wdmaud.drv C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\System32\winrnr.dll C:\WINDOWS\system32\WINSPOOL.DRV C:\WINDOWS\system32\WINTRUST.dll C:\WINDOWS\system32\WLDAP32.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\System32\wshtcpip.dll C:\WINDOWS\system32\WSOCK32.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll [C:\Program Files\Spyware Doctor\sdhelp.exe (27)] C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\system32\advapi32.dll C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\comdlg32.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\NETAPI32.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\NTMARTA.DLL C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\oleaut32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\SAMLIB.dll C:\WINDOWS\system32\shell32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\user32.dll C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\version.dll C:\WINDOWS\system32\WINSTA.dll C:\WINDOWS\system32\WLDAP32.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\system32\wsock32.dll C:\WINDOWS\system32\WtsApi32.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [C:\Program Files\UPHClean\uphclean.exe (13)] C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\system32\advapi32.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\MSVCP60.dll C:\WINDOWS\system32\MSVCRT.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\oleaut32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\user32.dll C:\WINDOWS\system32\VERSION.dll [C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (35)] C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\system32\advapi32.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\comdlg32.dll C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\CRYPT32.dll C:\WINDOWS\system32\dnsapi.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\IMAGEHLP.DLL C:\WINDOWS\system32\iphlpapi.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\mpr.dll C:\WINDOWS\system32\MSASN1.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\oleaut32.dll C:\WINDOWS\system32\olepro32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\SETUPAPI.dll C:\WINDOWS\system32\shell32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\SXS.DLL C:\WINDOWS\system32\user32.dll C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\vdmdbg.dll C:\WINDOWS\system32\version.dll C:\WINDOWS\system32\wininet.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\system32\wsock32.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [C:\WINDOWS\Explorer.EXE (108)] C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll C:\PROGRA~1\WINZIP\WZSHLSTB.DLL C:\Program Files\ewido anti-spyware 4.0\context.dll C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll C:\Program Files\Spyware Doctor\tools\swpg.dat C:\Program Files\Unlocker\UnlockerCOM.dll C:\Program Files\WinRAR\rarext.dll C:\WINDOWS\AppPatch\AcGenral.DLL C:\WINDOWS\system32\ACTIVEDS.dll C:\WINDOWS\system32\ACTXPRXY.DLL C:\WINDOWS\system32\adsldpc.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\appHelp.dll C:\WINDOWS\system32\ATL.DLL C:\WINDOWS\system32\AVIFIL32.dll C:\WINDOWS\system32\BatMeter.dll C:\WINDOWS\system32\browselc.dll C:\WINDOWS\system32\BROWSEUI.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\comdlg32.dll C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\credui.dll C:\WINDOWS\system32\CRYPT32.dll C:\WINDOWS\system32\CRYPTUI.dll C:\WINDOWS\system32\CSCDLL.dll C:\WINDOWS\system32\cscui.dll C:\WINDOWS\System32\davclnt.dll C:\WINDOWS\System32\drprov.dll C:\WINDOWS\system32\DUSER.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\IMAGEHLP.dll C:\WINDOWS\system32\iphlpapi.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\LINKINFO.dll C:\WINDOWS\system32\midimap.dll C:\WINDOWS\system32\MLANG.dll C:\WINDOWS\system32\MPR.dll C:\WINDOWS\system32\MPRAPI.dll C:\WINDOWS\system32\MSACM32.dll C:\WINDOWS\system32\msacm32.drv C:\WINDOWS\system32\MSASN1.dll C:\WINDOWS\system32\MSCTF.dll C:\WINDOWS\system32\MSGINA.dll C:\WINDOWS\system32\msi.dll C:\WINDOWS\system32\MSIMG32.dll C:\WINDOWS\system32\msutb.dll C:\WINDOWS\system32\msv1_0.dll C:\WINDOWS\system32\MSVCP60.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\MSVFW32.dll C:\WINDOWS\system32\mydocs.dll C:\WINDOWS\system32\NETAPI32.dll C:\WINDOWS\System32\NETRAP.dll C:\WINDOWS\system32\NETSHELL.dll C:\WINDOWS\System32\NETUI0.dll C:\WINDOWS\System32\NETUI1.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\System32\ntlanman.dll C:\WINDOWS\system32\ntshrui.dll C:\WINDOWS\system32\ODBC32.dll C:\WINDOWS\system32\odbcint.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\POWRPROF.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\RASAPI32.DLL C:\WINDOWS\system32\RASDLG.dll C:\WINDOWS\system32\rasman.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\rsaenh.dll C:\WINDOWS\system32\rtutils.dll C:\WINDOWS\System32\SAMLIB.dll C:\WINDOWS\system32\Secur32.dll C:\WINDOWS\system32\sensapi.dll C:\WINDOWS\system32\serwvdrv.dll C:\WINDOWS\system32\SETUPAPI.dll C:\WINDOWS\system32\shdoclc.dll C:\WINDOWS\system32\SHDOCVW.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\ShimEng.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\shmedia.dll C:\WINDOWS\system32\stobject.dll C:\WINDOWS\system32\SXS.DLL C:\WINDOWS\system32\syncui.dll C:\WINDOWS\system32\TAPI32.dll C:\WINDOWS\system32\themeui.dll C:\WINDOWS\system32\umdmxfrm.dll C:\WINDOWS\system32\urlmon.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\system32\UxTheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\wdmaud.drv C:\WINDOWS\system32\WININET.dll C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\system32\WINSTA.dll C:\WINDOWS\system32\WINTRUST.dll C:\WINDOWS\system32\WLDAP32.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\system32\WTSAPI32.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [C:\WINDOWS\System32\alg.exe (34)] C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\AppPatch\AcGenral.DLL C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\System32\ATL.DLL C:\WINDOWS\System32\CLBCATQ.DLL C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\System32\COMRes.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\hnetcfg.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\System32\MSACM32.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\System32\MSWSOCK.DLL C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\System32\PSAPI.DLL C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\System32\serwvdrv.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\System32\ShimEng.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\System32\umdmxfrm.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\System32\UxTheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\System32\WINMM.dll C:\WINDOWS\System32\WS2_32.dll C:\WINDOWS\System32\WS2HELP.dll C:\WINDOWS\System32\wshtcpip.dll C:\WINDOWS\System32\WSOCK32.dll C:\WINDOWS\System32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [C:\WINDOWS\system32\Ati2evxx.exe (13)] C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\oleaut32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\Secur32.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\uxtheme.dll [C:\WINDOWS\system32\csrss.exe (17)] C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\Apphelp.dll C:\WINDOWS\system32\basesrv.dll C:\WINDOWS\system32\CSRSRV.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\KERNEL32.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\oleaut32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\sxs.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\winsrv.dll [C:\WINDOWS\system32\ctfmon.exe (26)] C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\AppPatch\AcGenral.DLL C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\MSACM32.dll C:\WINDOWS\system32\MSCTF.dll C:\WINDOWS\system32\MSUTB.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\serwvdrv.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\ShimEng.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\umdmxfrm.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\system32\UxTheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [C:\WINDOWS\system32\lsass.exe (60)] C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\AppPatch\AcGenral.DLL C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\AUTHZ.dll C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\CRYPT32.dll C:\WINDOWS\system32\cryptdll.dll C:\WINDOWS\system32\DNSAPI.dll C:\WINDOWS\system32\dssenh.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\hnetcfg.dll C:\WINDOWS\system32\iphlpapi.dll C:\WINDOWS\system32\ipsecsvc.dll C:\WINDOWS\system32\kerberos.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\LSASRV.dll C:\WINDOWS\system32\MPR.dll C:\WINDOWS\system32\MSACM32.dll C:\WINDOWS\system32\MSASN1.dll C:\WINDOWS\system32\msprivs.dll C:\WINDOWS\system32\msv1_0.dll C:\WINDOWS\system32\MSVCP60.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\mswsock.dll C:\WINDOWS\system32\NETAPI32.dll C:\WINDOWS\system32\netlogon.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\NTDSAPI.dll C:\WINDOWS\system32\oakley.DLL C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\psbase.dll C:\WINDOWS\system32\pstorsvc.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\rsaenh.dll C:\WINDOWS\system32\SAMLIB.dll C:\WINDOWS\system32\SAMSRV.dll C:\WINDOWS\system32\scecli.dll C:\WINDOWS\system32\schannel.dll C:\WINDOWS\system32\Secur32.dll C:\WINDOWS\system32\serwvdrv.dll C:\WINDOWS\system32\SETUPAPI.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\ShimEng.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\umdmxfrm.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\system32\UxTheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\w32time.dll C:\WINDOWS\system32\wdigest.dll C:\WINDOWS\system32\WINIPSEC.DLL C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\system32\WLDAP32.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\System32\wshtcpip.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [C:\WINDOWS\system32\services.exe (37)] C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\AppPatch\AcGenral.DLL C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\Apphelp.dll C:\WINDOWS\system32\AUTHZ.dll C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\eventlog.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\MSACM32.dll C:\WINDOWS\system32\MSVCP60.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\NCObjAPI.DLL C:\WINDOWS\system32\NETAPI32.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\SCESRV.dll C:\WINDOWS\system32\secur32.dll C:\WINDOWS\system32\serwvdrv.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\ShimEng.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\umdmxfrm.dll C:\WINDOWS\system32\umpnpmgr.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\system32\UxTheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\system32\WINSTA.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\system32\wtsapi32.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [C:\WINDOWS\System32\smss.exe (1)] C:\WINDOWS\system32\ntdll.dll [C:\WINDOWS\system32\spoolsv.exe (53)] C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\AppPatch\AcGenral.DLL C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\cnbjmon.dll C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\CRYPT32.dll C:\WINDOWS\system32\DNSAPI.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\IMAGEHLP.dll C:\WINDOWS\system32\inetpp.dll C:\WINDOWS\system32\iphlpapi.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\localspl.dll C:\WINDOWS\system32\MSACM32.dll C:\WINDOWS\system32\MSASN1.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\System32\mswsock.dll C:\WINDOWS\system32\netapi32.dll C:\WINDOWS\system32\NETRAP.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\NTDSAPI.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\pjlmon.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\rasadhlp.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\Secur32.dll C:\WINDOWS\system32\serwvdrv.dll C:\WINDOWS\system32\sfc_os.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\ShimEng.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\SPOOLSS.DLL C:\WINDOWS\system32\tcpmon.dll C:\WINDOWS\system32\umdmxfrm.dll C:\WINDOWS\system32\usbmon.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\system32\UxTheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\win32spl.dll C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\System32\winrnr.dll C:\WINDOWS\system32\winspool.drv C:\WINDOWS\system32\WINTRUST.dll C:\WINDOWS\system32\WLDAP32.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [C:\WINDOWS\System32\svchost.exe (151)] C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\AppPatch\AcGenral.DLL c:\windows\pchealth\helpctr\binaries\pchsvc.dll C:\WINDOWS\System32\ACTIVEDS.dll C:\WINDOWS\System32\adsldpc.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\System32\ADVPACK.dll C:\WINDOWS\system32\Apphelp.dll c:\windows\system32\ATL.DLL c:\windows\system32\audiosrv.dll c:\windows\system32\AUTHZ.dll c:\windows\system32\browser.dll C:\WINDOWS\System32\Cabinet.dll c:\windows\system32\certcli.dll C:\WINDOWS\System32\CLBCATQ.DLL C:\WINDOWS\System32\CLUSAPI.DLL C:\WINDOWS\system32\colbact.DLL C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\System32\COMRes.dll C:\WINDOWS\system32\comsvcs.dll c:\windows\system32\credui.dll C:\WINDOWS\system32\CRYPT32.dll C:\WINDOWS\System32\cryptdll.dll c:\windows\system32\cryptsvc.dll C:\WINDOWS\system32\CRYPTUI.dll c:\windows\system32\dhcpcsvc.dll c:\windows\system32\dmserver.dll c:\windows\system32\DNSAPI.dll c:\windows\system32\ersvc.dll c:\windows\system32\es.dll c:\windows\system32\ESENT.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\System32\h323.tsp C:\WINDOWS\System32\HID.DLL C:\WINDOWS\System32\hidphone.tsp C:\WINDOWS\System32\HNETCFG.DLL C:\WINDOWS\System32\icmp.dll C:\WINDOWS\system32\IMAGEHLP.dll C:\WINDOWS\System32\ipconf.tsp c:\windows\system32\iphlpapi.dll c:\windows\system32\ipnathlp.dll C:\WINDOWS\system32\kerberos.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\System32\kmddsp.tsp C:\WINDOWS\system32\modemui.dll C:\WINDOWS\System32\MPRAPI.dll C:\WINDOWS\System32\MSACM32.dll C:\WINDOWS\system32\MSASN1.dll c:\windows\system32\msi.dll C:\WINDOWS\System32\MSIDLE.DLL C:\WINDOWS\System32\mspatcha.dll C:\WINDOWS\system32\msv1_0.dll c:\windows\system32\MSVCP60.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\mswsock.dll C:\WINDOWS\system32\MTXCLU.DLL C:\WINDOWS\system32\NCObjAPI.DLL C:\WINDOWS\System32\ndptsp.tsp C:\WINDOWS\system32\NETAPI32.dll C:\WINDOWS\System32\netcfgx.dll c:\windows\system32\netman.dll c:\windows\system32\netshell.dll C:\WINDOWS\system32\ntdll.dll c:\windows\system32\NTDSAPI.dll C:\WINDOWS\System32\ntlsapi.dll C:\WINDOWS\System32\NTMARTA.DLL C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll c:\windows\system32\POWRPROF.dll C:\WINDOWS\System32\PSAPI.DLL C:\WINDOWS\System32\rasadhlp.dll C:\WINDOWS\System32\RASAPI32.dll c:\windows\system32\rasauto.dll C:\WINDOWS\System32\raschap.dll C:\WINDOWS\System32\RASDLG.dll C:\WINDOWS\System32\rasman.dll C:\WINDOWS\System32\rasmans.dll C:\WINDOWS\System32\rasppp.dll C:\WINDOWS\System32\rastapi.dll C:\WINDOWS\System32\rastls.dll C:\WINDOWS\System32\RESUTILS.DLL C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\System32\rsaenh.dll c:\windows\system32\rtutils.dll C:\WINDOWS\System32\SAMLIB.dll C:\WINDOWS\System32\SCHANNEL.dll c:\windows\system32\schedsvc.dll c:\windows\system32\seclogon.dll c:\windows\system32\Secur32.dll c:\windows\system32\sens.dll C:\WINDOWS\System32\serwvdrv.dll C:\WINDOWS\System32\SETUPAPI.dll C:\WINDOWS\System32\sfc.dll C:\WINDOWS\System32\sfc_os.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\System32\SHFOLDER.dll C:\WINDOWS\System32\ShimEng.dll C:\WINDOWS\system32\SHLWAPI.dll c:\windows\system32\shsvcs.dll c:\windows\system32\srsvc.dll c:\windows\system32\srvsvc.dll C:\WINDOWS\System32\SXS.DLL C:\WINDOWS\System32\TAPI32.dll c:\windows\system32\tapisrv.dll c:\windows\system32\trkwks.dll C:\WINDOWS\System32\umdmxfrm.dll C:\WINDOWS\System32\unimdm.tsp C:\WINDOWS\System32\unimdmat.dll C:\WINDOWS\System32\uniplat.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\System32\UxTheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\VSSAPI.DLL c:\windows\system32\w32time.dll C:\WINDOWS\system32\WBEM\esscli.dll C:\WINDOWS\system32\WBEM\FastProx.dll C:\WINDOWS\system32\wbem\ncprov.dll C:\WINDOWS\system32\wbem\repdrvfs.dll C:\WINDOWS\system32\wbem\wbemcomn.dll C:\WINDOWS\system32\WBEM\wbemcore.dll C:\WINDOWS\system32\wbem\wbemess.dll C:\WINDOWS\system32\wbem\wbemsvc.dll C:\WINDOWS\system32\wbem\wmiprvsd.dll c:\windows\system32\wbem\wmisvc.dll C:\WINDOWS\system32\wbem\wmiutils.dll C:\WINDOWS\System32\WINHTTP.dll C:\WINDOWS\system32\WININET.dll C:\WINDOWS\System32\WINIPSEC.DLL C:\WINDOWS\System32\WINMM.dll C:\WINDOWS\System32\winrnr.dll C:\WINDOWS\System32\WinSCard.dll C:\WINDOWS\System32\WINSPOOL.DRV C:\WINDOWS\System32\WINSTA.dll C:\WINDOWS\system32\WINTRUST.dll c:\windows\system32\wkssvc.dll C:\WINDOWS\system32\WLDAP32.dll c:\windows\system32\WMI.dll c:\windows\system32\WS2_32.dll c:\windows\system32\WS2HELP.dll c:\windows\system32\wscsvc.dll C:\WINDOWS\System32\wshtcpip.dll C:\WINDOWS\system32\WSOCK32.dll c:\windows\system32\WTSAPI32.dll C:\WINDOWS\system32\wuaueng.dll c:\windows\system32\wuauserv.dll C:\WINDOWS\system32\wups.dll c:\windows\system32\WZCSAPI.DLL c:\windows\system32\wzcsvc.dll C:\WINDOWS\System32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [C:\WINDOWS\system32\svchost.exe (32)] C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\AppPatch\AcGenral.DLL C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\comctl32.dll c:\windows\system32\DNSAPI.dll c:\windows\system32\dnsrslvr.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\hnetcfg.dll c:\windows\system32\iphlpapi.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\MSACM32.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\mswsock.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\serwvdrv.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\ShimEng.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\umdmxfrm.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\system32\UxTheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\WINMM.dll c:\windows\system32\WS2_32.dll c:\windows\system32\WS2HELP.dll C:\WINDOWS\System32\wshtcpip.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [C:\WINDOWS\system32\svchost.exe (39)] C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\AppPatch\AcGenral.DLL C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\CRYPT32.dll C:\WINDOWS\system32\GDI32.dll c:\windows\system32\iphlpapi.dll C:\WINDOWS\system32\kernel32.dll c:\windows\system32\lmhsvc.dll C:\WINDOWS\system32\MSACM32.dll C:\WINDOWS\system32\MSASN1.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\NTMARTA.DLL C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\PSAPI.DLL c:\windows\system32\regsvc.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\SAMLIB.dll C:\WINDOWS\system32\Secur32.dll C:\WINDOWS\system32\serwvdrv.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\ShimEng.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\umdmxfrm.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\system32\UxTheme.dll C:\WINDOWS\system32\VERSION.dll c:\windows\system32\webclnt.dll C:\WINDOWS\system32\WININET.dll C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\system32\WLDAP32.dll c:\windows\system32\WS2_32.dll c:\windows\system32\WS2HELP.dll C:\WINDOWS\system32\wsock32.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [C:\WINDOWS\system32\svchost.exe (40)] C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\AppPatch\AcGenral.DLL C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\DNSAPI.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\hnetcfg.dll C:\WINDOWS\system32\iphlpapi.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\MSACM32.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\mswsock.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\rasadhlp.dll C:\WINDOWS\system32\RPCRT4.dll c:\windows\system32\rpcss.dll C:\WINDOWS\system32\rsaenh.dll c:\windows\system32\Secur32.dll C:\WINDOWS\system32\serwvdrv.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\ShimEng.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\umdmxfrm.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\system32\UxTheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\System32\winrnr.dll C:\WINDOWS\system32\WLDAP32.dll c:\windows\system32\WS2_32.dll c:\windows\system32\WS2HELP.dll C:\WINDOWS\System32\wshtcpip.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [C:\WINDOWS\system32\svchost.exe (50)] C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\AppPatch\AcGenral.DLL c:\windows\system32\ACTIVEDS.dll c:\windows\system32\adsldpc.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\Apphelp.dll c:\windows\system32\ATL.DLL c:\windows\system32\AUTHZ.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\CRYPT32.dll C:\WINDOWS\system32\GDI32.dll c:\windows\system32\ICAAPI.dll C:\WINDOWS\system32\IMAGEHLP.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\MSACM32.dll C:\WINDOWS\system32\MSASN1.dll c:\windows\system32\mstlsapi.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\NETAPI32.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\NTMARTA.DLL C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\REGAPI.dll C:\WINDOWS\system32\RPCRT4.dll c:\windows\system32\rpcss.dll C:\WINDOWS\system32\rsaenh.dll C:\WINDOWS\system32\SAMLIB.dll c:\windows\system32\Secur32.dll C:\WINDOWS\system32\serwvdrv.dll c:\windows\system32\SETUPAPI.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\ShimEng.dll C:\WINDOWS\system32\SHLWAPI.dll c:\windows\system32\termsrv.dll C:\WINDOWS\system32\umdmxfrm.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\system32\UxTheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\system32\WINTRUST.dll C:\WINDOWS\system32\WLDAP32.dll c:\windows\system32\WS2_32.dll c:\windows\system32\WS2HELP.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [C:\WINDOWS\system32\wbem\wmiprvse.exe (44)] C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\AppPatch\AcGenral.DLL C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\DNSAPI.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\MSACM32.dll C:\WINDOWS\system32\MSVCP60.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\NCObjAPI.DLL C:\WINDOWS\system32\NETAPI32.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\NTDSAPI.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\Secur32.dll C:\WINDOWS\system32\serwvdrv.dll C:\WINDOWS\system32\SETUPAPI.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\ShimEng.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\umdmxfrm.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\system32\UxTheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\wbem\cimwin32.dll C:\WINDOWS\system32\wbem\FastProx.dll C:\WINDOWS\system32\wbem\framedyn.dll C:\WINDOWS\system32\wbem\wbemcomn.dll C:\WINDOWS\system32\wbem\wbemprox.dll C:\WINDOWS\system32\wbem\wbemsvc.dll C:\WINDOWS\system32\wbem\wmiutils.dll C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\system32\WLDAP32.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [C:\WINDOWS\system32\wdfmgr.exe (17)] C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\CRYPT32.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\IMAGEHLP.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\MSASN1.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\oleaut32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\Secur32.dll C:\WINDOWS\system32\SETUPAPI.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\WINTRUST.dll [C:\WINDOWS\system32\winlogon.exe (67)] C:\Program Files\Spyware Doctor\tools\swpg.dat C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\Apphelp.dll C:\WINDOWS\system32\asycfilt.dll C:\WINDOWS\system32\AUTHZ.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\COMCTL32.dll C:\WINDOWS\system32\comdlg32.dll C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\CRYPT32.dll C:\WINDOWS\system32\cscdll.dll C:\WINDOWS\system32\cscui.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\IMAGEHLP.dll C:\WINDOWS\system32\iphlpapi.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\klogon.dll C:\WINDOWS\system32\midimap.dll C:\WINDOWS\system32\MPR.dll C:\WINDOWS\system32\MSACM32.dll C:\WINDOWS\system32\msacm32.drv C:\WINDOWS\system32\MSASN1.dll C:\WINDOWS\system32\MSGINA.dll C:\WINDOWS\system32\msv1_0.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\NDdeApi.dll C:\WINDOWS\system32\NETAPI32.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\NTMARTA.DLL C:\WINDOWS\system32\ODBC32.dll C:\WINDOWS\system32\odbcint.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\PROFMAP.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\REGAPI.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\rsaenh.dll C:\WINDOWS\system32\SAMLIB.dll C:\WINDOWS\system32\Secur32.dll C:\WINDOWS\system32\serwvdrv.dll C:\WINDOWS\system32\SETUPAPI.dll C:\WINDOWS\system32\sfc.dll C:\WINDOWS\system32\sfc_os.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\SHSVCS.dll C:\WINDOWS\system32\sxs.dll C:\WINDOWS\system32\umdmxfrm.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\wdmaud.drv C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\system32\WINSCARD.DLL C:\WINDOWS\system32\WINSPOOL.DRV C:\WINDOWS\system32\WINSTA.dll C:\WINDOWS\system32\WINTRUST.dll C:\WINDOWS\system32\WLDAP32.dll C:\WINDOWS\system32\WlNotify.dll C:\WINDOWS\system32\WRLogonNTF.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\system32\WTSAPI32.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll -------------------- Autostart folders: [Startup (2)] desktop.ini Kaspersky Anti-Hacker.lnk [User Startup (2)] desktop.ini Kaspersky Anti-Hacker.lnk [Common Startup (2)] desktop.ini Kaspersky Anti-Hacker.lnk [User Common Startup (2)] desktop.ini Kaspersky Anti-Hacker.lnk -------------------- Task Scheduler jobs (2): 1-Click Maintenance.job XoftSpy.job -------------------- IniMapping values: System NT shell = Explorer.exe -------------------- Autostarting batch files: [autoexec.bat] @\BOOTWIZ\reinstal.com SET PATH=%PATH%;C:\PROGRA~1\ATITEC~1\ATICON~1 [autoexec.nt] @echo off lh %SystemRoot%\system32\mscdexnt.exe lh %SystemRoot%\system32\redir lh %SystemRoot%\system32\dosx SET BLASTER=A220 I5 D1 P330 T3 [config.nt] dos=high, umb device=%SystemRoot%\system32\himem.sys files=40 device=C:\PROGRA~1\ALWILS~1\Avast4\aswmonds.sys -------------------- On-reboot actions: [Wininit.ini] [rename] NUL=C:\PROGRA~1\T-COMA~1\support\ViseExecute.DLL NUL=C:\WINDOWS\TEMP\~MI100~1.EXE NUL=C:\WINDOWS\system32\drivers\klif.sys -------------------- Shell commands: .bat - MS-DOS Batch File - "%1" %* .cmd - Windows NT Command Script - "%1" %* .com - MS-DOS Application - "%1" %* .exe - Application - "%1" %* .hta - HTML Application - C:\WINDOWS\system32\mshta.exe "%1" %* .js - JScript Script File - "c:\windows\notepad.exe" "%1" .jse - JScript Encoded Script File - C:\WINDOWS\System32\WScript.exe "%1" %* .pif - Shortcut to MS-DOS Program - "%1" %* .scr - Screen Saver - "%1" /S .txt - Text Document - "c:\windows\notepad.exe" "%1" .vbe - VBScript Encoded Script File - C:\WINDOWS\System32\WScript.exe "%1" %* .vbs - VBScript Script File - "c:\windows\notepad.exe" "%1" .wsf - Windows Script File - C:\WINDOWS\System32\WScript.exe "%1" %* .wsh - Windows Script Host Settings File - C:\WINDOWS\System32\WScript.exe "%1" %* -------------------- Services: [NT Services (43)] Acronis Scheduler2 Service = "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" Ati HotKey Poller = C:\WINDOWS\system32\Ati2evxx.exe ATI Smart = C:\WINDOWS\system32\ati2sgag.exe Automatic Updates = C:\WINDOWS\system32\svchost.exe -k netsvcs Computer Browser = C:\WINDOWS\system32\svchost.exe -k netsvcs Cryptographic Services = C:\WINDOWS\system32\svchost.exe -k netsvcs DCOM Server Process Launcher = C:\WINDOWS\system32\svchost -k DcomLaunch DHCP Client = C:\WINDOWS\system32\svchost.exe -k netsvcs Distributed Link Tracking Client = C:\WINDOWS\system32\svchost.exe -k netsvcs DNS Client = C:\WINDOWS\system32\svchost.exe -k NetworkService Error Reporting Service = C:\WINDOWS\System32\svchost.exe -k netsvcs Event Log = C:\WINDOWS\system32\services.exe ewido anti-spyware 4.0 guard = C:\Program Files\ewido anti-spyware 4.0\guard.exe Help and Support = C:\WINDOWS\System32\svchost.exe -k netsvcs IPSEC Services = C:\WINDOWS\system32\lsass.exe Kaspersky Anti-Virus 6.0 = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r Logical Disk Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs PC Tools Spyware Doctor = C:\Program Files\Spyware Doctor\sdhelp.exe Plug and Play = C:\WINDOWS\system32\services.exe Print Spooler = C:\WINDOWS\system32\spoolsv.exe Protected Storage = C:\WINDOWS\system32\lsass.exe Remote Procedure Call (RPC) = C:\WINDOWS\system32\svchost -k rpcss Remote Registry = C:\WINDOWS\system32\svchost.exe -k LocalService Secondary Logon = C:\WINDOWS\System32\svchost.exe -k netsvcs Security Accounts Manager = C:\WINDOWS\system32\lsass.exe Security Center = C:\WINDOWS\System32\svchost.exe -k netsvcs Server = C:\WINDOWS\system32\svchost.exe -k netsvcs Shell Hardware Detection = C:\WINDOWS\System32\svchost.exe -k netsvcs System Event Notification = C:\WINDOWS\system32\svchost.exe -k netsvcs System Restore Service = C:\WINDOWS\system32\svchost.exe -k netsvcs Task Scheduler = C:\WINDOWS\System32\svchost.exe -k netsvcs TCP/IP NetBIOS Helper = C:\WINDOWS\system32\svchost.exe -k LocalService Themes = C:\WINDOWS\System32\svchost.exe -k netsvcs User Profile Hive Cleanup = C:\Program Files\UPHClean\uphclean.exe WebClient = C:\WINDOWS\system32\svchost.exe -k LocalService Webroot Spy Sweeper Engine = C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe Windows Audio = C:\WINDOWS\System32\svchost.exe -k netsvcs Windows Firewall/Internet Connection Sharing (ICS) = C:\WINDOWS\system32\svchost.exe -k netsvcs Windows Management Instrumentation = C:\WINDOWS\system32\svchost.exe -k netsvcs Windows Time = C:\WINDOWS\System32\svchost.exe -k netsvcs Windows User Mode Driver Framework = C:\WINDOWS\system32\wdfmgr.exe Wireless Zero Configuration = C:\WINDOWS\System32\svchost.exe -k netsvcs Workstation = C:\WINDOWS\system32\svchost.exe -k netsvcs [SafeBoot services (Minimal boot)] * CD-ROM Drive * {4D36E965-E325-11CE-BFC1-08002BE10318} * DiskDrive * {4D36E967-E325-11CE-BFC1-08002BE10318} * Driver * dmboot.sys dmio.sys dmload.sys sermouse.sys vga.sys vgasave.sys * Driver Group * Base Boot Bus Extender Boot file system File system Filter PCI Configuration PNP Filter Primary disk SCSI Class System Bus Extender * Floppy disk drive * {4D36E980-E325-11CE-BFC1-08002BE10318} * FSFilter System Recovery * sr.sys * Hdc * {4D36E96A-E325-11CE-BFC1-08002BE10318} * Human Interface Devices * {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} * Keyboard * {4D36E96B-E325-11CE-BFC1-08002BE10318} * Mouse * {4D36E96F-E325-11CE-BFC1-08002BE10318} * PCMCIA Adapters * {4D36E977-E325-11CE-BFC1-08002BE10318} * SCSIAdapter * {4D36E97B-E325-11CE-BFC1-08002BE10318} * Service * AppMgmt CryptSvc DcomLaunch dmadmin dmserver EventLog HelpSvc Netlogon PlugPlay RpcSs SRService svcWRSSSDK WinMgmt * Standard floppy disk controller * {4D36E969-E325-11CE-BFC1-08002BE10318} * System * {4D36E97D-E325-11CE-BFC1-08002BE10318} * Universal Serial Bus controllers * {36FC9E60-C465-11CF-8056-444553540000} * Volume * {71A27CDD-812A-11D0-BEC7-08002BE2092F} [SafeBoot services (Minimal boot + network support)] * CD-ROM Drive * {4D36E965-E325-11CE-BFC1-08002BE10318} * DiskDrive * {4D36E967-E325-11CE-BFC1-08002BE10318} * Driver * dmboot.sys dmio.sys dmload.sys ip6fw.sys ipnat.sys nm.sys rdpcdd.sys rdpdd.sys rdpwd.sys sermouse.sys tdpipe.sys tdtcp.sys vga.sys vgasave.sys * Driver Group * Base Boot Bus Extender Boot file system File system Filter NDIS NDIS Wrapper NetBIOSGroup NetDDEGroup Network NetworkProvider PCI Configuration PNP Filter PNP_TDI Primary disk SCSI Class Streams Drivers System Bus Extender TDI * Floppy disk drive * {4D36E980-E325-11CE-BFC1-08002BE10318} * FSFilter System Recovery * sr.sys * Hdc * {4D36E96A-E325-11CE-BFC1-08002BE10318} * Human Interface Devices * {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} * Keyboard * {4D36E96B-E325-11CE-BFC1-08002BE10318} * Mouse * {4D36E96F-E325-11CE-BFC1-08002BE10318} * Net * {4D36E972-E325-11CE-BFC1-08002BE10318} * NetClient * {4D36E973-E325-11CE-BFC1-08002BE10318} * NetService * {4D36E974-E325-11CE-BFC1-08002BE10318} * NetTrans * {4D36E975-E325-11CE-BFC1-08002BE10318} * PCMCIA Adapters * {4D36E977-E325-11CE-BFC1-08002BE10318} * SCSIAdapter * {4D36E97B-E325-11CE-BFC1-08002BE10318} * Service * AFD AppMgmt Browser CryptSvc DcomLaunch Dhcp dmadmin dmserver DnsCache EventLog HelpSvc LanmanServer LanmanWorkstation LmHosts Messenger Ndisuio NetBIOS NetBT Netlogon NetMan nm NtLmSsp PlugPlay rdsessmgr RpcSs SharedAccess SRService svcWRSSSDK SYMTDI Tcpip termservice UploadMgr WinMgmt WZCSVC * Standard floppy disk controller * {4D36E969-E325-11CE-BFC1-08002BE10318} * System * {4D36E97D-E325-11CE-BFC1-08002BE10318} * Universal Serial Bus controllers * {36FC9E60-C465-11CF-8056-444553540000} * Volume * {71A27CDD-812A-11D0-BEC7-08002BE2092F} [SafeBoot: Alternate shell] cmd.exe (not enabled) -------------------- Driver filters: [Class filters] * Disk drives * - Upper filters PartMgr.sys snapman.sys * DVD/CD-ROM drives * - Lower filters Pfc.sys * Infrared devices * - Upper filters IRENUM.sys * Keyboards * - Upper filters kbdclass.sys * Mice and other pointing devices * - Upper filters mouclass.sys * Storage volumes * - Upper filters VolSnap.sys snapman.sys timounter.sys [Device filters] * CD-ROM Drive * - Upper filters redbook.sys * CD-ROM Drive * - Upper filters redbook.sys - Lower filters imapi.sys * Communications Port * - Upper filters serenum.sys * Communications Port * - Upper filters serenum.sys * Direct Parallel * - Lower filters PtiLink.sys * Intel(R) 536EP Modem * - Lower filters IntelS51.sys * Terminal Server Keyboard Driver * - Upper filters kbdclass.sys * Terminal Server Mouse Driver * - Upper filters mouclass.sys * VIA CPU to AGP Controller * - Upper filters VIAAGP1.sys * WAN Miniport (IP) * - Lower filters NdisTapi.sys * WAN Miniport (PPPOE) * - Lower filters NdisTapi.sys * WAN Miniport (PPTP) * - Lower filters NdisTapi.sys -------------------- Print monitors (5): BJ Language Monitor - cnbjmon.dll Local Port - localspl.dll PJL Language Monitor - pjlmon.dll Standard TCP/IP Port - tcpmon.dll USB Monitor - usbmon.dll -------------------- WinLogon autoruns: UserInit = C:\WINDOWS\system32\userinit.exe, VmApplet = rundll32 shell32,Control_RunDLL "sysdm.cpl" [Notify (11)] crypt32chain = crypt32.dll cryptnet = cryptnet.dll cscdll = cscdll.dll klogon = C:\WINDOWS\system32\klogon.dll ScCertProp = wlnotify.dll Schedule = wlnotify.dll sclgntfy = sclgntfy.dll SensLogn = WlNotify.dll termsrv = wlnotify.dll wlballoon = wlnotify.dll WRNotifier = WRLogonNTF.dll [Group policy extensions (12)] Wireless = gptext.dll Folder Redirection = fdeploy.dll Microsoft Disk Quota = dskquota.dll QoS Packet Scheduler = gptext.dll Scripts = gptext.dll Internet Explorer Zonemapping = iedkcs32.dll Security = scecli.dll Internet Explorer Branding = iedkcs32.dll EFS recovery = scecli.dll Microsoft Offline Files = %SystemRoot%\System32\cscui.dll Software Installation = appmgmts.dll IP Security = gptext.dll -------------------- Policies: [This user] * Primary policies * - Software\Policies\Microsoft\Messenger\Client (2) PreventAutoRun = dword: 0 PreventRun = dword: 0 - (9) ShowOpenPreview = dword: 1 OpenDefFilter = dword: 1 ConfirmDelete = dword: 1 UseRecycleBin = dword: 1 ConfirmDirectoryDelete = dword: 1 ConfirmReadOnly = dword: 1 RenameSeparator = dword: 95 SaveClipFormatID = dword: 4673610 OpenFolder = * Alternate policies * - Software\Microsoft\Windows\CurrentVersion\policies\Explorer (2) NoLowDiskSpaceChecks = dword: 1 NoDriveTypeAutoRun = dword: 145 - Software\Microsoft\Windows\CurrentVersion\policies\System (1) DisableRegistryTools = dword: 0 - (9) ShowOpenPreview = dword: 1 OpenDefFilter = dword: 1 ConfirmDelete = dword: 1 UseRecycleBin = dword: 1 ConfirmDirectoryDelete = dword: 1 ConfirmReadOnly = dword: 1 RenameSeparator = dword: 95 SaveClipFormatID = dword: 4673610 OpenFolder = [All users] * Primary policies * - Software\Policies\Microsoft\Messenger\Client (2) PreventRun = dword: 0 PreventAutoRun = dword: 0 - Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings (1) Security_HKLM_only = dword: 1 - Software\Policies\Microsoft\Windows\DriverSearching (2) DontSearchWindowsUpdate = dword: 0 DontPromptForWindowsUpdate = dword: 1 - Software\Policies\Microsoft\Windows\Installer (1) EnableAdminTSRemote = dword: 1 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000} (7) ClassName = ipsecFilter description = Matches all ICMP packets between this computer and any other computer. name = ipsecFilter{72385235-70fa-11d1-864c-14a300000000} ipsecName = All ICMP Traffic ipsecID = {72385235-70fa-11d1-864c-14a300000000} ipsecDataType = dword: 256 whenChanged = dword: 1058942776 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000} (7) ClassName = ipsecFilter description = Matches all IP packets from this computer to any other computer, except broadcast, multicast, Kerberos, RSVP and ISAKMP (IKE). name = ipsecFilter{7238523a-70fa-11d1-864c-14a300000000} ipsecName = All IP Traffic ipsecID = {7238523a-70fa-11d1-864c-14a300000000} ipsecDataType = dword: 256 whenChanged = dword: 1058942776 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000} (5) ClassName = ipsecISAKMPPolicy name = ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000} ipsecID = {72385231-70fa-11d1-864c-14a300000000} ipsecDataType = dword: 256 whenChanged = dword: 1058942776 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000} (5) ClassName = ipsecISAKMPPolicy name = ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000} ipsecID = {72385234-70fa-11d1-864c-14a300000000} ipsecDataType = dword: 256 whenChanged = dword: 1058942776 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000} (5) ClassName = ipsecISAKMPPolicy name = ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000} ipsecID = {72385237-70fa-11d1-864c-14a300000000} ipsecDataType = dword: 256 whenChanged = dword: 1058942776 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000} (5) ClassName = ipsecISAKMPPolicy name = ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000} ipsecID = {7238523d-70fa-11d1-864c-14a300000000} ipsecDataType = dword: 256 whenChanged = dword: 1058942776 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{56524df2-7cea-4043-9725-e087da524865} (7) ClassName = ipsecNegotiationPolicy name = ipsecNegotiationPolicy{56524df2-7cea-4043-9725-e087da524865} ipsecID = {56524df2-7cea-4043-9725-e087da524865} ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000} ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000} ipsecDataType = dword: 256 whenChanged = dword: 1058942776 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000} (9) ClassName = ipsecNegotiationPolicy description = Accepts unsecured communication, but requests clients to establish trust and security methods. Will communicate insecurely to untrusted clients if they do not respond to request. name = ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000} ipsecName = Request Security (Optional) ipsecID = {72385233-70fa-11d1-864c-14a300000000} ipsecNegotiationPolicyAction = {3f91a81a-7647-11d1-864d-d46a00000000} ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000} ipsecDataType = dword: 256 whenChanged = dword: 1058942776 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000} (9) ClassName = ipsecNegotiationPolicy description = Permit unsecured IP packets to pass through. name = ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000} ipsecName = Permit ipsecID = {7238523b-70fa-11d1-864c-14a300000000} ipsecNegotiationPolicyAction = {8a171dd2-77e3-11d1-8659-a04f00000000} ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000} ipsecDataType = dword: 256 whenChanged = dword: 1058942776 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000} (9) ClassName = ipsecNegotiationPolicy description = Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients. name = ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000} ipsecName = Require Security ipsecID = {7238523f-70fa-11d1-864c-14a300000000} ipsecNegotiationPolicyAction = {3f91a81a-7647-11d1-864d-d46a00000000} ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000} ipsecDataType = dword: 256 whenChanged = dword: 1058942776 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{c4dc4cba-523b-47ba-801c-53e944e07794} (7) ClassName = ipsecNegotiationPolicy name = ipsecNegotiationPolicy{c4dc4cba-523b-47ba-801c-53e944e07794} ipsecID = {c4dc4cba-523b-47ba-801c-53e944e07794} ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000} ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000} ipsecDataType = dword: 256 whenChanged = dword: 1058942776 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{d796e55f-25f1-4a23-b97a-a9d1ee7484d4} (7) ClassName = ipsecNegotiationPolicy name = ipsecNegotiationPolicy{d796e55f-25f1-4a23-b97a-a9d1ee7484d4} ipsecID = {d796e55f-25f1-4a23-b97a-a9d1ee7484d4} ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000} ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000} ipsecDataType = dword: 256 whenChanged = dword: 1058942776 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{551aab64-4bee-4338-853b-b395c6d37d31} (8) ClassName = ipsecNFA name = ipsecNFA{551aab64-4bee-4338-853b-b395c6d37d31} ipsecName = Permit unsecure ICMP packets to pass through. description = Permit unsecure ICMP packets to pass through. ipsecID = {551aab64-4bee-4338-853b-b395c6d37d31} ipsecDataType = dword: 256 ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000} whenChanged = dword: 1058942776 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{6d77789a-8069-4fde-9e5b-7c69816fbccc} (8) ClassName = ipsecNFA name = ipsecNFA{6d77789a-8069-4fde-9e5b-7c69816fbccc} ipsecName = Request Security (Optional) Rule description = For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request. ipsecID = {6d77789a-8069-4fde-9e5b-7c69816fbccc} ipsecDataType = dword: 256 ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000} whenChanged = dword: 1058942776 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{6fd95f1e-1901-4c5b-beb4-199123a8f3e7} (6) ClassName = ipsecNFA name = ipsecNFA{6fd95f1e-1901-4c5b-beb4-199123a8f3e7} ipsecID = {6fd95f1e-1901-4c5b-beb4-199123a8f3e7} ipsecDataType = dword: 256 ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{d796e55f-25f1-4a23-b97a-a9d1ee7484d4} whenChanged = dword: 1058942776 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{717c333d-9866-4630-8542-f40e05025842} (8) ClassName = ipsecNFA name = ipsecNFA{717c333d-9866-4630-8542-f40e05025842} ipsecName = Require Security description = Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients. ipsecID = {717c333d-9866-4630-8542-f40e05025842} ipsecDataType = dword: 256 ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000} whenChanged = dword: 1058942776 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{889b356f-186f-4a81-b6cf-495ee6530ad9} (6) ClassName = ipsecNFA name = ipsecNFA{889b356f-186f-4a81-b6cf-495ee6530ad9} ipsecID = {889b356f-186f-4a81-b6cf-495ee6530ad9} ipsecDataType = dword: 256 ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{c4dc4cba-523b-47ba-801c-53e944e07794} whenChanged = dword: 1058942776 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{b83ad1ad-70ef-4993-88e9-a809faec9e42} (8) ClassName = ipsecNFA name = ipsecNFA{b83ad1ad-70ef-4993-88e9-a809faec9e42} ipsecName = Permit unsecure ICMP packets to pass through. description = Permit unsecure ICMP packets to pass through. ipsecID = {b83ad1ad-70ef-4993-88e9-a809faec9e42} ipsecDataType = dword: 256 ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000} whenChanged = dword: 1058942776 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{bf462df7-1da2-44a6-a036-4f3f199e2aa2} (6) ClassName = ipsecNFA name = ipsecNFA{bf462df7-1da2-44a6-a036-4f3f199e2aa2} ipsecID = {bf462df7-1da2-44a6-a036-4f3f199e2aa2} ipsecDataType = dword: 256 ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{56524df2-7cea-4043-9725-e087da524865} whenChanged = dword: 1058942776 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000} (8) ClassName = ipsecPolicy description = For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request. name = ipsecPolicy{72385230-70fa-11d1-864c-14a300000000} ipsecName = Server (Request Security) ipsecID = {72385230-70fa-11d1-864c-14a300000000} ipsecDataType = dword: 256 ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000} whenChanged = dword: 1058942776 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000} (8) ClassName = ipsecPolicy description = Communicate normally (unsecured). Use the default response rule to negotiate with servers that request security. Only the requested protocol and port traffic with that server is secured. name = ipsecPolicy{72385236-70fa-11d1-864c-14a300000000} ipsecName = Client (Respond Only) ipsecID = {72385236-70fa-11d1-864c-14a300000000} ipsecDataType = dword: 256 ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000} whenChanged = dword: 1058942776 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000} (8) ClassName = ipsecPolicy description = For all IP traffic, always require security using Kerberos trust. Do NOT allow unsecured communication with untrusted clients. name = ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000} ipsecName = Secure Server (Require Security) ipsecID = {7238523c-70fa-11d1-864c-14a300000000} ipsecDataType = dword: 256 ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000} whenChanged = dword: 1058942776 - Software\Policies\Microsoft\Windows\PSched (1) NonBestEffortLimit = dword: 0 - Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers (4) TransparentEnabled = dword: 1 DefaultLevel = dword: 262144 AuthenticodeEnabled = dword: 0 PolicyScope = dword: 0 - Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} (4) Description = Stop the download of this file FriendlyName = Mdac11.cab SaferFlags = dword: 0 HashAlg = dword: 32771 - Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} (4) Description = Stop the download of this file FriendlyName = mdac20.cab SaferFlags = dword: 0 HashAlg = dword: 32771 - Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} (4) Description = Stop the download of this file FriendlyName = mdac20_a.cab SaferFlags = dword: 0 HashAlg = dword: 32771 - Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} (4) Description = Stop the download of this file FriendlyName = _msadc10.cab SaferFlags = dword: 0 HashAlg = dword: 32771 - Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} (4) Description = Stop the download of this file FriendlyName = msadc11.cab SaferFlags = dword: 0 HashAlg = dword: 32771 - Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} (2) Description = SaferFlags = dword: 0 * Alternate policies * - Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) NoLowDiskSpaceChecks = dword: 1 - Software\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID (1) {17492023-C23A-453E-A040-C7C580BBF700} = 1 - Software\Microsoft\Windows\CurrentVersion\policies\NonEnum (3) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = dword: 1 {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = dword: 1073741857 {0DF44EAA-FF21-4412-828E-260A8728E7F1} = dword: 32 -------------------- Browser Helper Objects (2): PCTools Browser Monitor = {B56A7D7D-6927-48C8-A975-17DF180C71AC} = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll PCTools Site Guard = {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll -------------------- ActiveX objects (13): BASEIE40_W2K - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe BRANDING.CAB - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP IE4Shell_NT - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll IEACCESS - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE MailNews - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install Messenger - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub NetMeeting - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT OEACCESS - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE Theme Component - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll WAB - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install Windows Marketplace Link - {4b218e3e-bc98-4770-93d3-2731b9329278} - C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 C:\WINDOWS\inf\ie.inf WMPACCESS - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP -------------------- Internet Explorer toolbars: [This user] * ShellBrowser (2) * &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\Browseui.dll (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) * WebBrowser (3) * &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\Browseui.dll &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) -------------------- Internet Explorer buttons/tools (2): Web Anti-Virus - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll Spyware Doctor - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll -------------------- Internet Explorer menu extensions: [This user (7)] &Google Search - Backward &Links - Cac&hed Snapshot of Page - E&xport to Microsoft Excel - Si&milar Pages - Spellin&g - C:\WINDOWS\web\Spell_It.htm Translate into English - -------------------- Internet Explorer Bands (9): Shell Search Band - {21569614-B795-46b1-85F4-E737A8DC09AD} - C:\WINDOWS\system32\browseui.dll IE Search Band - {30D02401-6A81-11d0-8274-00C04FD5AE38} - C:\WINDOWS\system32\Browseui.dll &Tip of the Day - {4D5C8C25-D075-11d0-B416-00C04FB90376} - C:\WINDOWS\system32\Shdocvw.dll Web Anti-Virus - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll &Discuss - {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} - shdocvw.dll File Search Explorer Band - {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - C:\WINDOWS\system32\SHELL32.dll Favorites Band - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\Shdocvw.dll History Band - {EFA24E62-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\Shdocvw.dll Explorer Band - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\Shdocvw.dll -------------------- Downloaded Program Files (14): ICSScannerLight Class - {2359626E-7524-4F87-B04E-22CD38A0C88C} - C:\WINDOWS\Downloaded Program Files\ICSScannerLight.dll - http://download.zonelabs.com/bin/free/cm/ICSCM.cab Office Update Installation Engine - {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - C:\WINDOWS\opuc.dll - http://office.microsoft.com/officeupdate/content/opuc.cab WUWebControl Class - {6414512B-B978-451D-A0D8-FCFDF33E833C} - C:\WINDOWS\system32\wuweb.dll - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134761366352 MUWebControl Class - {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - C:\WINDOWS\system32\muweb.dll - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1120398838933 Java Runtime Environment 1.5.0 - {8AD9C840-044E-11D1-B3E9-00805F499D93} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll - http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab ActiveScan Installer Class - {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\asinst.dll - http://www.pandasoftware.com/activescan/as5free/asinst.cab F-Secure Online Scanner 3.0 - {9D190AE6-C81E-4039-8061-978EBAD10073} - C:\WINDOWS\Downloaded Program Files\fscax.dll - http://support.f-secure.com/ols3/fscax.cab a-squared Scanner - {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - C:\WINDOWS\DOWNLO~1\asquared.ocx - http://ax.emsisoft.com/asquared.cab Java Runtime Environment 1.4.1_01 - {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll - http://java.sun.com/products/plugin/1.4/jinstall-14_01-windows-i586.cab Java Runtime Environment 1.5.0 - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll - http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab ActiveDataInfo Class - {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\SymAData.dll - Shockwave Flash Object - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab CTAdjust Class - {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\clearadjust.dll - http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab ActiveDataObj Class - {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - C:\WINDOWS\Downloaded Program Files\ActiveData.dll - -------------------- URL search hooks: [This user (1)] Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\Shdocvw.dll -------------------- Explorer clones: C:\WINDOWS\explorer.exe -------------------- Image File Execution Options (1): Your Image File Name Here without a path = ntsd -d -------------------- ContextMenuHandlers: [* (9)] BriefcaseMenu = {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll ewido anti-spyware = {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll Kaspersky Anti-Virus = {dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll Open With = {09799AFB-AD67-11d1-ABCD-00C04FC30936} = C:\WINDOWS\system32\SHELL32.dll Open With EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = C:\WINDOWS\system32\SHELL32.dll Start Menu Pin = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = C:\WINDOWS\system32\SHELL32.dll WinRAR = {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll WinZip = {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [Drive (7)] Disk Copy Extension = {59099400-57FF-11CE-BD94-0020AF85B590} = diskcopy.dll ewido anti-spyware = {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll Kaspersky Anti-Virus = {dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll ShellFolder for CD Burning = {fbeb8a05-beee-4442-804e-409d6c4515e9} = C:\WINDOWS\system32\SHELL32.dll True Image Shell Extension = {C539A15A-3AF9-4c92-B771-50CB78F5C751} = C:\Program Files\Acronis\TrueImage\tishell.dll [Folder (6)] BriefcaseMenu = {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll Kaspersky Anti-Virus = {dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll SpySweeper = {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll UnlockerShellExtension = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll WinRAR = {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll WinZip = {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [CompressedFolder (1)] Compressed (zipped) Folder Context Menu = {b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} = C:\WINDOWS\system32\zipfldr.dll [Directory (6)] EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = C:\WINDOWS\system32\SHELL32.dll ewido anti-spyware = {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll WinRAR = {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll WinZip = {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [Directory\Background (1)] New = {D969A300-E7FF-11d0-A93B-00A0C90F2719} = C:\WINDOWS\system32\SHELL32.dll [ChannelShortcut (1)] Channel Menu Handler Object = {f3da0dc0-9cc8-11d0-a599-00c04fd64437} = C:\WINDOWS\system32\cdfview.dll [InternetShortcut (1)] Internet Shortcut = {FBF23B40-E3F0-101B-8488-00AA003E56F8} = shdocvw.dll [AllFileSystemObjects (2)] Send To = {7BA4C740-9E81-11CF-99D3-00AA004AE837} = C:\WINDOWS\system32\SHELL32.dll UnlockerShellExtension = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll -------------------- ColumnHandlers (4): (no name) - {0D2E74C4-3C34-11d2-A27E-00C04FC30871} - C:\WINDOWS\system32\SHELL32.dll (no name) - {24F14F01-7B1C-11d1-838f-0000F80461CF} - C:\WINDOWS\system32\SHELL32.dll (no name) - {24F14F02-7B1C-11d1-838f-0000F80461CF} - C:\WINDOWS\system32\SHELL32.dll (no name) - {66742402-F9B9-11D1-A202-0000F81FEDEE} - C:\WINDOWS\system32\SHELL32.dll -------------------- ShellExecuteHooks (2): ewido anti-spyware 4.0 = {57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll URL Exec Hook = {AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll -------------------- Approved Shell Extensions: [All users (189)] %DESC_PublishDropTarget% - {60fd46de-f830-4894-a628-6fa81bc0190d} - C:\WINDOWS\system32\photowiz.dll &Address - {01E04581-4EEE-11d0-BFE9-00AA005B4383} - C:\WINDOWS\system32\Browseui.dll .CAB file viewer - {0CD7A5C0-9F37-11CE-AE65-08002B2E1262} - cabview.dll Accessible - {7e653215-fa25-46bd-a339-34a2790f3cb7} - C:\WINDOWS\system32\Browseui.dll ActiveX Cache Folder - {88C6C381-2E85-11D0-94DE-444553540000} - C:\WINDOWS\system32\occache.dll Address Bar Parser - {E0E11A09-5CB8-4B6C-8332-E00720A168F2} - C:\WINDOWS\System32\browseui.dll Address EditBox - {A08C11D2-A228-11d0-825B-00AA005B4383} - C:\WINDOWS\system32\Browseui.dll Administrative Tools - {D20EA4E1-3957-11d2-A40B-0C5020524153} - C:\WINDOWS\system32\shdocvw.dll Audio Media Properties Handler - {875CB1A1-0F29-45de-A1AE-CFB4950D0B78} - C:\WINDOWS\system32\shmedia.dll Augmented Shell Folder - {91EA3F8B-C99B-11d0-9815-00C04FD91972} - C:\WINDOWS\system32\Browseui.dll Augmented Shell Folder 2 - {6413BA2C-B461-11d1-A18A-080036B11A03} - C:\WINDOWS\system32\Browseui.dll Auto Update Property Sheet Extension - {5F327514-6C5E-4d60-8F16-D07FA08A78ED} - C:\WINDOWS\system32\wuaucpl.cpl Autoplay for SlideShow - {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Avi Properties Handler - {87D62D94-71B3-4b9a-9489-5FE6850DC73E} - C:\WINDOWS\system32\shmedia.dll BandProxy - {F61FFEC1-754F-11d0-80CA-00AA005B4383} - C:\WINDOWS\system32\Browseui.dll Briefcase - {85BBD920-42A0-1069-A2E4-08002B30309D} - syncui.dll CDF Extension Copy Hook - {67EA19A0-CCEF-11d0-8024-00C04FD75D13} - C:\WINDOWS\system32\Shdocvw.dll Channel File - {f39a0dc0-9cc8-11d0-a599-00c04fd64433} - C:\WINDOWS\system32\cdfview.dll Channel Handler Object - {f3ba0dc0-9cc8-11d0-a599-00c04fd64435} - C:\WINDOWS\system32\cdfview.dll Channel Menu - {f3da0dc0-9cc8-11d0-a599-00c04fd64437} - C:\WINDOWS\system32\cdfview.dll Channel Properties - {f3ea0dc0-9cc8-11d0-a599-00c04fd64438} - C:\WINDOWS\system32\cdfview.dll Channel Shortcut - {f3aa0dc0-9cc8-11d0-a599-00c04fd64434} - Code Download Agent - {7D559C10-9FE9-11d0-93F7-00AA0059CE02} - C:\WINDOWS\system32\webcheck.dll Compatibility Page - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} - SlayerXP.dll Compressed (zipped) Folder - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} - C:\WINDOWS\system32\zipfldr.dll Compressed (zipped) Folder Right Drag Handler - {BD472F60-27FA-11cf-B8B4-444553540000} - C:\WINDOWS\system32\zipfldr.dll Compressed (zipped) Folder SendTo Target - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} - C:\WINDOWS\system32\zipfldr.dll ConnectionAgent - {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} - C:\WINDOWS\system32\webcheck.dll Crypto PKO Extension - {7444C717-39BF-11D1-8CD9-00C04FC29D45} - C:\WINDOWS\system32\cryptext.dll Crypto Sign Extension - {7444C719-39BF-11D1-8CD9-00C04FC29D45} - C:\WINDOWS\system32\cryptext.dll Custom MRU AutoCompleted List - {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} - C:\WINDOWS\system32\Browseui.dll Darwin App Publisher - {CFCCC7A0-A282-11D1-9082-006008059382} - C:\WINDOWS\system32\appwiz.cpl DfsShell - {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} - C:\WINDOWS\system32\dfsshlex.dll Directory Context Menu Verbs - {62AE1F9A-126A-11D0-A14B-0800361B1103} - C:\WINDOWS\system32\dsuiext.dll Directory Object Find - {163FDC20-2ABC-11d0-88F0-00A024AB2DBB} - C:\WINDOWS\system32\dsquery.dll Directory Property UI - {0D45D530-764B-11d0-A1CA-00AA00C16E65} - C:\WINDOWS\system32\dsuiext.dll Directory Query UI - {8A23E65E-31C2-11d0-891C-00A024AB2DBB} - C:\WINDOWS\system32\dsquery.dll Directory Start/Search Find - {F020E586-5264-11d1-A532-0000F8757D7E} - C:\WINDOWS\system32\dsquery.dll Disk Copy Extension - {59099400-57FF-11CE-BD94-0020AF85B590} - diskcopy.dll Disk Quota UI - {7988B573-EC89-11cf-9C00-00AA00A14F56} - dskquoui.dll Display Adapter CPL Extension - {42071712-76d4-11d1-8b24-00a0c9068ff3} - deskadp.dll Display Monitor CPL Extension - {42071713-76d4-11d1-8b24-00a0c9068ff3} - deskmon.dll Display Panning CPL Extension - {42071714-76d4-11d1-8b24-00a0c9068ff3} - Display TroubleShoot CPL Extension - {f92e8c40-3d33-11d2-b1aa-080036a75b03} - deskperf.dll Download Status - {22BF0C20-6DA7-11D0-B373-00A0C9034938} - C:\WINDOWS\system32\Browseui.dll DS Security Page - {4E40F770-369C-11d0-8922-00A024AB2DBB} - dssec.dll E-mail - {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll Encryption Context Menu - {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Explorer Band - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\Shdocvw.dll Extensions Manager Folder - {692F0339-CBAA-47e6-B5B5-3B84DB604E87} - C:\WINDOWS\system32\extmgr.dll Favorites Band - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\Shdocvw.dll Fonts - {BD84B380-8CA2-1069-AB1D-08000948F534} - fontext.dll Fonts - {D20EA4E1-3957-11d2-A40B-0C5020524152} - C:\WINDOWS\system32\shdocvw.dll For &People... - {32714800-2E5F-11d0-8B85-00AA0044F941} - C:\Program Files\Outlook Express\wabfind.dll FTP Folders Webview - {63da6ec0-2e98-11cf-8d82-444553540000} - C:\WINDOWS\System32\msieftp.dll GDI+ file thumbnail extractor - {3F30C968-480A-4C6C-862D-EFC0897BB84B} - C:\WINDOWS\system32\shimgvw.dll Get a Passport Wizard - {58f1f272-9240-4f51-b6d4-fd63d1618591} - C:\WINDOWS\system32\netplwiz.dll Global Folder Settings - {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} - C:\WINDOWS\system32\Browseui.dll Help and Support - {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll Help and Support - {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll History - {FF393560-C2A7-11CF-BFF4-444553540000} - C:\WINDOWS\system32\Shdocvw.dll History Band - {EFA24E62-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\Shdocvw.dll HTML Thumbnail Extractor - {EAB841A0-9550-11cf-8C16-00805F1408F3} - C:\WINDOWS\system32\shimgvw.dll HyperTerminal Icon Ext - {88895560-9AA2-1069-930E-00AA0030EBC8} - ICC Profile - {DBCE2480-C732-101B-BE72-BA78E9AD5B27} - C:\WINDOWS\system32\icmui.dll ICM Monitor Management - {5DB2625A-54DF-11D0-B6C4-0800091AA605} - C:\WINDOWS\System32\icmui.dll ICM Printer Management - {675F097E-4C4D-11D0-B6C1-0800091AA605} - C:\WINDOWS\system32\icmui.dll ICM Scanner Management - {176d6597-26d3-11d1-b350-080036a75b03} - icmui.dll IE Microsoft AutoComplete - {3028902F-6374-48b2-8DC6-9725E775B926} - C:\WINDOWS\system32\Browseui.dll IE Search Band - {30D02401-6A81-11d0-8274-00C04FD5AE38} - C:\WINDOWS\system32\Browseui.dll IE4 Suite Splash Screen - {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\system32\Shdocvw.dll In-pane search - {169A0691-8DF9-11d1-A1C4-00C04FD75D13} - C:\WINDOWS\system32\Browseui.dll Installed Apps Enumerator - {0B124F8F-91F0-11D1-B8B5-006008059382} - C:\WINDOWS\system32\appwiz.cpl Internet - {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll Internet Name Space - {871C5380-42A0-1069-A2EA-08002B30309D} - C:\WINDOWS\system32\Shdocvw.dll InternetShortcut - {FBF23B40-E3F0-101B-8488-00AA003E56F8} - shdocvw.dll ISFBand OC - {131A6951-7F78-11D0-A979-00C04FD705A2} - C:\WINDOWS\system32\Shdocvw.dll Media Band - {32683183-48a0-441b-a342-7c2a440a9478} - Microsoft Agent Character Property Sheet Handler - {143A62C8-C33B-11D1-84FE-00C04FA34A14} - C:\WINDOWS\msagent\agentpsh.dll Microsoft Browser Architecture - {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} - C:\WINDOWS\system32\Shdocvw.dll Microsoft BrowserBand - {7BA4C742-9E81-11CF-99D3-00AA004AE837} - C:\WINDOWS\system32\Browseui.dll Microsoft Data Link - {2206CDB2-19C1-11D1-89E0-00C04FD7A829} - C:\Program Files\Common Files\System\Ole DB\oledb32.dll Microsoft DocProp Inplace Calendar Control - {6A205B57-2567-4A2C-B881-F787FAB579A3} - C:\WINDOWS\system32\docprop2.dll Microsoft DocProp Inplace Droplist Combo Control - {0EEA25CC-4362-4A12-850B-86EE61B0D3EB} - C:\WINDOWS\system32\docprop2.dll Microsoft DocProp Inplace Edit Box Control - {A9CF0EAE-901A-4739-A481-E35B73E47F6D} - C:\WINDOWS\system32\docprop2.dll Microsoft DocProp Inplace ML Edit Box Control - {8EE97210-FD1F-4B19-91DA-67914005F020} - C:\WINDOWS\system32\docprop2.dll Microsoft DocProp Inplace Time Control - {28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} - C:\WINDOWS\system32\docprop2.dll Microsoft DocProp Shell Ext - {883373C3-BF89-11D1-BE35-080036B11A03} - C:\WINDOWS\system32\docprop2.dll Microsoft History AutoComplete List - {00BB2764-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\system32\Browseui.dll Microsoft Internet Toolbar - {5E6AB780-7743-11CF-A12B-00AA004AE837} - C:\WINDOWS\system32\Browseui.dll Microsoft Multiple AutoComplete List Container - {00BB2765-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\system32\Browseui.dll Microsoft Office HTML Icon Handler - {42042206-2D85-11D3-8CFF-005004838597} - C:\Program Files\Microsoft Office\Office10\msohev.dll Microsoft Outlook Custom Icon Handler - {0006F045-0000-0000-C000-000000000046} - C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL Microsoft Shell Folder AutoComplete List - {03C036F1-A186-11D0-824A-00AA005B4383} - C:\WINDOWS\system32\Browseui.dll Microsoft Url History Service - {3C374A40-BAE4-11CF-BF7D-00AA006946EE} - C:\WINDOWS\system32\Shdocvw.dll Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\Shdocvw.dll Midi Properties Handler - {A6FD9E45-6E44-43f9-8644-08598F5A74D9} - C:\WINDOWS\system32\shmedia.dll MMC Icon Handler - {7A80E4A8-8005-11D2-BCF8-00C04F72C717} - C:\WINDOWS\System32\mmcshext.dll MRU AutoComplete List - {6756A641-DE71-11d0-831B-00AA005B4383} - C:\WINDOWS\system32\Browseui.dll Multimedia File Property Sheet - {00022613-0000-0000-C000-000000000046} - mmsys.cpl MyDocs Copy Hook - {ECF03A33-103D-11d2-854D-006008059367} - C:\WINDOWS\system32\mydocs.dll MyDocs Drop Target - {ECF03A32-103D-11d2-854D-006008059367} - MyDocs Properties - {4a7ded0a-ad25-11d0-98a8-0800361b1103} - C:\WINDOWS\system32\mydocs.dll Network Connections - {7007ACC7-3202-11D1-AAD2-00805FC1270E} - C:\WINDOWS\system32\NETSHELL.dll Network Connections - {992CFFA0-F557-101A-88EC-00DD010CCC48} - C:\WINDOWS\system32\NETSHELL.dll NTFS Security Page - {1F2E5C40-9550-11CE-99D2-00AA006E086C} - rshx32.dll Offline Files Folder - {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} - C:\WINDOWS\System32\cscui.dll Offline Files Folder Options - {10CFC467-4392-11d2-8DB4-00C04FA31A66} - C:\WINDOWS\System32\cscui.dll Offline Files Menu - {750fdf0e-2a26-11d1-a3ea-080036587f03} - C:\WINDOWS\System32\cscui.dll OLE Docfile Property Page - {3EA48300-8CF6-101B-84FB-666CCB9BCD32} - docprop.dll PlusPack CPL Extension - {41E300E0-78B6-11ce-849B-444553540000} - C:\WINDOWS\system32\themeui.dll PostAgent - {D8BD2030-6FC9-11D0-864F-00AA006809D9} - C:\WINDOWS\system32\webcheck.dll Previous Versions - {9DB7A13C-F208-4981-8353-73CC61AE2783} - C:\WINDOWS\system32\twext.dll Previous Versions Property Page - {596AB062-B4D2-4215-9F74-E9109B0A8153} - C:\WINDOWS\system32\twext.dll Print Ordering via the Web - {add36aa8-751a-4579-a266-d66f5202ccbb} - C:\WINDOWS\system32\netplwiz.dll Printers Security Page - {F37C5810-4D3F-11d0-B4BF-00AA00BBB723} - rshx32.dll Registry Tree Options Utility - {AF4F6510-F982-11d0-8595-00AA004CD6D8} - C:\WINDOWS\system32\Browseui.dll Remote Sessions CPL Extension - {F0152790-D56E-4445-850E-4F3117DB740C} - C:\WINDOWS\system32\remotepg.dll Run... - {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll Scanners & Cameras - {3F953603-1008-4f6e-A73A-04AAC7A992F1} - wiashext.dll Scanners & Cameras - {83bbcbf3-b28a-4919-a5aa-73027445d672} - wiashext.dll Scanners & Cameras - {905667aa-acd6-11d2-8080-00805f6596d2} - wiashext.dll Scanners & Cameras - {E211B736-43FD-11D1-9EFB-0000F8757FCD} - wiashext.dll Scanners & Cameras - {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} - wiashext.dll Scheduled Tasks - {D6277990-4C6A-11CF-8D87-00AA0060F5BF} - C:\WINDOWS\system32\mstask.dll Search - {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll Search Assistant OC - {9461b922-3c5a-11d2-bf8b-00c04fb93661} - C:\WINDOWS\system32\Shdocvw.dll Sendmail service - {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} - C:\WINDOWS\system32\SENDMAIL.DLL Sendmail service - {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} - C:\WINDOWS\system32\SENDMAIL.DLL Set Program Access and Defaults - {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll Shell Application Manager - {352EC2B7-8B9A-11D1-B8AE-006008059382} - C:\WINDOWS\system32\appwiz.cpl Shell Automation Inproc Service - {0A89A860-D7B1-11CE-8350-444553540000} - C:\WINDOWS\system32\Shdocvw.dll Shell Band Site Menu - {ECD4FC4E-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\system32\Browseui.dll Shell DeskBar - {ECD4FC4C-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\system32\Browseui.dll Shell DeskBarApp - {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} - C:\WINDOWS\system32\Browseui.dll Shell DocObject Viewer - {E7E4BC40-E76A-11CE-A9BB-00AA004AE837} - C:\WINDOWS\system32\Shdocvw.dll Shell extensions for file compression - {764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for Microsoft Windows Network objects - {59be4990-f85c-11ce-aff7-00aa003ca9f6} - ntlanui2.dll Shell extensions for sharing - {40dd6e20-7c17-11ce-a804-00aa003ca9f6} - ntshrui.dll Shell extensions for sharing - {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} - ntshrui.dll Shell extensions for Windows Script Host - {60254CA5-953B-11CF-8C96-00AA00B8708C} - C:\WINDOWS\system32\wshext.dll Shell Image Data Factory - {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} - C:\WINDOWS\system32\shimgvw.dll Shell Image Property Handler - {eb9b1153-3b57-4e68-959a-a3266bc3d7fe} - C:\WINDOWS\system32\shimgvw.dll Shell Image Verbs - {e84fda7c-1d6a-45f6-b725-cb260c236066} - C:\WINDOWS\system32\shimgvw.dll Shell Microsoft AutoComplete - {00BB2763-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\system32\Browseui.dll Shell properties for a DS object - {9E51E0D0-6E0F-11d2-9601-00C04FA31A86} - C:\WINDOWS\system32\dsquery.dll Shell Publishing Wizard Object - {6b33163c-76a5-4b6c-bf21-45de9cd503a1} - C:\WINDOWS\system32\netplwiz.dll Shell Rebar BandSite - {ECD4FC4D-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\system32\Browseui.dll Shell Scrap DataHandler - {56117100-C0CD-101B-81E2-00AA004AE837} - shscrap.dll Shell Search Band - {21569614-B795-46b1-85F4-E737A8DC09AD} - C:\WINDOWS\system32\browseui.dll Subscription Folder - {F5175861-2688-11d0-9C5E-00AA00A45957} - C:\WINDOWS\system32\webcheck.dll Subscription Mgr - {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} - C:\WINDOWS\system32\webcheck.dll Summary Info Thumbnail handler (DOCFILES) - {9DBD2C50-62AD-11d0-B806-00C04FD706EC} - C:\WINDOWS\system32\shimgvw.dll Taskbar and Start Menu - {0DF44EAA-FF21-4412-828E-260A8728E7F1} - Tasks Folder Icon Handler - {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} - C:\WINDOWS\system32\mstask.dll Tasks Folder Shell Extension - {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} - C:\WINDOWS\system32\mstask.dll Tauscan Menu - {B6122A50-EAB5-11D3-9E7F-EBF4F0595714} - Temporary Internet Files - {7BD29E00-76C1-11CF-9DD0-00A0C9034933} - C:\WINDOWS\system32\Shdocvw.dll Temporary Internet Files - {7BD29E01-76C1-11CF-9DD0-00A0C9034933} - C:\WINDOWS\system32\Shdocvw.dll The Internet - {3DC7A020-0ACD-11CF-A9BB-00AA004AE837} - C:\WINDOWS\system32\Shdocvw.dll Track Popup Bar - {acf35015-526e-4230-9596-becbe19f0ac9} - C:\WINDOWS\system32\Browseui.dll TrayAgent - {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} - C:\WINDOWS\system32\webcheck.dll TridentImageExtractor - {7376D660-C583-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\system32\Browseui.dll Trojan Remover Shell Extension - {52B87208-9CCF-42C9-B88E-069281105805} - TuneUp Shredder Shell Context Menu Extension - {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} - "C:\Program Files\TuneUp Utilities 2006\sdshelex.dll" UnlockerShellExtension - {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} - C:\Program Files\Unlocker\UnlockerCOM.dll User Accounts - {7A9D77BD-5403-11d2-8785-2E0420524153} - User Assist - {DD313E04-FEFF-11d1-8ECD-0000F87A470C} - C:\WINDOWS\system32\Browseui.dll Video Media Properties Handler - {40C3D757-D6E4-4b49-BB41-0E5BBEA28817} - C:\WINDOWS\system32\shmedia.dll Video Thumbnail Extractor - {c5a40261-cd64-4ccf-84cb-c394da41d590} - C:\WINDOWS\system32\shmedia.dll Wav Properties Handler - {E4B29F9D-D390-480b-92FD-7DDB47101D71} - C:\WINDOWS\system32\shmedia.dll Web Anti-Virus - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll Web Folders - {BDEADF00-C265-11D0-BCED-00A0C90AB50F} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL Web Printer Shell Extension - {77597368-7b15-11d0-a0c2-080036af3f03} - printui.dll Web Publishing Wizard - {CC6EEFFB-43F6-46c5-9619-51D571967F7D} - C:\WINDOWS\system32\netplwiz.dll Web Search - {07798131-AF23-11d1-9111-00A0C98BA67D} - C:\WINDOWS\system32\Browseui.dll WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - WebCheck SyncMgr Handler - {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} - C:\WINDOWS\system32\webcheck.dll WebCheckChannelAgent - {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} - C:\WINDOWS\system32\webcheck.dll WebCheckWebCrawler - {08165EA0-E946-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll Webroot Spy Sweeper Context Menu Integration - {7C9D5882-CB4A-4090-96C8-430BFE8B795B} - C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll Windows Media Player Add to Playlist Context Menu Handler - {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} - C:\WINDOWS\system32\wmpshell.dll Windows Media Player Burn Audio CD Context Menu Handler - {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} - C:\WINDOWS\system32\wmpshell.dll Windows Media Player Play as Playlist Context Menu Handler - {8DD448E6-C188-4aed-AF92-44956194EB1F} - C:\WINDOWS\system32\wmpshell.dll WinRAR shell extension - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll WinZip - {E0D79304-84BE-11CE-9641-444553540000} - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL WinZip - {E0D79305-84BE-11CE-9641-444553540000} - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL WinZip - {E0D79306-84BE-11CE-9641-444553540000} - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL WinZip - {E0D79307-84BE-11CE-9641-444553540000} - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [This user (1)] Web Folders - {BDEADF00-C265-11d0-BCED-00A0C90AB50F} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -------------------- Registry 'Run' keys: [User Run] ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe UIWatcher = C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe [System Run] !ewido = "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized @ = Acronis True Image Monitor = "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" kav = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -------------------- Registry 'Run' subkeys: [System RunOnce] * Setup * Registrando Panda ActiveX = C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\as.dll Registrando Panda Almacen = C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\pavpz.dll Registering ActiveScan controles = C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\ascontrol.dll -------------------- Protocols: [Pluggable MIME filters (5)] Class Install Handler = {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} = C:\WINDOWS\system32\urlmon.dll deflate = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\system32\urlmon.dll gzip = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\system32\urlmon.dll lzdhtml = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\system32\urlmon.dll text/webviewhtml = {733AC4CB-F1A4-11d0-B951-00A0C90312E1} = C:\WINDOWS\system32\SHELL32.dll [Protocol handlers (25)] about = {3050F406-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\system32\MShtml.dll belarc = {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} = C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll cdl = {3dd53d40-7b8b-11D0-b013-00aa0059ce02} = C:\WINDOWS\system32\urlmon.dll cdo = {CD00020A-8B95-11D1-82DB-00C04FB1625D} = C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL dvd = {12D51199-0DB5-46FE-A120-47A3D7D937CC} = C:\WINDOWS\system32\msvidctl.dll file = {79eac9e7-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll ftp = {79eac9e3-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll gopher = {79eac9e4-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll http = {79eac9e2-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll https = {79eac9e5-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll its = {9D148291-B9C8-11D0-A4CC-0000F80149F6} = C:\WINDOWS\system32\itss.dll javascript = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\system32\MShtml.dll lid = {5C135180-9973-46D9-ABF4-148267CBB8BF} = C:\WINDOWS\System32\msvidctl.dll local = {79eac9e7-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll mailto = {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\system32\MShtml.dll mhtml = {05300401-BCBC-11d0-85E3-00C04FD85AB4} = C:\WINDOWS\system32\inetcomm.dll mk = {79eac9e6-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll ms-its = {9D148291-B9C8-11D0-A4CC-0000F80149F6} = C:\WINDOWS\system32\itss.dll mso-offdap = {3D9F03FA-7A94-11D3-BE81-0050048385D1} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL res = {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\system32\MShtml.dll sysimage = {76E67A63-06E9-11D2-A840-006008059382} = C:\WINDOWS\system32\MShtml.dll tv = {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} = C:\WINDOWS\system32\msvidctl.dll vbscript = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\system32\MShtml.dll vnd.ms.radio = {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} = C:\WINDOWS\System32\msdxm.ocx wia = {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} = C:\WINDOWS\system32\wiascr.dll -------------------- WOW compatibility: cmdline = C:\WINDOWS\system32\ntvdm.exe wowcmdline = C:\WINDOWS\system32\ntvdm.exe -a C:\WINDOWS\system32\krnl386 [KnownDlls (16-bit) (40)] avicap.dll avifile.dll comm.drv commdlg.dll compobj.dll ctl3dv2.dll ddeml.dll keyboard.drv lanman.drv mapi.dll mciavi.drv mciseq.drv mciwave.drv mmsystem.dll mouse.drv msacm.dll msvideo.dll netapi.dll ole2.dll ole2disp.dll ole2nls.dll olecli.dll olesvr.dll pmspl.dll progman.exe rasapi16.dll shell.dll sound.drv storage.dll system.drv timer.drv toolhelp.dll typelib.dll vga.drv wfwnet.drv win87em.dll winoldap.mod winsock.dll winspool.exe wowdeb.exe [KnownDlls (32-bit) (20)] advapi32.dll comdlg32.dll gdi32.dll imagehlp.dll kernel32.dll lz32.dll ole32.dll oleaut32.dll olecli32.dll olecnv32.dll olesvr32.dll olethk32.dll rpcrt4.dll shell32.dll url.dll urlmon.dll user32.dll version.dll wininet.dll wldap32.dll -------------------- ShellServiceObjectDelayLoad: [All users (3)] CDBurn = {fbeb8a05-beee-4442-804e-409d6c4515e9} = C:\WINDOWS\system32\SHELL32.dll PostBootReminder = {7849596a-48ea-486e-8937-a2a3009f31a9} = C:\WINDOWS\system32\SHELL32.dll SysTray = {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll -------------------- Winsock LSP: [Protocols (14)] MSAFD Tcpip [TCP/IP] - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} - C:\WINDOWS\system32\mswsock.dll MSAFD Tcpip [UDP/IP] - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} - C:\WINDOWS\system32\mswsock.dll RSVP UDP Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\WINDOWS\system32\rsvpsp.dll RSVP TCP Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\WINDOWS\system32\rsvpsp.dll MSAFD NetBIOS [\Device\NetBT_Tcpip_{9BCE97F7-1D82-457D-9A96-C336FC56B1A8}] SEQPACKET 4 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll MSAFD NetBIOS [\Device\NetBT_Tcpip_{9BCE97F7-1D82-457D-9A96-C336FC56B1A8}] DATAGRAM 4 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll MSAFD NetBIOS [\Device\NetBT_Tcpip_{DD6E1BF5-FD20-4E77-A79E-9D81FF4EACA0}] SEQPACKET 1 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll MSAFD NetBIOS [\Device\NetBT_Tcpip_{DD6E1BF5-FD20-4E77-A79E-9D81FF4EACA0}] DATAGRAM 1 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll MSAFD NetBIOS [\Device\NetBT_Tcpip_{0138B208-BD3E-4DC5-9C1B-C9D421F2CA7E}] SEQPACKET 2 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll MSAFD NetBIOS [\Device\NetBT_Tcpip_{0138B208-BD3E-4DC5-9C1B-C9D421F2CA7E}] DATAGRAM 2 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll MSAFD NetBIOS [\Device\NetBT_Tcpip_{DDF53F2C-9B1C-4000-BA5A-77D7FD8EB27A}] SEQPACKET 0 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll MSAFD NetBIOS [\Device\NetBT_Tcpip_{DDF53F2C-9B1C-4000-BA5A-77D7FD8EB27A}] DATAGRAM 0 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll MSAFD NetBIOS [\Device\NetBT_Tcpip_{DE659785-D27D-4EC5-BDFB-CCEF96D8FDF4}] SEQPACKET 3 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll MSAFD NetBIOS [\Device\NetBT_Tcpip_{DE659785-D27D-4EC5-BDFB-CCEF96D8FDF4}] DATAGRAM 3 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll [Namespace Providers (4)] Tcpip - {22059D40-7E9E-11CF-AE5A-00AA00A7112B} - C:\WINDOWS\System32\mswsock.dll NTDS - {3B2637EE-E580-11CF-A555-00C04FD8D4AC} - C:\WINDOWS\System32\winrnr.dll Network Location Awareness (NLA) Namespace - {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} - C:\WINDOWS\System32\mswsock.dll NWLink IPX/SPX/NetBIOS Compatible Transport Protocol - {E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B} - C:\WINDOWS\System32\nwprovau.dll -------------------- Hijack points: [Reset web settings URLs] SearchAssistant = CustomizeSearch = START_PAGE_URL = SEARCH_PAGE_URL = MS_START_PAGE_URL = [Internet Explorer URLs] * This user * - Internet Explorer\Main (5) Local Page = C:\WINDOWS\system32\blank.htm Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page = http://www.msn.com Window Title = Microsoft Internet Explorer - Internet Explorer\Search (2) CustomizeSearch = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm SearchAssistant = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm - Internet Explorer\SearchURL (1) (Default) = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch - Internet Explorer\Desktop\General (2) BackupWallpaper = %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Wallpaper = %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp * All users * - Internet Explorer\Main (5) Default_Page_Url = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_Url = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home - Internet Explorer\Search (2) CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm - Internet Explorer\AboutURLs (6) blank = res://mshtml.dll/blank.htm DesktopItemNavigationFailure = res://shdoclc.dll/navcancl.htm NavigationCanceled = res://shdoclc.dll/navcancl.htm NavigationFailure = res://shdoclc.dll/navcancl.htm OfflineInformation = res://shdoclc.dll/offcancl.htm PostNotCached = res://mshtml.dll/repost.htm [Default URL prefixes] default = http:// ftp = ftp:// gopher = gopher:// home = http:// mosaic = http:// www = http:// [Hosts file location] DatabasePath = C:\WINDOWS\System32\drivers\etc\hosts -------------------- Protection & disabled items: [Hosts file (1)] * 127.0.0.1 * localhost [ActiveX killbits (163)] &Address - {01E04581-4EEE-11d0-BFE9-00AA005B4383} - C:\WINDOWS\system32\Browseui.dll (no name) - {0006f02a-0000-0000-c000-000000000046} - C:\PROGRA~1\MICROS~2\Office10\OUTLLIB.DLL (no name) - {283807b8-2c60-11d0-a31d-00aa00b92c03} - C:\WINDOWS\system32\danim.dll (no name) - {542FB453-5003-11CF-92A2-00AA00B8A733} - C:\WINDOWS\system32\danim.dll (no name) - {5DFB2651-9668-11D0-B17B-00C04FC2A0CA} - C:\WINDOWS\system32\danim.dll (no name) - {98cb4060-d3e7-42a1-8d65-949d34ebfe14} - C:\Program Files\Microsoft Office\Office10\SOA.DLL (no name) - {b4b3aecb-dfd6-11d1-9daa-00805f85cfe3} - C:\WINDOWS\system32\CLBCatQ.DLL (no name) - {e846f0a0-d367-11d1-8286-00a0c9231c29} - C:\WINDOWS\system32\clbcatex.dll 9x8Resize - {BC0D69A8-0923-4EEE-9375-9239F5A38B92} - C:\Program Files\Movie Maker\wmm2filt.dll ACM Class Manager - {33d9a761-90c8-11d0-bd43-00a0c911ce86} - C:\WINDOWS\system32\devenum.dll ActiveMovie Filter Class Manager - {083863F1-70DE-11d0-BD40-00A0C911CE86} - C:\WINDOWS\system32\devenum.dll ADODB.Stream - {00000566-0000-0010-8000-00AA006D2EA4} - C:\Program Files\Common Files\System\ado\msado15.dll AEPlugIn Class - {E8C31D11-6FD2-4659-AD75-155FA143F42B} - C:\PROGRA~1\MOVIEM~1\wmm2ae.dll Allocator Fix - {C0D076C5-E4C6-4561-8BF4-80DA8DB819D7} - C:\Program Files\Movie Maker\wmm2filt.dll AsyncMHandler Class - {3DA2AA3E-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx Bitmap - {4F3E50BD-A9D7-4721-B0E1-00CB42A0A747} - C:\Program Files\Movie Maker\wmm2filt.dll Bln Proxy - {bc5f1e51-5110-11d1-aff5-006097c9a284} - C:\PROGRA~1\MICROS~2\Office10\BLNMGRPS.DLL BlnMgr Class - {3f8a6c33-e0fd-11d0-8a8c-00a0c90c2bc5} - C:\Program Files\Microsoft Office\Office10\BLNMGR.DLL BlnMgr Proxy - {F27CE930-4CA3-11D1-AFF2-006097C9A284} - C:\PROGRA~1\MICROS~2\Office10\BLNMGRPS.DLL Briefcase - {85bbd920-42a0-1069-a2e4-08002b30309d} - syncui.dll CEnroll Class - {43F8F289-7A20-11D0-8F06-00C04FC295E1} - C:\WINDOWS\system32\xenroll.dll cfw Class - {ecabafc0-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll CLSID_ApprenticeICW - {8ee42293-c315-11d0-8d6f-00a0c9a06e1f} - C:\WINDOWS\system32\inetcfg.dll CLSID_CCommAcctImport - {1aa06ba1-0e88-11d1-8391-00c04fbd7c09} - C:\WINDOWS\system32\msoeacct.dll CLSID_CDIDeviceActionConfigPage - {18ab439e-fcf4-40d4-90da-f79baa3b0655} - C:\WINDOWS\system32\diactfrm.dll CommunicationManager - {67dcc487-aa48-11d1-8f4f-00c04fb611c7} - C:\WINDOWS\system32\msdtctm.dll DirectControl Class - {39A2C2A6-4778-11D2-9BDB-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx DirectX Transform Wrapper Property Page - {1B544C24-FD0B-11CE-8C63-00AA0044B520} - C:\Program Files\Movie Maker\wmm2filt.dll DiskManagement.Connection - {fd78d554-4c6e-11d0-970d-00a0c9191601} - C:\WINDOWS\System32\dmdskmgr.dll Dutch_Dutch Stemmer - {860d28d0-8bf4-11ce-be59-00aa0051fe20} - infosoft.dll English_UK Stemmer - {d99f7670-7f1a-11ce-be57-00aa0051fe20} - infosoft.dll English_US Stemmer - {eeed4c20-7f1b-11ce-be57-00aa0051fe20} - infosoft.dll Frame Eater - {6C68955E-F965-4249-8E18-F0977B1D2899} - C:\Program Files\Movie Maker\wmm2filt.dll French_French Stemmer - {2a6eb050-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll FTP Folder Web View Automation - {210DA8A2-7445-11D1-91F7-006097DF5BD4} - C:\WINDOWS\System32\msieftp.dll German_German Stemmer - {510a4910-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll H323MSP Class - {0F1BE7F8-45CA-11D2-831F-00A0244D2298} - C:\WINDOWS\system32\h323msp.dll HHCtrl Object - {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} - C:\WINDOWS\system32\hhctrl.ocx HHCtrl Object - {ADB880A6-D8FF-11CF-9377-00AA003B7A11} - C:\WINDOWS\system32\hhctrl.ocx IAVIStream & IAVIFile Proxy - {0002000D-0000-0000-C000-000000000046} - avifil32.dll ICM Class Manager - {33d9a760-90c8-11d0-bd43-00a0c911ce86} - C:\WINDOWS\system32\devenum.dll IndexServer Simple Command Creator - {c7b6c04a-cbb5-11d0-bb4c-00c04fc2f410} - C:\WINDOWS\system32\query.dll InstallEngineCtl Object - {6E449683-C509-11CF-AAFA-00AA00B6015C} - C:\WINDOWS\system32\asctrls.ocx IPConfMSP Class - {0F1BE7F7-45CA-11D2-831F-00A0244D2298} - C:\WINDOWS\system32\confmsp.dll Italian_Italian Stemmer - {6d36ce10-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll LM Runtime Control - {183C259A-0480-11d1-87EA-00C04FC29D46} - C:\WINDOWS\system32\lmrt.dll Log Sink Class - {DE4735F3-7532-4895-93DC-9A10C4257173} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCORE.DLL Marquee Control - {250770f3-6af2-11cf-a915-008029e31fcd} - C:\Program Files\Microsoft Office\Office10\HTML\HTMLMARQ.OCX MarshalableTI Class - {466d66fa-9616-11d2-9342-0000f875ae17} - C:\WINDOWS\system32\msconf.dll mbcontent Class - {52ca3bcf-3b9b-419e-a3d6-5d28c0b0b50c} - C:\WINDOWS\system32\browsewm.dll Media Streaming Dynamic Terminal - {AED6483F-3304-11D2-86F1-006008B0E5D2} - C:\WINDOWS\system32\termmgr.dll MessageMover Class - {ecabb0bf-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll Microsoft Agent Control 1.5 - {F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5} - C:\WINDOWS\msagent\agentctl.dll Microsoft Common Browser Architecture - {AF604EFE-8897-11D1-B944-00A0C90312E1} - C:\WINDOWS\system32\Browseui.dll Microsoft DDS Generic Class - {4faab301-cef6-477c-9f58-f601039e9b78} - C:\Program Files\Common Files\Microsoft Shared\MSDesigners7\msdds.dll Microsoft DDS Library Shape Control - {ec444cb6-3e7e-4865-b1c3-0de72ef39b3f} - C:\Program Files\Common Files\Microsoft Shared\MSDesigners7\msdds.dll Microsoft DDS Picture Shape Control - {6cbe0382-a879-4d2a-8ec3-1f2a43611ba8} - C:\Program Files\Common Files\Microsoft Shared\MSDesigners7\msdds.dll Microsoft DocHost User Interface Handler - {7057e952-bd1b-11d1-8919-00c04fc2c836} - C:\WINDOWS\system32\Shdocvw.dll Microsoft HTA Document 6.0 - {3050F5C8-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\MShtml.dll Microsoft Html Document for Popup Window - {3050F67D-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\MShtml.dll Microsoft Html Popup Window - {3050f667-98b5-11cf-bb82-00aa00bdce0b} - C:\WINDOWS\system32\MShtml.dll Microsoft HTML Window Security Proxy - {3050F391-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\MShtml.dll Microsoft Index Server Scope Administration Object - {3bc4f3a7-652a-11d1-b4d4-00c04fc2db8d} - C:\WINDOWS\system32\ciodm.dll Microsoft Movie Maker Age Filter - {ADEADEB8-E54B-11D1-9A72-0000F875EADE} - C:\PROGRA~1\MOVIEM~1\wmm2fxa.dll Microsoft MovieMaker Fade In Fade Out - {EC85D8F1-1C4E-46E4-A748-7AA04E7C0496} - C:\PROGRA~1\MOVIEM~1\wmm2fxa.dll Microsoft MPEG-4 Video Decompressor Property page - {598eba02-b49a-11d2-a1c1-00609778ea66} - C:\WINDOWS\system32\mpg4ds32.ax Microsoft MS Audio Decompressor Control Property page - {8FE7E181-BB96-11D2-A1CB-00609778EA66} - C:\WINDOWS\system32\msadds32.ax Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll Microsoft Office Chart 10.0 - {0002E556-0000-0000-C000-000000000046} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL Microsoft Office Chart 9.0 - {0002E500-0000-0000-C000-000000000046} - C:\PROGRA~1\MICROS~2\Office10\MSOWC.DLL Microsoft Office Data Source Control 10.0 - {0002E553-0000-0000-C000-000000000046} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL Microsoft Office Data Source Control 9.0 - {0002E530-0000-0000-C000-000000000046} - C:\PROGRA~1\MICROS~2\Office10\MSOWC.DLL Microsoft Office Free/Busy Registration - {f28d867a-ddb1-11d3-b8e8-00a0c981aeeb} - C:\PROGRA~1\MICROS~2\Office10\MSOSVFBR.DLL Microsoft Office PivotTable 10.0 - {0002E552-0000-0000-C000-000000000046} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL Microsoft Office PivotTable 9.0 - {0002E520-0000-0000-C000-000000000046} - C:\PROGRA~1\MICROS~2\Office10\MSOWC.DLL Microsoft Office Spreadsheet 10.0 - {0002E551-0000-0000-C000-000000000046} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL Microsoft Rich Textbox Control 6.0 (SP4) - {3B7C8860-D78F-101B-B9B5-04021C009402} - C:\WINDOWS\system32\RICHTX32.OCX Microsoft Visual Database Tools Database Designer V7.0 - {03cb9467-fd9d-42a8-82f9-8615b4223e6e} - C:\Program Files\Common Files\Microsoft Shared\Visual Database Tools\vdt70.dll Microsoft Visual Database Tools Query Designer V7.0 - {2c10a98f-d64f-43b4-bed6-dd0e1bf2074c} - C:\Program Files\Common Files\Microsoft Shared\Visual Database Tools\vdt70.dll Microsoft WBEM Event Subsystem - {5d08b586-343a-11d0-ad46-00c04fd8fdff} - C:\WINDOWS\system32\wbem\wbemess.dll MidiOut Class Manager - {4efe2452-168a-11d1-bc76-00c04fb9453b} - C:\WINDOWS\system32\devenum.dll MMStream Class - {49C47CE5-9BA4-11D0-8212-00C04FC32C45} - C:\WINDOWS\system32\amstream.dll Movie Maker Special Effect 1 Input - {B4DC8DD9-2CC1-4081-9B2B-20D7030234EF} - C:\PROGRA~1\MOVIEM~1\wmm2fxa.dll Movie Maker Special Effect 2 Inputs - {C63344D8-70D3-4032-9B32-7A3CAD5091A5} - C:\PROGRA~1\MOVIEM~1\wmm2fxa.dll Movie Maker Special Effect Inplace 1 Input - {353359C1-39E1-491b-9951-464FD8AB071C} - C:\PROGRA~1\MOVIEM~1\wmm2fxa.dll Movie Maker Video Adjustments - {5A20FD6F-F8FE-4A22-9EE7-307D72D09E6E} - C:\PROGRA~1\MOVIEM~1\wmm2fxa.dll MSP Class - {4DDB6D36-3BC1-11D2-86F2-006008B0E5D2} - C:\WINDOWS\system32\wavemsp.dll MSVDTDDGridCtrl7 Object - {6f9f3481-84dd-4b14-b09c-6b4288eccde8} - C:\Program Files\Common Files\Microsoft Shared\Visual Database Tools\vdt70.dll MTSEvents Class - {ecabb0ab-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll Multimedia File Property Sheet - {00022613-0000-0000-c000-000000000046} - mmsys.cpl NDFXArtEffects - {E673DCF2-C316-4C6F-AA96-4E4DC6DC291E} - C:\PROGRA~1\MOVIEM~1\wmm2fxb.dll Network Connections - {7007acc7-3202-11d1-aad2-00805fc1270e} - C:\WINDOWS\system32\NETSHELL.dll Network Connections - {992cffa0-f557-101a-88ec-00dd010ccc48} - C:\WINDOWS\system32\NETSHELL.dll Network Connections Tray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} - C:\WINDOWS\system32\NETSHELL.dll OpenCable Class - {ABBA001B-3075-11D6-88A4-00B0D0200F88} - C:\WINDOWS\System32\psisdecd.dll Outlook Express Address Book - {233A9694-667E-11D1-9DFB-006097D50408} - %ProgramFiles%\Outlook Express\msoe.dll Outlook Progress Ctl - {0006F071-0000-0000-C000-000000000046} - C:\PROGRA~1\MICROS~2\Office10\OUTLLIB.DLL PostBootReminder object - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll PSDispatch - {00020420-0000-0000-c000-000000000046} - oleaut32.dll PSEnumVariant - {00020421-0000-0000-C000-000000000046} - oleaut32.dll PSOAInterface - {00020424-0000-0000-c000-000000000046} - oleaut32.dll PSSupportErrorInfo - {DF0B3D60-548F-101B-8E65-08002B2BD119} - oleaut32.dll PSTypeComp - {00020425-0000-0000-C000-000000000046} - oleaut32.dll PSTypeInfo - {00020422-0000-0000-C000-000000000046} - oleaut32.dll PSTypeLib - {00020423-0000-0000-C000-000000000046} - oleaut32.dll Queued Components Recorder - {ecabafc2-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll Record Queue - {5B4B05EB-1F63-446B-AAD1-E10A34D650E0} - C:\Program Files\Movie Maker\wmm2filt.dll Redirect - {42B07B28-2280-4937-B035-0293FB812781} - C:\WINDOWS\system32\dxtmsft.dll RegWizCtrl - {50E5E3D1-C07E-11D0-B9FD-00A0249F6B00} - C:\WINDOWS\system32\regwizc.dll SafeWia Class - {0DAD5531-BF31-43AC-A513-1F8926BBF5EC} - C:\WINDOWS\system32\wiascr.dll Script Encoder Object - {32DA2B15-CFED-11D1-B747-00C04FC2B085} - C:\WINDOWS\system32\scrrun.dll SdpConferenceBlob Class - {9B2719DD-B696-11D0-A489-00C04FD91AC0} - C:\WINDOWS\system32\sdpblb.dll Search Assistant Control - {47c6c527-6204-4f91-849d-66e234dee015} - c:\windows\srchasst\srchui.dll ShellFolder for CD Burning - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll Shortcut - {00021401-0000-0000-c000-000000000046} - shell32.dll ShotDetect - {CFFB1FC7-270D-4986-B299-FECF3F0E42DB} - C:\Program Files\Movie Maker\wmm2filt.dll Spanish_Modern Stemmer - {b0516ff0-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll Start Menu - {4622ad11-ff23-11d0-8d34-00a0c90f2719} - C:\WINDOWS\system32\SHELL32.dll Stetch - {F44BB2D0-F070-463E-9433-B0CCF3CFD627} - C:\Program Files\Movie Maker\wmm2filt.dll Swedish_Default Stemmer - {9478f640-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll System Monitor Source Properties - {0CF32AA1-7571-11D0-93C4-00AA00A3DDEA} - C:\WINDOWS\system32\sysmon.ocx SysTray - {35cec8a3-2be6-11d2-8773-92e220524153} - C:\WINDOWS\system32\stobject.dll SysTrayInvoker - {730f6cdc-2c86-11d2-8773-92e220524153} - C:\WINDOWS\system32\stobject.dll TipGW Init - {F117831B-C052-11d1-B1C0-00C04FC2F3EF} - C:\WINDOWS\system32\msdtctm.dll Trident HTMLEditor - {3050f4f5-98b5-11cf-bb82-00aa00bdce0b} - C:\WINDOWS\system32\mshtmled.dll VFW Capture Class Manager - {860bb310-5d01-11d0-bd3b-00a0c911ce86} - C:\WINDOWS\system32\devenum.dll Video Effect (1 input) Class Manager - {cc7bfb42-f175-11d1-a392-00e0291f3959} - C:\WINDOWS\system32\qedit.dll Video Effect (2 input) Class Manager - {cc7bfb43-f175-11d1-a392-00e0291f3959} - C:\WINDOWS\system32\qedit.dll Video Mixing Renderer 9 - {51b4abf3-748f-4e3b-a276-c828330e926a} - C:\WINDOWS\system32\quartz.dll Video Render Dynamic Terminal - {AED6483E-3304-11D2-86F1-006008B0E5D2} - C:\WINDOWS\system32\termmgr.dll VideoPort Object - {ce292861-fc88-11d0-9e69-00c04fd7c15b} - C:\WINDOWS\system32\qdvd.dll VMR Allocator Presenter 9 - {2d2e24cb-0cd5-458f-86ea-3e6fa22c8e64} - C:\WINDOWS\system32\quartz.dll VMR ImageSync 9 - {e4979309-7a32-495e-8a92-7b014aad4961} - C:\WINDOWS\system32\quartz.dll WaveIn Class Manager - {33D9A762-90C8-11d0-BD43-00A0C911CE86} - C:\WINDOWS\system32\devenum.dll WaveOut and DSound Class Manager - {e0f158e1-cb04-11d0-bd4e-00a0c911ce86} - C:\WINDOWS\system32\devenum.dll Wbem Scripting Object Path - {172BDDF8-CEEA-11D1-8B05-00600806D9B6} - C:\WINDOWS\system32\wbem\wbemdisp.dll WDM Instance Provider - {d2d588b5-d081-11d0-99e0-00c04fc2f8ec} - C:\WINDOWS\system32\wbem\wmiprov.dll WIA FileSystem USD - {d2923b86-15f1-46ff-a19a-de825f919576} - C:\WINDOWS\system32\fsusd.dll WIA Video Preview Class - {457A23DF-6F2A-4684-91D0-317FB768D87C} - C:\WINDOWS\system32\camocx.dll Windows Media Video Decompressor Property page - {9AADA567-04E0-11D4-9148-00C04F610D24} - C:\WINDOWS\system32\wmv8ds32.ax WM Color Converter Filter - {CC45B0B0-72D8-4652-AE5F-5E3E266BE7ED} - C:\Program Files\Movie Maker\wmm2filt.dll WM TV Out Smooth Picture Filter - {41D2B841-7692-4C83-AFD3-F60E845341AF} - C:\Program Files\Movie Maker\wmm2filt.dll WM VIH2 Fix - {586FB486-5560-4FF3-96DF-1118C96AF456} - C:\Program Files\Movie Maker\wmm2filt.dll WMI ADSI Extension - {f0975afe-5c7f-11d2-8b74-00104b2afb41} - C:\WINDOWS\system32\wbem\wbemads.dll WMT Audio Analyzer - {1CB1623E-BBEC-4E8D-B2DF-DC08C6F4627C} - C:\Program Files\Movie Maker\wmm2filt.dll WMT Black Frame Generator - {2EA10031-0033-450E-8072-E27D9E768142} - C:\Program Files\Movie Maker\wmm2filt.dll WMT DeInterlace Filter - {C8F209F8-480E-454C-94A4-5392D88EBA0F} - C:\Program Files\Movie Maker\wmm2filt.dll WMT DeInterlace Prop Page - {A2EDA89A-0966-4B91-9C18-AB69F098187F} - C:\Program Files\Movie Maker\wmm2filt.dll WMT DirectX Transform Wrapper - {AECF5D2E-7A18-4DD2-BDCD-29B6F615B448} - C:\Program Files\Movie Maker\wmm2filt.dll WMT DV Extract Filter - {E476CBFF-E229-4524-B6B7-228A3129D1C7} - C:\Program Files\Movie Maker\wmm2filt.dll WMT FormatConversion - {2D20D4BB-B47E-4FB7-83BD-E3C2EE250D26} - C:\Program Files\Movie Maker\wmm2filt.dll WMT FormatConversion Prop Page - {E188F7A3-A04E-413E-99D1-D79A45F70305} - C:\Program Files\Movie Maker\wmm2filt.dll WMT Import Filter - {4D4C9FEF-ED80-47EA-A3FA-3215FDBB33AB} - C:\Program Files\Movie Maker\wmm2filt.dll WMT Interlacer - {C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F} - C:\Program Files\Movie Maker\wmm2filt.dll WMT Log Filter - {92883667-E95C-443D-AC96-4CACA27BEB6E} - C:\Program Files\Movie Maker\wmm2filt.dll WMT MuxDeMux Filter - {01002B17-5D93-4551-81E4-831FEF780A53} - C:\Program Files\Movie Maker\wmm2filt.dll WMT Sample Info Filter - {7F1232EE-44D7-4494-AB8B-CC61B10E21A5} - C:\Program Files\Movie Maker\wmm2filt.dll WMT Screen capture Filter - {31087270-d348-432c-899e-2d2f38ff29a0} - C:\Program Files\Movie Maker\wmm2filt.dll WMT Screen Capture Filter Task Page - {679E132F-561B-42F8-846C-A70DBDC62999} - C:\Program Files\Movie Maker\wmm2filt.dll WMT Switch Filter - {EF105BC3-C064-45F1-AD53-6D8A8578D01B} - C:\Program Files\Movie Maker\wmm2filt.dll WMT Virtual Renderer - {930FD02C-BBE7-4EB9-91CF-FC45CC91E3E6} - C:\Program Files\Movie Maker\wmm2filt.dll WMT Virtual Source - {C44C65C7-FDF1-453D-89A5-BCC28F5D69F9} - C:\Program Files\Movie Maker\wmm2filt.dll WMT Volume - {EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C} - C:\Program Files\Movie Maker\wmm2filt.dll [Zones] * This user * - Restricted sites (40) 157.238.62.14 193.125.201.50 194.187.45.55 195.255.177.28 205.209.152.121 206.161.124.98 207.226.162.34 209.66.114.130 213.131.225.2 213.21.215.186 216.152.240.10 216.152.240.13 216.152.240.14 216.152.240.16 216.255.179.234 216.65.3.68 24.244.71.239 65.75.151.192 66.117.14.138 66.117.37.7 66.197.100.83 66.197.138.235 66.230.175.129 66.250.107.100 66.250.107.101 66.250.107.99 66.250.130.194 66.250.170.107 66.250.57.26 66.250.57.27 66.250.57.28 66.250.74.150 66.40.16.198 69.31.131.82 69.31.81.82 69.50.171.122 82.146.60.36 82.179.170.11 82.179.170.82 85.249.22.240 [Stopped/disabled NT Services] * Stopped (39) * Application Layer Gateway Service = C:\WINDOWS\System32\alg.exe Application Management = C:\WINDOWS\system32\svchost.exe -k netsvcs Background Intelligent Transfer Service = C:\WINDOWS\system32\svchost.exe -k netsvcs COM+ Event System = C:\WINDOWS\system32\svchost.exe -k netsvcs COM+ System Application = C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Distributed Transaction Coordinator = C:\WINDOWS\System32\msdtc.exe Fast User Switching Compatibility = C:\WINDOWS\System32\svchost.exe -k netsvcs HTTP SSL = C:\WINDOWS\System32\svchost.exe -k HTTPFilter IMAPI CD-Burning COM Service = C:\WINDOWS\system32\imapi.exe Indexing Service = C:\WINDOWS\system32\cisvc.exe InstallDriver Table Manager = "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" Logical Disk Manager Administrative Service = C:\WINDOWS\System32\dmadmin.exe /com MS Software Shadow Copy Provider = C:\WINDOWS\system32\dllhost.exe /Processid:{4878FC02-89B4-42A0-97A8-DCF2C9601215} Net Logon = C:\WINDOWS\system32\lsass.exe NetMeeting Remote Desktop Sharing = C:\WINDOWS\System32\mnmsrvc.exe Network Connections = C:\WINDOWS\System32\svchost.exe -k netsvcs Network Location Awareness (NLA) = C:\WINDOWS\system32\svchost.exe -k netsvcs Network Provisioning Service = C:\WINDOWS\System32\svchost.exe -k netsvcs NT LM Security Support Provider = C:\WINDOWS\system32\lsass.exe Performance Logs and Alerts = C:\WINDOWS\system32\smlogsvc.exe Portable Media Serial Number Service = C:\WINDOWS\System32\svchost.exe -k netsvcs QoS RSVP = C:\WINDOWS\system32\rsvp.exe Remote Access Auto Connection Manager = C:\WINDOWS\system32\svchost.exe -k netsvcs Remote Access Connection Manager = C:\WINDOWS\system32\svchost.exe -k netsvcs Remote Desktop Help Session Manager = C:\WINDOWS\system32\sessmgr.exe Remote Procedure Call (RPC) Locator = C:\WINDOWS\system32\locator.exe Removable Storage = C:\WINDOWS\system32\svchost.exe -k netsvcs Smart Card = C:\WINDOWS\System32\SCardSvr.exe Smart Card Helper = C:\WINDOWS\System32\SCardSvr.exe Telephony = C:\WINDOWS\System32\svchost.exe -k netsvcs Telnet = C:\WINDOWS\System32\tlntsvr.exe Terminal Services = C:\WINDOWS\System32\svchost -k DComLaunch TuneUp WinStyler Theme Service = "C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe" Uninterruptible Power Supply = C:\WINDOWS\System32\ups.exe Volume Shadow Copy = C:\WINDOWS\System32\vssvc.exe Windows Image Acquisition (WIA) = C:\WINDOWS\system32\svchost.exe -k imgsvc Windows Installer = C:\WINDOWS\system32\msiexec.exe /V Windows Management Instrumentation Driver Extensions = C:\WINDOWS\System32\svchost.exe -k netsvcs WMI Performance Adapter = C:\WINDOWS\system32\wbem\wmiapsrv.exe * Stopped & disabled (9) * Alerter = C:\WINDOWS\system32\svchost.exe -k LocalService ClipBook = C:\WINDOWS\system32\clipsrv.exe Human Interface Device Access = C:\WINDOWS\System32\svchost.exe -k netsvcs Messenger = C:\WINDOWS\system32\svchost.exe -k netsvcs Network DDE = C:\WINDOWS\system32\netdde.exe Network DDE DSDM = C:\WINDOWS\system32\netdde.exe Routing and Remote Access = C:\WINDOWS\system32\svchost.exe -k netsvcs SSDP Discovery Service = C:\WINDOWS\system32\svchost.exe -k LocalService Universal Plug and Play Device Host = C:\WINDOWS\system32\svchost.exe -k LocalService [Windows XP Security] * Security Center * - This user FirstRun = dword: 1 - All users FirstRunDisabled = dword: 1 AntiVirusDisableNotify = dword: 0 FirewallDisableNotify = dword: 0 UpdatesDisableNotify = dword: 0 AntiVirusOverride = dword: 0 FirewallOverride = dword: 0 * System Restore * - All users DisableSR = dword: 0 CreateFirstRunRp = dword: 1 DSMin = dword: 200 DSMax = dword: 400 RPSessionInterval = dword: 0 RPGlobalInterval = dword: 86400 RPLifeInterval = dword: 7776000 CompressionBurst = dword: 60 TimerInterval = dword: 120 DiskPercent = dword: 12 ThawInterval = dword: 900 RestoreDiskSpaceError = dword: 0 RestoreStatus = dword: 0 RestoreSafeModeStatus = dword: 0 ================================================== = Other users on this computer: Default user = ================================================== -------------------- Autostart folders: [Startup] desktop.ini -------------------- IniMapping values: User screensaver = logon.scr -------------------- Policies: [Alternate policies] * Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) * NoDriveTypeAutoRun = dword: 145 -------------------- Registry 'Run' keys: [User Run] CTFMON.EXE = C:\WINDOWS\system32\CTFMON.EXE Spyware Doctor = -------------------- Protection & disabled items: [Zones] * Restricted sites (40) * 157.238.62.14 193.125.201.50 194.187.45.55 195.255.177.28 205.209.152.121 206.161.124.98 207.226.162.34 209.66.114.130 213.131.225.2 213.21.215.186 216.152.240.10 216.152.240.13 216.152.240.14 216.152.240.16 216.255.179.234 216.65.3.68 24.244.71.239 65.75.151.192 66.117.14.138 66.117.37.7 66.197.100.83 66.197.138.235 66.230.175.129 66.250.107.100 66.250.107.101 66.250.107.99 66.250.130.194 66.250.170.107 66.250.57.26 66.250.57.27 66.250.57.28 66.250.74.150 66.40.16.198 69.31.131.82 69.31.81.82 69.50.171.122 82.146.60.36 82.179.170.11 82.179.170.82 85.249.22.240 ================================================== = Other users on this computer: LOCAL SERVICE = ================================================== -------------------- IniMapping values: User screensaver = C:\WINDOWS\System32\logon.scr -------------------- Policies: [Alternate policies] * Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) * NoDriveTypeAutoRun = dword: 145 -------------------- Registry 'Run' keys: [User Run] CTFMON.EXE = C:\WINDOWS\System32\CTFMON.EXE -------------------- Protection & disabled items: [Zones] * Restricted sites (40) * 157.238.62.14 193.125.201.50 194.187.45.55 195.255.177.28 205.209.152.121 206.161.124.98 207.226.162.34 209.66.114.130 213.131.225.2 213.21.215.186 216.152.240.10 216.152.240.13 216.152.240.14 216.152.240.16 216.255.179.234 216.65.3.68 24.244.71.239 65.75.151.192 66.117.14.138 66.117.37.7 66.197.100.83 66.197.138.235 66.230.175.129 66.250.107.100 66.250.107.101 66.250.107.99 66.250.130.194 66.250.170.107 66.250.57.26 66.250.57.27 66.250.57.28 66.250.74.150 66.40.16.198 69.31.131.82 69.31.81.82 69.50.171.122 82.146.60.36 82.179.170.11 82.179.170.82 85.249.22.240 ================================================== = Other users on this computer: NETWORK SERVICE = ================================================== -------------------- IniMapping values: User screensaver = C:\WINDOWS\System32\logon.scr -------------------- Policies: [Alternate policies] * Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) * NoDriveTypeAutoRun = dword: 145 -------------------- Registry 'Run' keys: [User Run] CTFMON.EXE = C:\WINDOWS\System32\CTFMON.EXE -------------------- Protection & disabled items: [Zones] * Restricted sites (40) * 157.238.62.14 193.125.201.50 194.187.45.55 195.255.177.28 205.209.152.121 206.161.124.98 207.226.162.34 209.66.114.130 213.131.225.2 213.21.215.186 216.152.240.10 216.152.240.13 216.152.240.14 216.152.240.16 216.255.179.234 216.65.3.68 24.244.71.239 65.75.151.192 66.117.14.138 66.117.37.7 66.197.100.83 66.197.138.235 66.230.175.129 66.250.107.100 66.250.107.101 66.250.107.99 66.250.130.194 66.250.170.107 66.250.57.26 66.250.57.27 66.250.57.28 66.250.74.150 66.40.16.198 69.31.131.82 69.31.81.82 69.50.171.122 82.146.60.36 82.179.170.11 82.179.170.82 85.249.22.240 ================================================== = Other users on this computer: SYSTEM = ================================================== -------------------- Autostart folders: [Startup] desktop.ini -------------------- IniMapping values: User screensaver = logon.scr -------------------- Policies: [Alternate policies] * Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) * NoDriveTypeAutoRun = dword: 145 -------------------- Registry 'Run' keys: [User Run] CTFMON.EXE = C:\WINDOWS\system32\CTFMON.EXE Spyware Doctor = -------------------- Protection & disabled items: [Zones] * Restricted sites (40) * 157.238.62.14 193.125.201.50 194.187.45.55 195.255.177.28 205.209.152.121 206.161.124.98 207.226.162.34 209.66.114.130 213.131.225.2 213.21.215.186 216.152.240.10 216.152.240.13 216.152.240.14 216.152.240.16 216.255.179.234 216.65.3.68 24.244.71.239 65.75.151.192 66.117.14.138 66.117.37.7 66.197.100.83 66.197.138.235 66.230.175.129 66.250.107.100 66.250.107.101 66.250.107.99 66.250.130.194 66.250.170.107 66.250.57.26 66.250.57.27 66.250.57.28 66.250.74.150 66.40.16.198 69.31.131.82 69.31.81.82 69.50.171.122 82.146.60.36 82.179.170.11 82.179.170.82 85.249.22.240 ================================================== = Other hardware configurations: Last known good = ================================================== -------------------- Services: [NT Services (43)] Acronis Scheduler2 Service = "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" Ati HotKey Poller = C:\WINDOWS\system32\Ati2evxx.exe ATI Smart = C:\WINDOWS\system32\ati2sgag.exe Automatic Updates = C:\WINDOWS\system32\svchost.exe -k netsvcs Computer Browser = C:\WINDOWS\system32\svchost.exe -k netsvcs Cryptographic Services = C:\WINDOWS\system32\svchost.exe -k netsvcs DCOM Server Process Launcher = C:\WINDOWS\system32\svchost -k DcomLaunch DHCP Client = C:\WINDOWS\system32\svchost.exe -k netsvcs Distributed Link Tracking Client = C:\WINDOWS\system32\svchost.exe -k netsvcs DNS Client = C:\WINDOWS\system32\svchost.exe -k NetworkService Error Reporting Service = C:\WINDOWS\System32\svchost.exe -k netsvcs Event Log = C:\WINDOWS\system32\services.exe ewido anti-spyware 4.0 guard = C:\Program Files\ewido anti-spyware 4.0\guard.exe Help and Support = C:\WINDOWS\System32\svchost.exe -k netsvcs IPSEC Services = C:\WINDOWS\system32\lsass.exe Kaspersky Anti-Virus 6.0 = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r Logical Disk Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs PC Tools Spyware Doctor = C:\Program Files\Spyware Doctor\sdhelp.exe Plug and Play = C:\WINDOWS\system32\services.exe Print Spooler = C:\WINDOWS\system32\spoolsv.exe Protected Storage = C:\WINDOWS\system32\lsass.exe Remote Procedure Call (RPC) = C:\WINDOWS\system32\svchost -k rpcss Remote Registry = C:\WINDOWS\system32\svchost.exe -k LocalService Secondary Logon = C:\WINDOWS\System32\svchost.exe -k netsvcs Security Accounts Manager = C:\WINDOWS\system32\lsass.exe Security Center = C:\WINDOWS\System32\svchost.exe -k netsvcs Server = C:\WINDOWS\system32\svchost.exe -k netsvcs Shell Hardware Detection = C:\WINDOWS\System32\svchost.exe -k netsvcs System Event Notification = C:\WINDOWS\system32\svchost.exe -k netsvcs System Restore Service = C:\WINDOWS\system32\svchost.exe -k netsvcs Task Scheduler = C:\WINDOWS\System32\svchost.exe -k netsvcs TCP/IP NetBIOS Helper = C:\WINDOWS\system32\svchost.exe -k LocalService Themes = C:\WINDOWS\System32\svchost.exe -k netsvcs User Profile Hive Cleanup = C:\Program Files\UPHClean\uphclean.exe WebClient = C:\WINDOWS\system32\svchost.exe -k LocalService Webroot Spy Sweeper Engine = C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe Windows Audio = C:\WINDOWS\System32\svchost.exe -k netsvcs Windows Firewall/Internet Connection Sharing (ICS) = C:\WINDOWS\system32\svchost.exe -k netsvcs Windows Management Instrumentation = C:\WINDOWS\system32\svchost.exe -k netsvcs Windows Time = C:\WINDOWS\System32\svchost.exe -k netsvcs Windows User Mode Driver Framework = C:\WINDOWS\system32\wdfmgr.exe Wireless Zero Configuration = C:\WINDOWS\System32\svchost.exe -k netsvcs Workstation = C:\WINDOWS\system32\svchost.exe -k netsvcs [SafeBoot services (Minimal boot)] * CD-ROM Drive * {4D36E965-E325-11CE-BFC1-08002BE10318} * DiskDrive * {4D36E967-E325-11CE-BFC1-08002BE10318} * Driver * dmboot.sys dmio.sys dmload.sys sermouse.sys vga.sys vgasave.sys * Driver Group * Base Boot Bus Extender Boot file system File system Filter PCI Configuration PNP Filter Primary disk SCSI Class System Bus Extender * Floppy disk drive * {4D36E980-E325-11CE-BFC1-08002BE10318} * FSFilter System Recovery * sr.sys * Hdc * {4D36E96A-E325-11CE-BFC1-08002BE10318} * Human Interface Devices * {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} * Keyboard * {4D36E96B-E325-11CE-BFC1-08002BE10318} * Mouse * {4D36E96F-E325-11CE-BFC1-08002BE10318} * PCMCIA Adapters * {4D36E977-E325-11CE-BFC1-08002BE10318} * SCSIAdapter * {4D36E97B-E325-11CE-BFC1-08002BE10318} * Service * AppMgmt CryptSvc DcomLaunch dmadmin dmserver EventLog HelpSvc Netlogon PlugPlay RpcSs SRService svcWRSSSDK WinMgmt * Standard floppy disk controller * {4D36E969-E325-11CE-BFC1-08002BE10318} * System * {4D36E97D-E325-11CE-BFC1-08002BE10318} * Universal Serial Bus controllers * {36FC9E60-C465-11CF-8056-444553540000} * Volume * {71A27CDD-812A-11D0-BEC7-08002BE2092F} [SafeBoot services (Minimal boot + network support)] * CD-ROM Drive * {4D36E965-E325-11CE-BFC1-08002BE10318} * DiskDrive * {4D36E967-E325-11CE-BFC1-08002BE10318} * Driver * dmboot.sys dmio.sys dmload.sys ip6fw.sys ipnat.sys nm.sys rdpcdd.sys rdpdd.sys rdpwd.sys sermouse.sys tdpipe.sys tdtcp.sys vga.sys vgasave.sys * Driver Group * Base Boot Bus Extender Boot file system File system Filter NDIS NDIS Wrapper NetBIOSGroup NetDDEGroup Network NetworkProvider PCI Configuration PNP Filter PNP_TDI Primary disk SCSI Class Streams Drivers System Bus Extender TDI * Floppy disk drive * {4D36E980-E325-11CE-BFC1-08002BE10318} * FSFilter System Recovery * sr.sys * Hdc * {4D36E96A-E325-11CE-BFC1-08002BE10318} * Human Interface Devices * {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} * Keyboard * {4D36E96B-E325-11CE-BFC1-08002BE10318} * Mouse * {4D36E96F-E325-11CE-BFC1-08002BE10318} * Net * {4D36E972-E325-11CE-BFC1-08002BE10318} * NetClient * {4D36E973-E325-11CE-BFC1-08002BE10318} * NetService * {4D36E974-E325-11CE-BFC1-08002BE10318} * NetTrans * {4D36E975-E325-11CE-BFC1-08002BE10318} * PCMCIA Adapters * {4D36E977-E325-11CE-BFC1-08002BE10318} * SCSIAdapter * {4D36E97B-E325-11CE-BFC1-08002BE10318} * Service * AFD AppMgmt Browser CryptSvc DcomLaunch Dhcp dmadmin dmserver DnsCache EventLog HelpSvc LanmanServer LanmanWorkstation LmHosts Messenger Ndisuio NetBIOS NetBT Netlogon NetMan nm NtLmSsp PlugPlay rdsessmgr RpcSs SharedAccess SRService svcWRSSSDK SYMTDI Tcpip termservice UploadMgr WinMgmt WZCSVC * Standard floppy disk controller * {4D36E969-E325-11CE-BFC1-08002BE10318} * System * {4D36E97D-E325-11CE-BFC1-08002BE10318} * Universal Serial Bus controllers * {36FC9E60-C465-11CF-8056-444553540000} * Volume * {71A27CDD-812A-11D0-BEC7-08002BE2092F} [SafeBoot: Alternate shell] cmd.exe (not enabled) -------------------- Driver filters: [Class filters] * Infrared devices * - Upper filters IRENUM.sys * Storage volumes * - Upper filters VolSnap.sys snapman.sys timounter.sys [Device filters] * CD-ROM Drive * - Upper filters redbook.sys * CD-ROM Drive * - Upper filters redbook.sys - Lower filters imapi.sys * Communications Port * - Upper filters serenum.sys * Communications Port * - Upper filters serenum.sys * Direct Parallel * - Lower filters PtiLink.sys * Intel(R) 536EP Modem * - Lower filters IntelS51.sys * Terminal Server Keyboard Driver * - Upper filters kbdclass.sys * Terminal Server Mouse Driver * - Upper filters mouclass.sys * VIA CPU to AGP Controller * - Upper filters VIAAGP1.sys * WAN Miniport (IP) * - Lower filters NdisTapi.sys * WAN Miniport (PPPOE) * - Lower filters NdisTapi.sys * WAN Miniport (PPTP) * - Lower filters NdisTapi.sys -------------------- Print monitors (5): BJ Language Monitor - cnbjmon.dll Local Port - localspl.dll PJL Language Monitor - pjlmon.dll Standard TCP/IP Port - tcpmon.dll USB Monitor - usbmon.dll -------------------- WOW compatibility: cmdline = C:\WINDOWS\system32\ntvdm.exe wowcmdline = C:\WINDOWS\system32\ntvdm.exe -a C:\WINDOWS\system32\krnl386 [KnownDlls (16-bit) (40)] avicap.dll avifile.dll comm.drv commdlg.dll compobj.dll ctl3dv2.dll ddeml.dll keyboard.drv lanman.drv mapi.dll mciavi.drv mciseq.drv mciwave.drv mmsystem.dll mouse.drv msacm.dll msvideo.dll netapi.dll ole2.dll ole2disp.dll ole2nls.dll olecli.dll olesvr.dll pmspl.dll progman.exe rasapi16.dll shell.dll sound.drv storage.dll system.drv timer.drv toolhelp.dll typelib.dll vga.drv wfwnet.drv win87em.dll winoldap.mod winsock.dll winspool.exe wowdeb.exe [KnownDlls (32-bit) (20)] advapi32.dll comdlg32.dll gdi32.dll imagehlp.dll kernel32.dll lz32.dll ole32.dll oleaut32.dll olecli32.dll olecnv32.dll olesvr32.dll olethk32.dll rpcrt4.dll shell32.dll url.dll urlmon.dll user32.dll version.dll wininet.dll wldap32.dll -------------------------------------------------- End of report, 151,934 bytes Commandline options: /showempty - Show empty sections /showcmts - Show comments in .bat files /noshowclsids - Hide class IDs /noshowprivate - Hide usernames and computer name /noshowusers - Hide entries from other users /noshowhardware - Hide entries from other hardware configurations /showlargehosts - Show hosts file even when more than 1000 lines are in it /showlargezones - Show Zones even when more than 1000 domains are in them /autosave - Run hidden, automatically save a report and quit