StartupList report, 4/19/2013, 10:11:48 PM StartupList version 2.02.0 Started from: C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for startuplist.zip\StartupList.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Logged on as 'Owner' to 'DEBEVE' * Using default options (see end of log for possible options) ================================================== Running processes (32): [C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for startuplist.zip\StartupList.exe (41)] C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\asycfilt.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\COMCTL32.dll C:\WINDOWS\system32\comdlg32.dll C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\DNSAPI.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\MSCOMCTL.OCX C:\WINDOWS\system32\msctfime.ime C:\WINDOWS\system32\msi.dll C:\WINDOWS\system32\MSVBVM60.DLL C:\WINDOWS\system32\MSVCP60.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\NETAPI32.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\NTDSAPI.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\Secur32.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\SXS.DLL C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\wbem\fastprox.dll C:\WINDOWS\system32\wbem\wbemcomn.dll C:\WINDOWS\system32\wbem\wbemdisp.dll C:\WINDOWS\system32\wbem\wbemprox.dll C:\WINDOWS\system32\wbem\wbemsvc.dll C:\WINDOWS\system32\wbem\wmiutils.dll C:\WINDOWS\system32\WLDAP32.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [C:\PROGRA~1\AVG\AVG2013\avgrsx.exe (9)] C:\PROGRA~1\AVG\AVG2013\avgcclix.dll C:\PROGRA~1\AVG\AVG2013\avgcertx.dll C:\PROGRA~1\AVG\AVG2013\avgchjwx.dll C:\PROGRA~1\AVG\AVG2013\avgclitx.dll C:\Program Files\AVG\AVG2013\avgcommx.dll C:\Program Files\AVG\AVG2013\avglogx.dll C:\Program Files\AVG\AVG2013\avgntopensslx.dll C:\Program Files\AVG\AVG2013\avgsysx.dll C:\WINDOWS\system32\ntdll.dll [C:\Program Files\AVG\AVG2013\avgcsrvx.exe (7)] C:\Program Files\AVG\AVG2013\avgcertx.dll C:\Program Files\AVG\AVG2013\avgchclx.dll C:\Program Files\AVG\AVG2013\avgcorex.dll C:\Program Files\AVG\AVG2013\avglogx.dll C:\Program Files\AVG\AVG2013\avgntopensslx.dll C:\Program Files\AVG\AVG2013\avgsysx.dll C:\WINDOWS\system32\ntdll.dll [C:\Program Files\AVG\AVG2013\avgemcx.exe (25)] C:\Program Files\AVG\AVG2013\avgcfgx.dll C:\Program Files\AVG\AVG2013\avgcommx.dll C:\Program Files\AVG\AVG2013\avgkrnlapix.dll C:\Program Files\AVG\AVG2013\avglogx.dll C:\Program Files\AVG\AVG2013\avgntopensslx.dll C:\Program Files\AVG\AVG2013\avgsecapix.dll C:\Program Files\AVG\AVG2013\avgsysx.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\CRYPT32.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\MSASN1.dll C:\WINDOWS\system32\MSVCR100.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [C:\Program Files\AVG\AVG2013\avgidsagent.exe (47)] C:\Program Files\AVG\AVG2013\avgcertx.dll C:\Program Files\AVG\AVG2013\avgcfgx.dll C:\Program Files\AVG\AVG2013\avgchclx.dll C:\Program Files\AVG\AVG2013\avgclitx.dll C:\Program Files\AVG\AVG2013\avgcommx.dll C:\Program Files\AVG\AVG2013\avglogx.dll C:\Program Files\AVG\AVG2013\avgntopensslx.dll C:\Program Files\AVG\AVG2013\avgntsqlitex.dll C:\Program Files\AVG\AVG2013\avgopensslx.dll C:\Program Files\AVG\AVG2013\avgsysx.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\CRYPT32.dll C:\WINDOWS\system32\DNSAPI.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\hnetcfg.dll C:\WINDOWS\system32\iertutil.dll C:\WINDOWS\system32\IMAGEHLP.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\IPHLPAPI.DLL C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\MSASN1.dll C:\WINDOWS\system32\MSVCP100.dll C:\WINDOWS\system32\MSVCR100.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\System32\mswsock.dll C:\WINDOWS\system32\Normaliz.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\rasadhlp.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\secur32.dll C:\WINDOWS\system32\sfc.dll C:\WINDOWS\system32\sfc_os.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\urlmon.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\WININET.dll C:\WINDOWS\system32\wintrust.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\System32\wshtcpip.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [C:\Program Files\AVG\AVG2013\avgnsx.exe (32)] C:\Program Files\AVG\AVG2013\avgcfgx.dll C:\Program Files\AVG\AVG2013\avgclitx.dll C:\Program Files\AVG\AVG2013\avgcommx.dll C:\Program Files\AVG\AVG2013\avglogx.dll C:\Program Files\AVG\AVG2013\avgntopensslx.dll C:\Program Files\AVG\AVG2013\avgopensslx.dll C:\Program Files\AVG\AVG2013\avgsysx.dll C:\Program Files\AVG\AVG2013\avgxpl.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\iertutil.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\MSVCP100.dll C:\WINDOWS\system32\MSVCR100.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\Normaliz.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\Secur32.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\urlmon.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\WININET.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [C:\Program Files\AVG\AVG2013\avgui.exe (48)] C:\Program Files\AVG\AVG2013\avgapps.dll C:\Program Files\AVG\AVG2013\avgcfgx.dll C:\Program Files\AVG\AVG2013\avgclitx.dll C:\Program Files\AVG\AVG2013\avgcommx.dll C:\Program Files\AVG\AVG2013\avgdecider.dll C:\Program Files\AVG\AVG2013\avgidpmx.dll C:\Program Files\AVG\AVG2013\avgkrnlapix.dll C:\Program Files\AVG\AVG2013\avglngx.dll C:\Program Files\AVG\AVG2013\avglogx.dll C:\Program Files\AVG\AVG2013\avgntopensslx.dll C:\Program Files\AVG\AVG2013\avgsysx.dll C:\Program Files\AVG\AVG2013\avguires.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\COMDLG32.dll C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\jscript.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\MFC100ENU.DLL C:\WINDOWS\system32\mfc100u.dll C:\WINDOWS\system32\MPR.dll C:\WINDOWS\system32\msctfime.ime C:\WINDOWS\system32\MSIMG32.dll C:\WINDOWS\system32\MSVCP100.dll C:\WINDOWS\system32\MSVCR100.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\mswsock.dll C:\WINDOWS\system32\NETAPI32.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\SXS.DLL C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\UxTheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\system32\WINSTA.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\system32\wtsapi32.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll [C:\Program Files\AVG\AVG2013\avgwdsvc.exe (60)] C:\Program Files\AVG\AVG2013\avgadvisorx.dll C:\Program Files\AVG\AVG2013\avgcfgx.dll C:\Program Files\AVG\AVG2013\avgclitx.dll C:\Program Files\AVG\AVG2013\avgcommx.dll C:\Program Files\AVG\AVG2013\avgcslx.dll C:\Program Files\AVG\AVG2013\avgidpsdkx.dll C:\Program Files\AVG\AVG2013\avglogx.dll C:\Program Files\AVG\AVG2013\avgntopensslx.dll C:\Program Files\AVG\AVG2013\avgntsqlitex.dll C:\Program Files\AVG\AVG2013\avgopensslx.dll C:\Program Files\AVG\AVG2013\avgsched.dll C:\Program Files\AVG\AVG2013\avgsecapix.dll C:\Program Files\AVG\AVG2013\avgsysx.dll C:\Program Files\AVG\AVG2013\avgwd.dll C:\Program Files\AVG\AVG2013\avgwdwsc.dll C:\Program Files\AVG\AVG2013\avgxpl.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\DNSAPI.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\hnetcfg.dll C:\WINDOWS\system32\iertutil.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\IPHLPAPI.DLL C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\MSVCP100.dll C:\WINDOWS\system32\MSVCP60.dll C:\WINDOWS\system32\MSVCR100.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\System32\mswsock.dll C:\WINDOWS\system32\NETAPI32.dll C:\WINDOWS\system32\Normaliz.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\NTDSAPI.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\rasadhlp.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\Secur32.dll C:\WINDOWS\system32\SensAPI.DLL C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\snmpapi.dll C:\WINDOWS\system32\urlmon.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\wbem\fastprox.dll C:\WINDOWS\system32\wbem\wbemcomn.dll C:\WINDOWS\system32\wbem\wbemprox.dll C:\WINDOWS\system32\wbem\wbemsvc.dll C:\WINDOWS\system32\WININET.dll C:\WINDOWS\system32\WLDAP32.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\System32\wshtcpip.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (33)] C:\Program Files\Common Files\AOL\ACS\AcsCmn.dll C:\Program Files\Common Files\AOL\ACS\ACSMDiag.dll C:\Program Files\Common Files\AOL\ACS\AOLacsd.dll C:\Program Files\Common Files\AOL\ACS\xpat.dll C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\msctfime.ime C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\NETAPI32.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\psapi.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\rtutils.dll C:\WINDOWS\system32\SETUPAPI.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\TAPI32.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\userenv.dll C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\system32\WINSTA.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\system32\wtsapi32.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (18)] C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\hnetcfg.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\mswsock.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\NTMARTA.DLL C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\SAMLIB.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\WLDAP32.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\System32\wshtcpip.dll [C:\Program Files\Common Files\Java\Java Update\jusched.exe (19)] C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\iertutil.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\Normaliz.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\urlmon.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\WININET.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (21)] C:\Program Files\CyberLink\PowerDVD\CLRCEngine2.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\msctfime.ime C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [C:\Program Files\Digital Media Reader\shwiconem.exe (17)] C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\COMCTL32.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\msctfime.ime C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\SETUPAPI.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [C:\Program Files\Java\jre7\bin\jqs.exe (31)] C:\Program Files\Java\jre7\bin\MSVCR100.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\COMCTL32.dll C:\WINDOWS\system32\comdlg32.dll C:\WINDOWS\system32\CRYPT32.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\hnetcfg.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\MSASN1.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\mswsock.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ODBC32.dll C:\WINDOWS\system32\odbcbcp.dll C:\WINDOWS\system32\odbcint.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\pdh.dll C:\WINDOWS\system32\perfdisk.dll C:\WINDOWS\system32\perfos.dll C:\WINDOWS\system32\psapi.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\System32\wshtcpip.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [C:\Program Files\Lexmark 2300 Series\ezprint.exe (40)] C:\Program Files\Lexmark 2300 Series\customui.dll C:\Program Files\Lexmark 2300 Series\Epfunct.DLL C:\Program Files\Lexmark 2300 Series\epstring.dll C:\Program Files\Lexmark 2300 Series\Eputil.DLL C:\Program Files\Lexmark 2300 Series\Epwizard.DLL C:\Program Files\Lexmark 2300 Series\Imagutil.DLL C:\Program Files\Lexmark 2300 Series\iptk.dll C:\Program Files\Lexmark 2300 Series\LTDIS13N.dll C:\Program Files\Lexmark 2300 Series\LTEFX13N.dll C:\Program Files\Lexmark 2300 Series\ltfil13n.DLL C:\Program Files\Lexmark 2300 Series\LTIMG13N.dll C:\Program Files\Lexmark 2300 Series\LTKRN13N.dll C:\Program Files\Lexmark 2300 Series\LTWVC13n.dll C:\Program Files\Lexmark 2300 Series\MFC42.DLL C:\Program Files\Lexmark 2300 Series\PdfLib.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\CFGMGR32.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\COMCTL32.dll C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\msctfime.ime C:\WINDOWS\system32\MSIMG32.dll C:\WINDOWS\system32\MSVCRT.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\setupapi.DLL C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\sti.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\WINSPOOL.DRV C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [C:\Program Files\Lexmark 2300 Series\lxcgmon.exe (28)] C:\Program Files\Lexmark 2300 Series\lxcgcfg.dll C:\Program Files\Lexmark 2300 Series\lxcgcomc.dll C:\Program Files\Lexmark 2300 Series\lxcgdrec.dll C:\Program Files\Lexmark 2300 Series\lxcgpplc.dll C:\Program Files\Lexmark 2300 Series\lxcgscw.dll C:\Program Files\Lexmark 2300 Series\lxcgtsfw.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\IMM32.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\lxcgprox.dll C:\WINDOWS\system32\MSVCP60.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\WINSPOOL.DRV C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [C:\Program Files\Microsoft LifeCam\MSCamS32.exe (37)] C:\Program Files\Microsoft LifeCam\CAL2.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\COMCTL32.dll C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\CRYPT32.dll C:\WINDOWS\system32\devenum.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\HID.DLL C:\WINDOWS\system32\IMAGEHLP.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\midimap.dll C:\WINDOWS\system32\MSACM32.dll C:\WINDOWS\system32\msacm32.drv C:\WINDOWS\system32\MSASN1.dll C:\WINDOWS\system32\msdmo.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\NETAPI32.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\SETUPAPI.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\wdmaud.drv C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\system32\WINSTA.dll C:\WINDOWS\system32\WINTRUST.dll C:\WINDOWS\system32\WTSAPI32.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCP90.dll C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [C:\Program Files\Mozilla Firefox\firefox.exe (102)] C:\Program Files\Mozilla Firefox\components\browsercomps.dll C:\Program Files\Mozilla Firefox\freebl3.dll C:\Program Files\Mozilla Firefox\gkmedias.dll C:\Program Files\Mozilla Firefox\mozalloc.dll C:\Program Files\Mozilla Firefox\mozglue.dll C:\Program Files\Mozilla Firefox\mozjs.dll C:\Program Files\Mozilla Firefox\mozsqlite3.dll C:\Program Files\Mozilla Firefox\MSVCP100.dll C:\Program Files\Mozilla Firefox\MSVCR100.dll C:\Program Files\Mozilla Firefox\nspr4.dll C:\Program Files\Mozilla Firefox\nss3.dll C:\Program Files\Mozilla Firefox\nssckbi.dll C:\Program Files\Mozilla Firefox\nssdbm3.dll C:\Program Files\Mozilla Firefox\nssutil3.dll C:\Program Files\Mozilla Firefox\plc4.dll C:\Program Files\Mozilla Firefox\plds4.dll C:\Program Files\Mozilla Firefox\smime3.dll C:\Program Files\Mozilla Firefox\softokn3.dll C:\Program Files\Mozilla Firefox\ssl3.dll C:\Program Files\Mozilla Firefox\xpcom.dll C:\Program Files\Mozilla Firefox\xul.dll C:\WINDOWS\HKCYDLL.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\appHelp.dll C:\WINDOWS\system32\ATL.DLL C:\WINDOWS\system32\browseui.dll C:\WINDOWS\system32\Cabinet.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\COMDLG32.dll C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\CRYPT32.dll C:\WINDOWS\system32\cryptdll.dll C:\WINDOWS\system32\CRYPTUI.dll C:\WINDOWS\System32\CSCDLL.dll C:\WINDOWS\System32\cscui.dll C:\WINDOWS\system32\dbghelp.dll C:\WINDOWS\system32\DNSAPI.dll C:\WINDOWS\system32\feclient.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\hnetcfg.dll C:\WINDOWS\system32\icm32.dll C:\WINDOWS\system32\iertutil.dll C:\WINDOWS\system32\IMAGEHLP.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\IPHLPAPI.DLL C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\LZ32.dll C:\WINDOWS\system32\midimap.dll C:\WINDOWS\system32\MPR.dll C:\WINDOWS\system32\MSACM32.dll C:\WINDOWS\system32\msacm32.drv C:\WINDOWS\system32\MSASN1.dll C:\WINDOWS\system32\mscms.dll C:\WINDOWS\system32\msctfime.ime C:\WINDOWS\system32\msdmo.dll C:\WINDOWS\system32\MSIMG32.dll C:\WINDOWS\system32\msv1_0.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\mswsock.dll C:\WINDOWS\system32\NETAPI32.dll C:\WINDOWS\system32\Normaliz.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\NTMARTA.DLL C:\WINDOWS\system32\ntshrui.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\rasadhlp.dll C:\WINDOWS\system32\RASAPI32.dll C:\WINDOWS\system32\rasman.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\rsaenh.dll C:\WINDOWS\system32\rtutils.dll C:\WINDOWS\system32\SAMLIB.dll C:\WINDOWS\system32\Secur32.dll C:\WINDOWS\system32\sensapi.dll C:\WINDOWS\system32\SETUPAPI.dll C:\WINDOWS\system32\shdocvw.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\t2embed.dll C:\WINDOWS\system32\TAPI32.dll C:\WINDOWS\system32\urlmon.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\system32\USP10.dll C:\WINDOWS\system32\UxTheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\wdmaud.drv C:\WINDOWS\system32\WININET.dll C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\System32\winrnr.dll C:\WINDOWS\system32\WINSPOOL.DRV C:\WINDOWS\system32\WINTRUST.dll C:\WINDOWS\system32\WLDAP32.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\System32\wshtcpip.dll C:\WINDOWS\system32\WSOCK32.dll C:\WINDOWS\system32\wuapi.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [C:\Program Files\Mozilla Firefox\plugin-container.exe (72)] C:\Program Files\Mozilla Firefox\gkmedias.dll C:\Program Files\Mozilla Firefox\mozalloc.dll C:\Program Files\Mozilla Firefox\mozglue.dll C:\Program Files\Mozilla Firefox\mozjs.dll C:\Program Files\Mozilla Firefox\mozsqlite3.dll C:\Program Files\Mozilla Firefox\MSVCP100.dll C:\Program Files\Mozilla Firefox\MSVCR100.dll C:\Program Files\Mozilla Firefox\nspr4.dll C:\Program Files\Mozilla Firefox\nss3.dll C:\Program Files\Mozilla Firefox\nssutil3.dll C:\Program Files\Mozilla Firefox\plc4.dll C:\Program Files\Mozilla Firefox\plds4.dll C:\Program Files\Mozilla Firefox\smime3.dll C:\Program Files\Mozilla Firefox\ssl3.dll C:\Program Files\Mozilla Firefox\xul.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\COMDLG32.dll C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\CRYPT32.dll C:\WINDOWS\system32\DNSAPI.dll C:\WINDOWS\system32\DSOUND.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\hnetcfg.dll C:\WINDOWS\system32\icm32.dll C:\WINDOWS\system32\iertutil.dll C:\WINDOWS\system32\IMAGEHLP.dll C:\WINDOWS\system32\IMM32.dll C:\WINDOWS\system32\IPHLPAPI.DLL C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll C:\WINDOWS\system32\midimap.dll C:\WINDOWS\system32\mlang.dll C:\WINDOWS\system32\MSACM32.dll C:\WINDOWS\system32\msacm32.drv C:\WINDOWS\system32\MSASN1.dll C:\WINDOWS\system32\mscms.dll C:\WINDOWS\system32\msctfime.ime C:\WINDOWS\system32\msdmo.dll C:\WINDOWS\system32\MSIMG32.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\mswsock.dll C:\WINDOWS\system32\NETAPI32.dll C:\WINDOWS\system32\Normaliz.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\rasadhlp.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\rsaenh.dll C:\WINDOWS\system32\schannel.dll C:\WINDOWS\system32\Secur32.dll C:\WINDOWS\system32\SETUPAPI.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\urlmon.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\system32\USP10.dll C:\WINDOWS\system32\UxTheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\wdmaud.drv C:\WINDOWS\system32\WININET.dll C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\system32\WINSPOOL.DRV C:\WINDOWS\system32\WINTRUST.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\System32\wshtcpip.dll C:\WINDOWS\system32\WSOCK32.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [C:\WINDOWS\CNYHKey.exe (25)] C:\WINDOWS\CNYUSB.dll C:\WINDOWS\HKCYDLL.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\COMCTL32.dll C:\WINDOWS\system32\COMDLG32.dll C:\WINDOWS\system32\CRYPT32.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\HID.DLL C:\WINDOWS\system32\IMAGEHLP.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\MSASN1.dll C:\WINDOWS\system32\msctfime.ime C:\WINDOWS\system32\MSVCRT.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\SETUPAPI.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\WINTRUST.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [C:\WINDOWS\Explorer.EXE (100)] C:\Program Files\AVG\AVG2013\avgse.dll C:\Program Files\AVG\AVG2013\avgsysx.dll C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll C:\Program Files\Common Files\aolshare\aolshcpy.dll C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll C:\WINDOWS\AppPatch\AcGenral.DLL C:\WINDOWS\system32\actxprxy.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\appHelp.dll C:\WINDOWS\system32\ATL.DLL C:\WINDOWS\system32\BatMeter.dll C:\WINDOWS\system32\browselc.dll C:\WINDOWS\system32\BROWSEUI.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\credui.dll C:\WINDOWS\system32\CRYPT32.dll C:\WINDOWS\system32\CRYPTUI.dll C:\WINDOWS\System32\CSCDLL.dll C:\WINDOWS\System32\cscui.dll C:\WINDOWS\System32\davclnt.dll C:\WINDOWS\System32\drprov.dll C:\WINDOWS\system32\DUSER.dll C:\WINDOWS\system32\FXSAPI.dll C:\WINDOWS\system32\fxsst.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\ieframe.dll C:\WINDOWS\system32\iertutil.dll C:\WINDOWS\system32\IMAGEHLP.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\iphlpapi.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\LINKINFO.dll C:\WINDOWS\system32\midimap.dll C:\WINDOWS\system32\MLANG.dll C:\WINDOWS\system32\MPR.dll C:\WINDOWS\system32\MSACM32.dll C:\WINDOWS\system32\msacm32.drv C:\WINDOWS\system32\MSASN1.dll C:\WINDOWS\system32\msctfime.ime C:\WINDOWS\system32\msi.dll C:\WINDOWS\system32\MSIMG32.dll C:\WINDOWS\system32\MSVCP100.dll C:\WINDOWS\system32\MSVCR100.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\mydocs.dll C:\WINDOWS\system32\NETAPI32.dll C:\WINDOWS\System32\NETRAP.dll C:\WINDOWS\system32\NETSHELL.dll C:\WINDOWS\System32\NETUI0.dll C:\WINDOWS\System32\NETUI1.dll C:\WINDOWS\system32\Normaliz.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\System32\ntlanman.dll C:\WINDOWS\system32\NTMARTA.DLL C:\WINDOWS\system32\ntshrui.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\PortableDeviceApi.dll C:\WINDOWS\system32\PortableDeviceTypes.dll C:\WINDOWS\system32\POWRPROF.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\rsaenh.dll C:\WINDOWS\system32\rtutils.dll C:\WINDOWS\system32\SAMLIB.dll C:\WINDOWS\system32\Secur32.dll C:\WINDOWS\system32\SETUPAPI.dll C:\WINDOWS\system32\SHDOCVW.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\ShimEng.dll C:\WINDOWS\system32\shimgvw.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\stobject.dll C:\WINDOWS\system32\themeui.dll C:\WINDOWS\system32\urlmon.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\system32\UxTheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\wdmaud.drv C:\WINDOWS\system32\webcheck.dll C:\WINDOWS\system32\WINHTTP.dll C:\WINDOWS\system32\WININET.dll C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\system32\WINSPOOL.DRV C:\WINDOWS\system32\WINSTA.dll C:\WINDOWS\system32\WINTRUST.dll C:\WINDOWS\system32\WLDAP32.dll C:\WINDOWS\system32\WPDShServiceObj.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\system32\WTSAPI32.dll C:\WINDOWS\system32\wzcdlg.dll C:\WINDOWS\system32\WZCSAPI.DLL C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\system32\zipfldr.dll C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll [C:\WINDOWS\system32\igfxpers.exe (20)] C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\igfxsrvc.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\msctfime.ime C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\NETAPI32.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\WINSTA.dll C:\WINDOWS\system32\wtsapi32.dll C:\WINDOWS\system32\xpsp2res.dll [C:\WINDOWS\system32\lsass.exe (55)] C:\WINDOWS\AppPatch\AcGenral.DLL C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\AUTHZ.dll C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\CRYPT32.dll C:\WINDOWS\system32\cryptdll.dll C:\WINDOWS\system32\DNSAPI.dll C:\WINDOWS\system32\dssenh.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\hnetcfg.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\iphlpapi.dll C:\WINDOWS\system32\ipsecsvc.dll C:\WINDOWS\system32\kerberos.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\LSASRV.dll C:\WINDOWS\system32\MPR.dll C:\WINDOWS\system32\MSACM32.dll C:\WINDOWS\system32\MSASN1.dll C:\WINDOWS\system32\msprivs.dll C:\WINDOWS\system32\msv1_0.dll C:\WINDOWS\system32\MSVCP60.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\mswsock.dll C:\WINDOWS\system32\NETAPI32.dll C:\WINDOWS\system32\netlogon.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\NTDSAPI.dll C:\WINDOWS\system32\oakley.DLL C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\psbase.dll C:\WINDOWS\system32\pstorsvc.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\rsaenh.dll C:\WINDOWS\system32\SAMLIB.dll C:\WINDOWS\system32\SAMSRV.dll C:\WINDOWS\system32\schannel.dll C:\WINDOWS\system32\Secur32.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\ShimEng.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\system32\UxTheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\w32time.dll C:\WINDOWS\system32\wdigest.dll C:\WINDOWS\system32\WINIPSEC.DLL C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\system32\WLDAP32.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\System32\wshtcpip.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [C:\WINDOWS\system32\lxcgcoms.exe (26)] C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\CRYPT32.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\HID.DLL C:\WINDOWS\system32\IMAGEHLP.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\lxcgprox.dll C:\WINDOWS\system32\lxcgserv.dll C:\WINDOWS\system32\lxcgusb1.dll C:\WINDOWS\system32\MSASN1.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\netapi32.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\SETUPAPI.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\WINSPOOL.DRV C:\WINDOWS\system32\WINTRUST.dll C:\WINDOWS\system32\xpsp2res.dll [C:\WINDOWS\system32\services.exe (35)] C:\WINDOWS\AppPatch\AcGenral.DLL C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\Apphelp.dll C:\WINDOWS\system32\AUTHZ.dll C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\eventlog.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\MSACM32.dll C:\WINDOWS\system32\MSVCP60.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\NCObjAPI.DLL C:\WINDOWS\system32\NETAPI32.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\SCESRV.dll C:\WINDOWS\system32\secur32.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\ShimEng.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\umpnpmgr.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\system32\UxTheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\system32\WINSTA.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\system32\wtsapi32.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [C:\WINDOWS\System32\smss.exe (1)] C:\WINDOWS\system32\ntdll.dll [C:\WINDOWS\system32\spoolsv.exe (62)] C:\WINDOWS\AppPatch\AcGenral.DLL C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\cnbjmon.dll C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\comdlg32.dll C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\CRYPT32.dll C:\WINDOWS\system32\DNSAPI.dll C:\WINDOWS\system32\FXSEVENT.dll C:\WINDOWS\system32\FXSMON.DLL C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\IM31IMG.DIL C:\WINDOWS\system32\IMAGEHLP.dll C:\WINDOWS\system32\IMGMAN32.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\inetpp.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\localspl.dll C:\WINDOWS\system32\lxcglmpm.DLL C:\WINDOWS\system32\LXPMONRC.DLL C:\WINDOWS\system32\LXPRMON.DLL C:\WINDOWS\system32\mdimon.dll C:\WINDOWS\system32\MSACM32.dll C:\WINDOWS\system32\MSASN1.dll C:\WINDOWS\system32\msi.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\System32\mswsock.dll C:\WINDOWS\system32\netapi32.dll C:\WINDOWS\system32\NETRAP.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\NTDSAPI.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\pjlmon.dll C:\WINDOWS\system32\rasadhlp.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\Secur32.dll C:\WINDOWS\system32\sfc_os.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\ShimEng.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxcgpp5c.dll C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll C:\WINDOWS\system32\SPOOLSS.DLL C:\WINDOWS\system32\tcpmon.dll C:\WINDOWS\system32\usbmon.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\system32\UxTheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\win32spl.dll C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\System32\winrnr.dll C:\WINDOWS\system32\winspool.drv C:\WINDOWS\system32\WINTRUST.dll C:\WINDOWS\system32\WLDAP32.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [C:\WINDOWS\System32\svchost.exe (150)] C:\WINDOWS\AppPatch\AcGenral.DLL c:\windows\pchealth\helpctr\binaries\pchsvc.dll C:\WINDOWS\System32\ACTIVEDS.dll C:\WINDOWS\System32\adsldpc.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\Apphelp.dll c:\windows\system32\ATL.DLL c:\windows\system32\audiosrv.dll c:\windows\system32\AUTHZ.dll c:\windows\system32\browser.dll C:\WINDOWS\System32\Cabinet.dll c:\windows\system32\certcli.dll C:\WINDOWS\System32\CLBCATQ.DLL C:\WINDOWS\System32\CLUSAPI.DLL C:\WINDOWS\system32\colbact.DLL C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\System32\COMRes.dll C:\WINDOWS\system32\comsvcs.dll c:\windows\system32\credui.dll c:\windows\system32\CRYPT32.dll C:\WINDOWS\System32\cryptdll.dll c:\windows\system32\cryptsvc.dll C:\WINDOWS\System32\CRYPTUI.dll c:\windows\system32\dhcpcsvc.dll c:\windows\system32\DNSAPI.dll c:\windows\system32\es.dll c:\windows\system32\ESENT.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\System32\h323.tsp c:\windows\system32\HID.DLL C:\WINDOWS\System32\hidphone.tsp c:\windows\system32\hidserv.dll C:\WINDOWS\System32\HNETCFG.DLL C:\WINDOWS\system32\iertutil.dll C:\WINDOWS\system32\IMAGEHLP.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\System32\ipconf.tsp c:\windows\system32\iphlpapi.dll c:\windows\system32\ipnathlp.dll C:\WINDOWS\system32\kerberos.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\System32\kmddsp.tsp C:\WINDOWS\system32\mlang.dll C:\WINDOWS\system32\modemui.dll C:\WINDOWS\System32\MPRAPI.dll C:\WINDOWS\System32\MSACM32.dll c:\windows\system32\MSASN1.dll c:\windows\system32\msi.dll C:\WINDOWS\System32\MSIDLE.DLL C:\WINDOWS\System32\mspatcha.dll C:\WINDOWS\system32\msv1_0.dll C:\WINDOWS\System32\MSVCP60.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\mswsock.dll C:\WINDOWS\system32\MTXCLU.DLL C:\WINDOWS\system32\NCObjAPI.DLL C:\WINDOWS\System32\ndptsp.tsp C:\WINDOWS\System32\NETAPI32.dll C:\WINDOWS\system32\netcfgx.dll c:\windows\system32\netman.dll c:\windows\system32\netshell.dll C:\WINDOWS\system32\Normaliz.dll C:\WINDOWS\system32\ntdll.dll c:\windows\system32\NTDSAPI.dll C:\WINDOWS\System32\ntlsapi.dll C:\WINDOWS\System32\NTMARTA.DLL C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll c:\windows\system32\POWRPROF.dll c:\windows\system32\PSAPI.DLL C:\WINDOWS\System32\rasadhlp.dll C:\WINDOWS\System32\RASAPI32.dll C:\WINDOWS\System32\raschap.dll C:\WINDOWS\System32\RASDLG.dll C:\WINDOWS\System32\rasman.dll C:\WINDOWS\System32\rasmans.dll C:\WINDOWS\System32\rasppp.dll C:\WINDOWS\System32\rastapi.dll C:\WINDOWS\System32\rastls.dll C:\WINDOWS\System32\RESUTILS.DLL C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\System32\rsaenh.dll c:\windows\system32\rtutils.dll C:\WINDOWS\System32\SAMLIB.dll C:\WINDOWS\System32\SCHANNEL.dll c:\windows\system32\schedsvc.dll c:\windows\system32\seclogon.dll c:\windows\system32\Secur32.dll c:\windows\system32\sens.dll C:\WINDOWS\System32\SETUPAPI.dll C:\WINDOWS\System32\sfc.dll C:\WINDOWS\System32\sfc_os.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\System32\ShimEng.dll C:\WINDOWS\system32\SHLWAPI.dll c:\windows\system32\shsvcs.dll c:\windows\system32\srsvc.dll c:\windows\system32\srvsvc.dll C:\WINDOWS\system32\SSDPAPI.dll C:\WINDOWS\System32\SXS.DLL C:\WINDOWS\System32\TAPI32.dll c:\windows\system32\tapisrv.dll c:\windows\system32\trkwks.dll C:\WINDOWS\System32\unimdm.tsp C:\WINDOWS\System32\unimdmat.dll C:\WINDOWS\System32\uniplat.dll C:\WINDOWS\system32\upnp.dll C:\WINDOWS\system32\urlmon.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\System32\UxTheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\VSSAPI.DLL c:\windows\system32\w32time.dll C:\WINDOWS\System32\Wbem\esscli.dll C:\WINDOWS\System32\Wbem\FastProx.dll C:\WINDOWS\system32\wbem\ncprov.dll C:\WINDOWS\system32\wbem\repdrvfs.dll C:\WINDOWS\system32\wbem\wbemcomn.dll C:\WINDOWS\System32\Wbem\wbemcore.dll C:\WINDOWS\system32\wbem\wbemess.dll C:\WINDOWS\system32\wbem\wbemsvc.dll C:\WINDOWS\system32\wbem\wmiprvsd.dll c:\windows\system32\wbem\wmisvc.dll C:\WINDOWS\system32\wbem\wmiutils.dll C:\WINDOWS\System32\WINHTTP.dll C:\WINDOWS\system32\WININET.dll C:\WINDOWS\System32\WINIPSEC.DLL C:\WINDOWS\System32\WINMM.dll C:\WINDOWS\System32\winrnr.dll C:\WINDOWS\System32\WinSCard.dll C:\WINDOWS\System32\WINSPOOL.DRV C:\WINDOWS\System32\WINSTA.dll C:\WINDOWS\System32\WINTRUST.dll c:\windows\system32\wkssvc.dll C:\WINDOWS\system32\WLDAP32.dll c:\windows\system32\WMI.dll c:\windows\system32\WS2_32.dll c:\windows\system32\WS2HELP.dll c:\windows\system32\wscsvc.dll C:\WINDOWS\System32\wshtcpip.dll C:\WINDOWS\system32\WSOCK32.dll c:\windows\system32\WTSAPI32.dll C:\WINDOWS\system32\wuaueng.dll c:\windows\system32\wuauserv.dll C:\WINDOWS\System32\WZCSAPI.DLL c:\windows\system32\wzcsvc.dll C:\WINDOWS\System32\xmlprovi.dll C:\WINDOWS\System32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [C:\WINDOWS\system32\svchost.exe (29)] C:\WINDOWS\AppPatch\AcGenral.DLL C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\CRYPT32.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\IMAGEHLP.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\MSACM32.dll C:\WINDOWS\system32\MSASN1.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\Secur32.dll c:\windows\system32\SETUPAPI.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\ShimEng.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\system32\UxTheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\system32\WINTRUST.dll c:\windows\system32\WUDFPlatform.dll c:\windows\system32\wudfsvc.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [C:\WINDOWS\system32\svchost.exe (43)] C:\Program Files\Lexmark 2300 Series\lxcgcnv4.dll C:\Program Files\Lexmark 2300 Series\lxcgdrs.dll C:\WINDOWS\AppPatch\AcGenral.DLL C:\WINDOWS\system32\actxprxy.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\ATL.DLL c:\windows\system32\CFGMGR32.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\CRYPT32.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\IMAGEHLP.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\lxcgcfg.dll C:\WINDOWS\system32\MSACM32.dll C:\WINDOWS\system32\MSASN1.dll c:\windows\system32\mscms.dll C:\WINDOWS\system32\MSVCP60.dll C:\WINDOWS\system32\msvcrt.dll c:\windows\system32\NETAPI32.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\setupapi.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\ShimEng.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\sti.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\system32\UxTheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\WIAFBDRV.DLL c:\windows\system32\wiaservc.dll C:\WINDOWS\system32\WINMM.dll c:\windows\system32\WINSPOOL.DRV c:\windows\system32\WINSTA.dll C:\WINDOWS\system32\WINTRUST.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [C:\WINDOWS\system32\svchost.exe (47)] C:\WINDOWS\AppPatch\AcGenral.DLL c:\windows\system32\ACTIVEDS.dll c:\windows\system32\adsldpc.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\Apphelp.dll c:\windows\system32\ATL.DLL c:\windows\system32\AUTHZ.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\COMRes.dll c:\windows\system32\CRYPT32.dll C:\WINDOWS\system32\GDI32.dll c:\windows\system32\ICAAPI.dll C:\WINDOWS\system32\IMAGEHLP.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\MSACM32.dll c:\windows\system32\MSASN1.dll c:\windows\system32\mstlsapi.dll C:\WINDOWS\system32\msvcrt.dll c:\windows\system32\NETAPI32.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\NTMARTA.DLL C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\REGAPI.dll C:\WINDOWS\system32\RPCRT4.dll c:\windows\system32\rpcss.dll C:\WINDOWS\system32\rsaenh.dll C:\WINDOWS\system32\SAMLIB.dll c:\windows\system32\Secur32.dll c:\windows\system32\SETUPAPI.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\ShimEng.dll C:\WINDOWS\system32\SHLWAPI.dll c:\windows\system32\termsrv.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\system32\UxTheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\WINMM.dll c:\windows\system32\WINTRUST.dll C:\WINDOWS\system32\WLDAP32.dll c:\windows\system32\WS2_32.dll c:\windows\system32\WS2HELP.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [C:\WINDOWS\system32\winlogon.exe (65)] C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\Apphelp.dll C:\WINDOWS\system32\AUTHZ.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\COMCTL32.dll C:\WINDOWS\system32\comdlg32.dll C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\CRYPT32.dll C:\WINDOWS\system32\cryptdll.dll C:\WINDOWS\system32\cscdll.dll C:\WINDOWS\system32\cscui.dll C:\WINDOWS\system32\GDI32.dll C:\WINDOWS\system32\IMAGEHLP.dll C:\WINDOWS\system32\IMM32.DLL C:\WINDOWS\system32\iphlpapi.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\midimap.dll C:\WINDOWS\system32\MPR.dll C:\WINDOWS\system32\MSACM32.dll C:\WINDOWS\system32\msacm32.drv C:\WINDOWS\system32\MSASN1.dll C:\WINDOWS\system32\msctfime.ime C:\WINDOWS\system32\MSGINA.dll C:\WINDOWS\system32\msv1_0.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\NDdeApi.dll C:\WINDOWS\system32\NETAPI32.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\NTMARTA.DLL C:\WINDOWS\system32\ODBC32.dll C:\WINDOWS\system32\odbcint.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\OLEAUT32.dll C:\WINDOWS\system32\PROFMAP.dll C:\WINDOWS\system32\PSAPI.DLL C:\WINDOWS\system32\REGAPI.dll C:\WINDOWS\system32\RPCRT4.dll C:\WINDOWS\system32\rsaenh.dll C:\WINDOWS\system32\SAMLIB.dll C:\WINDOWS\system32\Secur32.dll C:\WINDOWS\system32\SETUPAPI.dll C:\WINDOWS\system32\sfc.dll C:\WINDOWS\system32\sfc_os.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll C:\WINDOWS\system32\SHSVCS.dll C:\WINDOWS\system32\sxs.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\USERENV.dll C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\VERSION.dll C:\WINDOWS\system32\wdmaud.drv C:\WINDOWS\system32\WgaLogon.dll C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\system32\WINSCARD.DLL C:\WINDOWS\system32\WINSPOOL.DRV C:\WINDOWS\system32\WINSTA.dll C:\WINDOWS\system32\WINTRUST.dll C:\WINDOWS\system32\WLDAP32.dll C:\WINDOWS\system32\WlNotify.dll C:\WINDOWS\system32\WS2_32.dll C:\WINDOWS\system32\WS2HELP.dll C:\WINDOWS\system32\WTSAPI32.dll C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll -------------------- Autostart folders: [Startup (1)] desktop.ini [User Startup (1)] desktop.ini [Common Startup (2)] AutorunsDisabled desktop.ini [User Common Startup (2)] AutorunsDisabled desktop.ini -------------------- Task Scheduler jobs (3): Adobe Flash Player Updater.job GoogleUpdateTaskMachineCore.job GoogleUpdateTaskMachineUA.job -------------------- IniMapping values: System NT shell = Explorer.exe -------------------- Autorun.inf files: [D:\] SHELLEXECUTE=Info.exe folder.htt 480 480 -------------------- Autostarting batch files: [autoexec.nt] @echo off lh %SystemRoot%\system32\mscdexnt.exe lh %SystemRoot%\system32\redir lh %SystemRoot%\system32\dosx SET BLASTER=A220 I5 D1 P330 T3 [config.nt] dos=high, umb device=%SystemRoot%\system32\himem.sys files=40 -------------------- On-reboot actions: BootExecute = autocheck autochk * -------------------- Shell commands: .bat - MS-DOS Batch File - "%1" %* .cmd - Windows NT Command Script - "%1" %* .com - MS-DOS Application - "%1" %* .exe - Application - "%1" %* .hta - HTML Application - C:\WINDOWS\system32\mshta.exe "%1" %* .js - JScript Script File - C:\WINDOWS\System32\WScript.exe "%1" %* .jse - JScript Encoded Script File - C:\WINDOWS\System32\WScript.exe "%1" %* .pif - Shortcut to MS-DOS Program - "%1" %* .scr - Screen Saver - "%1" /S .txt - Text Document - C:\WINDOWS\system32\NOTEPAD.EXE %1 .vbe - VBScript Encoded Script File - C:\WINDOWS\System32\WScript.exe "%1" %* .vbs - VBScript Script File - C:\WINDOWS\System32\WScript.exe "%1" %* .wsf - Windows Script File - C:\WINDOWS\System32\WScript.exe "%1" %* .wsh - Windows Script Host Settings File - C:\WINDOWS\System32\WScript.exe "%1" %* -------------------- Services: [NT Services (42)] AOL Connectivity Service = "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" AOL TopSpeed Monitor = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe Automatic Updates = C:\WINDOWS\system32\svchost.exe -k netsvcs AVG WatchDog = "C:\Program Files\AVG\AVG2013\avgwdsvc.exe" AVGIDSAgent = "C:\Program Files\AVG\AVG2013\avgidsagent.exe" Computer Browser = C:\WINDOWS\system32\svchost.exe -k netsvcs Cryptographic Services = C:\WINDOWS\system32\svchost.exe -k netsvcs DCOM Server Process Launcher = C:\WINDOWS\system32\svchost -k DcomLaunch DHCP Client = C:\WINDOWS\system32\svchost.exe -k netsvcs Distributed Link Tracking Client = C:\WINDOWS\system32\svchost.exe -k netsvcs DNS Client = C:\WINDOWS\system32\svchost.exe -k NetworkService Event Log = C:\WINDOWS\system32\services.exe Google Update Service (gupdate) = "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc Help and Support = C:\WINDOWS\System32\svchost.exe -k netsvcs HID Input Service = C:\WINDOWS\System32\svchost.exe -k netsvcs IPSEC Services = C:\WINDOWS\system32\lsass.exe Java Quick Starter = "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" MSCamSvc = "C:\Program Files\Microsoft LifeCam\MSCamS32.exe" Plug and Play = C:\WINDOWS\system32\services.exe Print Spooler = C:\WINDOWS\system32\spoolsv.exe Protected Storage = C:\WINDOWS\system32\lsass.exe Remote Procedure Call (RPC) = C:\WINDOWS\system32\svchost -k rpcss Secondary Logon = C:\WINDOWS\System32\svchost.exe -k netsvcs Security Accounts Manager = C:\WINDOWS\system32\lsass.exe Security Center = C:\WINDOWS\System32\svchost.exe -k netsvcs Server = C:\WINDOWS\system32\svchost.exe -k netsvcs Shell Hardware Detection = C:\WINDOWS\System32\svchost.exe -k netsvcs System Event Notification = C:\WINDOWS\system32\svchost.exe -k netsvcs System Restore Service = C:\WINDOWS\system32\svchost.exe -k netsvcs Task Scheduler = C:\WINDOWS\System32\svchost.exe -k netsvcs TCP/IP NetBIOS Helper = C:\WINDOWS\system32\svchost.exe -k LocalService Themes = C:\WINDOWS\System32\svchost.exe -k netsvcs Upload Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs WebClient = C:\WINDOWS\system32\svchost.exe -k LocalService Windows Audio = C:\WINDOWS\System32\svchost.exe -k netsvcs Windows Driver Foundation - User-mode Driver Framework = C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup Windows Firewall/Internet Connection Sharing (ICS) = C:\WINDOWS\system32\svchost.exe -k netsvcs Windows Image Acquisition (WIA) = C:\WINDOWS\system32\svchost.exe -k imgsvc Windows Management Instrumentation = C:\WINDOWS\system32\svchost.exe -k netsvcs Windows Time = C:\WINDOWS\System32\svchost.exe -k netsvcs Wireless Zero Configuration = C:\WINDOWS\System32\svchost.exe -k netsvcs Workstation = C:\WINDOWS\system32\svchost.exe -k netsvcs [SafeBoot services (Minimal boot)] * CD-ROM Drive * {4D36E965-E325-11CE-BFC1-08002BE10318} * DiskDrive * {4D36E967-E325-11CE-BFC1-08002BE10318} * Driver * AVG Anti-Spyware Driver dmboot.sys dmio.sys dmload.sys sermouse.sys vga.sys vgasave.sys * Driver Group * Base Boot Bus Extender Boot file system File system Filter PCI Configuration PNP Filter Primary disk SCSI Class System Bus Extender * Floppy disk drive * {4D36E980-E325-11CE-BFC1-08002BE10318} * FSFilter System Recovery * sr.sys * Hdc * {4D36E96A-E325-11CE-BFC1-08002BE10318} * Human Interface Devices * {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} * Keyboard * {4D36E96B-E325-11CE-BFC1-08002BE10318} * Mouse * {4D36E96F-E325-11CE-BFC1-08002BE10318} * PCMCIA Adapters * {4D36E977-E325-11CE-BFC1-08002BE10318} * SCSIAdapter * {4D36E97B-E325-11CE-BFC1-08002BE10318} * Service * AppMgmt AVG Anti-Spyware Guard CryptSvc DcomLaunch dmadmin dmserver EventLog HelpSvc Netlogon PlugPlay RpcSs SRService vds WinMgmt * Standard floppy disk controller * {4D36E969-E325-11CE-BFC1-08002BE10318} * System * {4D36E97D-E325-11CE-BFC1-08002BE10318} * Universal Serial Bus controllers * {36FC9E60-C465-11CF-8056-444553540000} * Volume * {71A27CDD-812A-11D0-BEC7-08002BE2092F} * Volume shadow copy * {533C5B84-EC70-11D2-9505-00C04F79DEAF} [SafeBoot services (Minimal boot + network support)] * CD-ROM Drive * {4D36E965-E325-11CE-BFC1-08002BE10318} * DiskDrive * {4D36E967-E325-11CE-BFC1-08002BE10318} * Driver * AVG Anti-Spyware Driver dmboot.sys dmio.sys dmload.sys ip6fw.sys ipnat.sys rdpcdd.sys rdpdd.sys rdpwd.sys sermouse.sys tdpipe.sys tdtcp.sys vga.sys vgasave.sys * Driver Group * Base Boot Bus Extender Boot file system File system Filter NDIS NDIS Wrapper NetBIOSGroup NetDDEGroup Network NetworkProvider PCI Configuration PNP Filter PNP_TDI Primary disk SCSI Class Streams Drivers System Bus Extender TDI * Floppy disk drive * {4D36E980-E325-11CE-BFC1-08002BE10318} * FSFilter System Recovery * sr.sys * Hdc * {4D36E96A-E325-11CE-BFC1-08002BE10318} * Human Interface Devices * {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} * Keyboard * {4D36E96B-E325-11CE-BFC1-08002BE10318} * Mouse * {4D36E96F-E325-11CE-BFC1-08002BE10318} * Net * {4D36E972-E325-11CE-BFC1-08002BE10318} * NetClient * {4D36E973-E325-11CE-BFC1-08002BE10318} * NetService * {4D36E974-E325-11CE-BFC1-08002BE10318} * NetTrans * {4D36E975-E325-11CE-BFC1-08002BE10318} * PCMCIA Adapters * {4D36E977-E325-11CE-BFC1-08002BE10318} * SCSIAdapter * {4D36E97B-E325-11CE-BFC1-08002BE10318} * Service * AFD AppMgmt AVG Anti-Spyware Guard Browser CryptSvc DcomLaunch Dhcp dmadmin dmserver DnsCache EventLog HelpSvc LanmanServer LanmanWorkstation LmHosts Messenger Ndisuio NetBIOS NetBT Netlogon NetMan NtLmSsp PlugPlay rdsessmgr RpcSs SharedAccess SRService Tcpip termservice vsmon WinMgmt WZCSVC * Standard floppy disk controller * {4D36E969-E325-11CE-BFC1-08002BE10318} * System * {4D36E97D-E325-11CE-BFC1-08002BE10318} * Universal Serial Bus controllers * {36FC9E60-C465-11CF-8056-444553540000} * Volume * {71A27CDD-812A-11D0-BEC7-08002BE2092F} [SafeBoot: Alternate shell] cmd.exe (not enabled) -------------------- Driver filters: [Class filters] * Disk drives * - Upper filters PartMgr.sys * DVD/CD-ROM drives * - Upper filters Cdralw2k.sys GEARAspiWDM.sys - Lower filters Cdr4_xp.sys * Infrared devices * - Upper filters IRENUM.sys * Keyboards * - Upper filters kbdclass.sys * Medium Changers * - Upper filters GEARAspiWDM.sys * Mice and other pointing devices * - Upper filters mouclass.sys * Storage volumes * - Upper filters VolSnap.sys * Tape drives * - Upper filters GEARAspiWDM.sys [Device filters] * CD-ROM Drive * - Upper filters redbook.sys - Lower filters imapi.sys * Communications Port * - Upper filters serenum.sys * Direct Parallel * - Lower filters PtiLink.sys * Microsoft LifeCam VX-5000 * - Lower filters MSHUSBVideo.sys * Microsoft LifeCam VX-5000 * - Lower filters MSHUSBVideo.sys * SoftV92 Data Fax Modem with SmartCP * - Lower filters HSFHWBS2.sys HSF_DP.sys winachsf.sys * Terminal Server Keyboard Driver * - Upper filters kbdclass.sys * Terminal Server Mouse Driver * - Upper filters mouclass.sys * USB Mass Storage Device * - Lower filters Sunkfilt.sys * WAN Miniport (IP) * - Lower filters NdisTapi.sys * WAN Miniport (PPPOE) * - Lower filters NdisTapi.sys * WAN Miniport (PPTP) * - Lower filters NdisTapi.sys -------------------- Print monitors (9): 2300 Series Port - lxcglmpm.DLL BJ Language Monitor - cnbjmon.dll Lexmark Print-2-Fax Port - LXPRMON.DLL Local Port - localspl.dll Microsoft Document Imaging Writer Monitor - mdimon.dll Microsoft Shared Fax Monitor - FXSMON.DLL PJL Language Monitor - pjlmon.dll Standard TCP/IP Port - tcpmon.dll USB Monitor - usbmon.dll -------------------- WinLogon autoruns: UserInit = C:\WINDOWS\system32\userinit.exe, VmApplet = rundll32 shell32,Control_RunDLL "sysdm.cpl" [Notify (11)] crypt32chain = crypt32.dll cryptnet = cryptnet.dll cscdll = cscdll.dll igfxcui = igfxdev.dll ScCertProp = wlnotify.dll Schedule = wlnotify.dll sclgntfy = sclgntfy.dll SensLogn = WlNotify.dll termsrv = wlnotify.dll WgaLogon = WgaLogon.dll wlballoon = wlnotify.dll [Group policy extensions (9)] Microsoft Disk Quota = dskquota.dll Internet Explorer Zonemapping = C:\WINDOWS\system32\iedkcs32.dll Internet Explorer User Accelerators = C:\WINDOWS\system32\iedkcs32.dll Security = scecli.dll Internet Explorer Branding = C:\WINDOWS\system32\iedkcs32.dll EFS recovery = scecli.dll Microsoft Offline Files = %SystemRoot%\System32\cscui.dll Software Installation = appmgmts.dll Internet Explorer Machine Accelerators = C:\WINDOWS\system32\iedkcs32.dll -------------------- Policies: [This user] * Primary policies * - (2) OS Shutdown = dword: 0 Resume = dword: 0 * Alternate policies * - Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) NoDriveTypeAutoRun = dword: 145 - (2) OS Shutdown = dword: 0 Resume = dword: 0 [All users] * Primary policies * - Software\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultExecMenuItems (80) tWhiteList = Close GeneralInfo Quit FirstPage PrevPage NextPage LastPage ActualSize FitPage FitWidth FitHeight SinglePage OneColumn TwoPages TwoColumns ZoomViewIn ZoomViewOut ShowHideBookmarks ShowHideThumbnails Print GoToPage ZoomTo GeneralPrefs SaveAs FullScreen OpenOrganizer Scan Web2PDF:OpnURL AcroSendMail:SendMail Spelling:Check Spelling PageSetup Find FindSearch GoBack GoForward FitVisible ShowHideToolbarEditing ShowHideToolbarCommenting ShowHideToolbarEdit ShowHideToolbarFile ShowHideToolbarFind ShowHideToolbarForms ShowHideToolbarMeasuring ShowHideToolbarData ShowHideToolbarPageDisplay ShowHideToolbarNavigation ShowHideToolbarPrintProduction ShowHideToolbarRedaction ShowHideToolbarBasicTools ShowHideToolbarTasks ShowHideToolbarTypewriter PropertyToolbar ShowHideArticles ShowHideFileAttachment ShowHideAnnotManager ShowHideFields ShowHideOptCont ShowHideModelTree ShowHideSignatures InsertPages ExtractPages ReplacePages DeletePages CropPages RotatePages AddFileAttachment FindCurrentBookmark BookmarkShowLocation GoBackDoc GoForward DocHelpUserGuide HelpReader rolReadPage HandMenuItem ZoomDragMenuItem Annots:Tool:InkMenuItem CollectionHome CollectionDetails CollectionPreview CollectionShowRoot - Software\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultLaunchAttachmentPerms (105) tBuiltInPermList = version:1 .ade:3 .adp:3 .app:3 .arc:3 .arj:3 .asp:3 .bas:3 .bat:3 .bz:3 .bz2:3 .cab:3 .chm:3 .class:3 .cmd:3 .com:3 .command:3 .cpl:3 .crt:3 .csh:3 .desktop:3 .dll:3 .exe:3 .fxp:3 .gz:3 .hex:3 .hlp:3 .hqx:3 .hta:3 .inf:3 .ini:3 .ins:3 .isp:3 .its:3 .job:3 .js:3 .jse:3 .ksh:3 .lnk:3 .lzh:3 .mad:3 .maf:3 .mag:3 .mam:3 .maq:3 .mar:3 .mas:3 .mat:3 .mau:3 .mav:3 .maw:3 .mda:3 .mdb:3 .mde:3 .mdt:3 .mdw:3 .mdz:3 .msc:3 .msi:3 .msp:3 .mst:3 .ocx:3 .ops:3 .pcd:3 .pi:3 .pif:3 .prf:3 .prg:3 .pst:3 .rar:3 .reg:3 .scf:3 .scr:3 .sct:3 .sea:3 .shb:3 .shs:3 .sit:3 .tar:3 .taz:3 .tgz:3 .tmp:3 .url:3 .vb:3 .vbe:3 .vbs:3 .vsmacros:3 .vss:3 .vst:3 .vsw:3 .webloc:3 .ws:3 .wsc:3 .wsf:3 .wsh:3 .z:3 .zip:3 .zlo:3 .zoo:3 .pdf:2 .fdf:2 .jar:3 .pkg:3 .tool:3 .term:3 - Software\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultLaunchURLPerms (32) tSchemePerms = version:2 shell:3 hcp:3 ms-help:3 ms-its:3 ms-itss:3 its:3 mk:3 mhtml:3 help:3 disk:3 afp:3 disks:3 telnet:3 ssh:3 acrobat:2 mailto:2 file:1 rlogin:3 javascript:4 data:3 tSponsoredContentSchemeWhiteList = http https tFlashContentSchemeWhiteList = http https ftp rtmp rtmpe rtmpt rtmpte rtmps mailto - Software\Policies\Microsoft\Windows\DriverSearching (2) DontSearchWindowsUpdate = dword: 0 DontPromptForWindowsUpdate = dword: 1 - Software\Policies\Microsoft\Windows\Installer (1) EnableAdminTSRemote = dword: 1 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000} (7) ClassName = ipsecFilter description = Matches all ICMP packets between this computer and any other computer. name = ipsecFilter{72385235-70fa-11d1-864c-14a300000000} ipsecName = All ICMP Traffic ipsecID = {72385235-70fa-11d1-864c-14a300000000} ipsecDataType = dword: 256 whenChanged = dword: 1093517925 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000} (7) ClassName = ipsecFilter description = Matches all IP packets from this computer to any other computer, except broadcast, multicast, Kerberos, RSVP and ISAKMP (IKE). name = ipsecFilter{7238523a-70fa-11d1-864c-14a300000000} ipsecName = All IP Traffic ipsecID = {7238523a-70fa-11d1-864c-14a300000000} ipsecDataType = dword: 256 whenChanged = dword: 1093517925 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000} (5) ClassName = ipsecISAKMPPolicy name = ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000} ipsecID = {72385231-70fa-11d1-864c-14a300000000} ipsecDataType = dword: 256 whenChanged = dword: 1093517925 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000} (5) ClassName = ipsecISAKMPPolicy name = ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000} ipsecID = {72385234-70fa-11d1-864c-14a300000000} ipsecDataType = dword: 256 whenChanged = dword: 1093517925 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000} (5) ClassName = ipsecISAKMPPolicy name = ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000} ipsecID = {72385237-70fa-11d1-864c-14a300000000} ipsecDataType = dword: 256 whenChanged = dword: 1093517925 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000} (5) ClassName = ipsecISAKMPPolicy name = ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000} ipsecID = {7238523d-70fa-11d1-864c-14a300000000} ipsecDataType = dword: 256 whenChanged = dword: 1093517925 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000} (9) ClassName = ipsecNegotiationPolicy description = Accepts unsecured communication, but requests clients to establish trust and security methods. Will communicate insecurely to untrusted clients if they do not respond to request. name = ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000} ipsecName = Request Security (Optional) ipsecID = {72385233-70fa-11d1-864c-14a300000000} ipsecNegotiationPolicyAction = {3f91a81a-7647-11d1-864d-d46a00000000} ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000} ipsecDataType = dword: 256 whenChanged = dword: 1093517925 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000} (9) ClassName = ipsecNegotiationPolicy description = Permit unsecured IP packets to pass through. name = ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000} ipsecName = Permit ipsecID = {7238523b-70fa-11d1-864c-14a300000000} ipsecNegotiationPolicyAction = {8a171dd2-77e3-11d1-8659-a04f00000000} ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000} ipsecDataType = dword: 256 whenChanged = dword: 1093517925 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000} (9) ClassName = ipsecNegotiationPolicy description = Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients. name = ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000} ipsecName = Require Security ipsecID = {7238523f-70fa-11d1-864c-14a300000000} ipsecNegotiationPolicyAction = {3f91a81a-7647-11d1-864d-d46a00000000} ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000} ipsecDataType = dword: 256 whenChanged = dword: 1093517925 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{8fd07049-2215-4026-8486-f93f086de5da} (7) ClassName = ipsecNegotiationPolicy name = ipsecNegotiationPolicy{8fd07049-2215-4026-8486-f93f086de5da} ipsecID = {8fd07049-2215-4026-8486-f93f086de5da} ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000} ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000} ipsecDataType = dword: 256 whenChanged = dword: 1093517925 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{afbe5a20-a873-4a6f-b17d-57a393617b22} (7) ClassName = ipsecNegotiationPolicy name = ipsecNegotiationPolicy{afbe5a20-a873-4a6f-b17d-57a393617b22} ipsecID = {afbe5a20-a873-4a6f-b17d-57a393617b22} ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000} ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000} ipsecDataType = dword: 256 whenChanged = dword: 1093517925 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{ca21ff1a-e326-49f3-97f4-7a616fc2c90c} (7) ClassName = ipsecNegotiationPolicy name = ipsecNegotiationPolicy{ca21ff1a-e326-49f3-97f4-7a616fc2c90c} ipsecID = {ca21ff1a-e326-49f3-97f4-7a616fc2c90c} ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000} ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000} ipsecDataType = dword: 256 whenChanged = dword: 1093517925 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{0d959817-f755-4baf-9206-2a80915b0aaf} (8) ClassName = ipsecNFA name = ipsecNFA{0d959817-f755-4baf-9206-2a80915b0aaf} ipsecName = Request Security (Optional) Rule description = For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request. ipsecID = {0d959817-f755-4baf-9206-2a80915b0aaf} ipsecDataType = dword: 256 ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000} whenChanged = dword: 1093517925 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{10ced564-dec4-4ddd-91e5-e8049ddb828c} (6) ClassName = ipsecNFA name = ipsecNFA{10ced564-dec4-4ddd-91e5-e8049ddb828c} ipsecID = {10ced564-dec4-4ddd-91e5-e8049ddb828c} ipsecDataType = dword: 256 ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{afbe5a20-a873-4a6f-b17d-57a393617b22} whenChanged = dword: 1093517925 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{158a39a8-80cc-40ae-8cda-526692196e0e} (8) ClassName = ipsecNFA name = ipsecNFA{158a39a8-80cc-40ae-8cda-526692196e0e} ipsecName = Permit unsecure ICMP packets to pass through. description = Permit unsecure ICMP packets to pass through. ipsecID = {158a39a8-80cc-40ae-8cda-526692196e0e} ipsecDataType = dword: 256 ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000} whenChanged = dword: 1093517925 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{1a509c4a-deb9-4a23-af1a-29955301f646} (8) ClassName = ipsecNFA name = ipsecNFA{1a509c4a-deb9-4a23-af1a-29955301f646} ipsecName = Require Security description = Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients. ipsecID = {1a509c4a-deb9-4a23-af1a-29955301f646} ipsecDataType = dword: 256 ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000} whenChanged = dword: 1093517925 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{40622dfb-c583-4448-b0f1-bbec373aa528} (6) ClassName = ipsecNFA name = ipsecNFA{40622dfb-c583-4448-b0f1-bbec373aa528} ipsecID = {40622dfb-c583-4448-b0f1-bbec373aa528} ipsecDataType = dword: 256 ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{ca21ff1a-e326-49f3-97f4-7a616fc2c90c} whenChanged = dword: 1093517925 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{837618f4-8913-41d2-a6cd-148dbacd9c79} (6) ClassName = ipsecNFA name = ipsecNFA{837618f4-8913-41d2-a6cd-148dbacd9c79} ipsecID = {837618f4-8913-41d2-a6cd-148dbacd9c79} ipsecDataType = dword: 256 ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{8fd07049-2215-4026-8486-f93f086de5da} whenChanged = dword: 1093517925 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{998430b4-77b3-413b-a6d4-c37d02bb7b34} (8) ClassName = ipsecNFA name = ipsecNFA{998430b4-77b3-413b-a6d4-c37d02bb7b34} ipsecName = Permit unsecure ICMP packets to pass through. description = Permit unsecure ICMP packets to pass through. ipsecID = {998430b4-77b3-413b-a6d4-c37d02bb7b34} ipsecDataType = dword: 256 ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000} whenChanged = dword: 1093517925 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000} (8) ClassName = ipsecPolicy description = For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request. name = ipsecPolicy{72385230-70fa-11d1-864c-14a300000000} ipsecName = Server (Request Security) ipsecID = {72385230-70fa-11d1-864c-14a300000000} ipsecDataType = dword: 256 ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000} whenChanged = dword: 1093517925 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000} (8) ClassName = ipsecPolicy description = Communicate normally (unsecured). Use the default response rule to negotiate with servers that request security. Only the requested protocol and port traffic with that server is secured. name = ipsecPolicy{72385236-70fa-11d1-864c-14a300000000} ipsecName = Client (Respond Only) ipsecID = {72385236-70fa-11d1-864c-14a300000000} ipsecDataType = dword: 256 ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000} whenChanged = dword: 1093517925 - Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000} (8) ClassName = ipsecPolicy description = For all IP traffic, always require security using Kerberos trust. Do NOT allow unsecured communication with untrusted clients. name = ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000} ipsecName = Secure Server (Require Security) ipsecID = {7238523c-70fa-11d1-864c-14a300000000} ipsecDataType = dword: 256 ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000} whenChanged = dword: 1093517925 - Software\Policies\Microsoft\Windows\RTC\PortRange (1) Enabled = dword: 0 - Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers (4) TransparentEnabled = dword: 1 DefaultLevel = dword: 262144 AuthenticodeEnabled = dword: 0 PolicyScope = dword: 0 - Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} (4) Description = Stop the download of this file FriendlyName = Mdac11.cab SaferFlags = dword: 0 HashAlg = dword: 32771 - Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} (4) Description = Stop the download of this file FriendlyName = mdac20.cab SaferFlags = dword: 0 HashAlg = dword: 32771 - Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} (4) Description = Stop the download of this file FriendlyName = mdac20_a.cab SaferFlags = dword: 0 HashAlg = dword: 32771 - Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} (4) Description = Stop the download of this file FriendlyName = _msadc10.cab SaferFlags = dword: 0 HashAlg = dword: 32771 - Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} (4) Description = Stop the download of this file FriendlyName = msadc11.cab SaferFlags = dword: 0 HashAlg = dword: 32771 - Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} (2) Description = SaferFlags = dword: 0 * Alternate policies * - Software\Microsoft\Windows\CurrentVersion\policies\explorer (1) HonorAutoRunSetting = dword: 1 - Software\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID (1) {17492023-C23A-453E-A040-C7C580BBF700} = 1 - Software\Microsoft\Windows\CurrentVersion\policies\NonEnum (3) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = dword: 1 {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = dword: 1073741857 {0DF44EAA-FF21-4412-828E-260A8728E7F1} = dword: 32 - Software\Microsoft\Windows\CurrentVersion\policies\system (5) dontdisplaylastusername = dword: 0 legalnoticecaption = legalnoticetext = shutdownwithoutlogon = dword: 1 undockwithoutlogon = dword: 1 -------------------- Browser Helper Objects (5): (no name) = {5C255C8A-E604-49b4-9D64-90988571CECB} = AcroIEHelperStub = {18DF081C-E8AD-4283-A596-FA578C2EBDC3} = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll Java(tm) Plug-In 2 SSV Helper = {DBC80044-A445-435b-BC74-9C25C1C588A9} = C:\Program Files\Java\jre7\bin\jp2ssv.dll Java(tm) Plug-In SSV Helper = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} = C:\Program Files\Java\jre7\bin\ssv.dll Windows Live Sign-in Helper = {9030D464-4C02-4ABF-8ECC-5164760863C6} = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll -------------------- ActiveX objects (16): BASEIE40_W2K - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings BRANDING.CAB - {64A10DCF-7FF1-4600-9824-DE0BCC2AA72E} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP DOTNETFRAMEWORKS - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install Fax - {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser IE4Shell_NT - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll IEACCESS - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig IEUDINIT - {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe MailNews - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install Messenger - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub NetMeeting - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT OEACCESS - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE ResetTour - {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 Theme Component - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll WAB - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install WMPACCESS - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP -------------------- Internet Explorer toolbars: [This user] * ShellBrowser (1) * &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll * WebBrowser (2) * &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll -------------------- Internet Explorer buttons/tools (5): Sun Java Console - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - C:\Program Files\Java\jre7\bin\jp2iexp.dll Research - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL Real.com - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe -------------------- Internet Explorer menu extensions: [This user (1)] E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 -------------------- Internet Explorer Bands (9): IE Search Band - {30D02401-6A81-11d0-8274-00C04FD5AE38} - C:\WINDOWS\system32\ieframe.dll &Tip of the Day - {4D5C8C25-D075-11d0-B416-00C04FB90376} - C:\WINDOWS\system32\shdocvw.dll &Discuss - {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} - shdocvw.dll File Search Explorer Band - {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - C:\WINDOWS\system32\SHELL32.dll Favorites Band - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll History Band - {EFA24E62-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll Explorer Band - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll Real.com - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll &Research - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -------------------- Downloaded Program Files (10): Shockwave ActiveX Control - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\WINDOWS\system32\macromed\Director\SwDir.dll - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab Windows Genuine Advantage Validation Tool - {17492023-C23A-453E-A040-C7C580BBF700} - C:\WINDOWS\system32\legitcheckcontrol.dll - http://go.microsoft.com/fwlink/?linkid=39204 YInstStarter Class - {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll - C:\Program Files\Yahoo!\Common\yinsthelper.dll Office Update Installation Engine - {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - C:\WINDOWS\opuc.dll - http://office.microsoft.com/officeupdate/content/opuc3.cab WUWebControl Class - {6414512B-B978-451D-A0D8-FCFDF33E833C} - C:\WINDOWS\system32\wuweb.dll - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229556528546 Java Runtime Environment 1.6.0 - {8AD9C840-044E-11D1-B3E9-00805F499D93} - C:\Program Files\Java\jre7\bin\jp2iexp.dll - http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab Java Runtime Environment 1.6.0 - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - C:\Program Files\Java\jre7\bin\jp2iexp.dll - http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab Java Runtime Environment 1.7.0 - {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - C:\Program Files\Java\jre7\bin\jp2iexp.dll - http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab Java Runtime Environment 1.6.0 - {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - C:\Program Files\Java\jre7\bin\jp2iexp.dll - http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab Shockwave Flash Object - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash32_11_5_502_135.ocx - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab -------------------- Explorer clones: C:\WINDOWS\explorer.exe -------------------- Image File Execution Options (1): Your Image File Name Here without a path = ntsd -d -------------------- ContextMenuHandlers: [* (5)] AVG Shell Extension = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\AVG\AVG2013\avgse.dll Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll Open With = {09799AFB-AD67-11d1-ABCD-00C04FC30936} = C:\WINDOWS\system32\SHELL32.dll Open With EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = C:\WINDOWS\system32\SHELL32.dll Start Menu Pin = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = C:\WINDOWS\system32\SHELL32.dll [Drive (5)] Disk Copy Extension = {59099400-57FF-11CE-BD94-0020AF85B590} = diskcopy.dll Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll Portable Devices Menu = {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} = C:\WINDOWS\system32\wpdshext.dll Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll ShellFolder for CD Burning = {fbeb8a05-beee-4442-804e-409d6c4515e9} = C:\WINDOWS\system32\SHELL32.dll [Folder (2)] AVG Shell Extension = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\AVG\AVG2013\avgse.dll MBAMShlExt = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [CompressedFolder (1)] Compressed (zipped) Folder Context Menu = {b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} = C:\WINDOWS\system32\zipfldr.dll [Directory (3)] EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = C:\WINDOWS\system32\SHELL32.dll Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll [Directory\Background (2)] igfxcui = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\system32\igfxpph.dll New = {D969A300-E7FF-11d0-A93B-00A0C90F2719} = C:\WINDOWS\system32\SHELL32.dll [InternetShortcut (1)] Internet Shortcut = {FBF23B40-E3F0-101B-8488-00AA003E56F8} = C:\WINDOWS\system32\ieframe.dll [AllFileSystemObjects (2)] MBAMShlExt = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll Send To = {7BA4C740-9E81-11CF-99D3-00AA004AE837} = C:\WINDOWS\system32\SHELL32.dll -------------------- ColumnHandlers (5): (no name) - {0D2E74C4-3C34-11d2-A27E-00C04FC30871} - C:\WINDOWS\system32\SHELL32.dll (no name) - {24F14F01-7B1C-11d1-838f-0000F80461CF} - C:\WINDOWS\system32\SHELL32.dll (no name) - {24F14F02-7B1C-11d1-838f-0000F80461CF} - C:\WINDOWS\system32\SHELL32.dll (no name) - {66742402-F9B9-11D1-A202-0000F81FEDEE} - C:\WINDOWS\system32\SHELL32.dll PDF Shell Extension - {F9DB5320-233E-11D1-9F84-707F02C10627} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -------------------- ShellExecuteHooks (1): URL Exec Hook = {AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll -------------------- Approved Shell Extensions: [All users (211)] %DESC_PublishDropTarget% - {60fd46de-f830-4894-a628-6fa81bc0190d} - C:\WINDOWS\system32\photowiz.dll &Address - {01E04581-4EEE-11d0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll &Links - {F2CF5485-4E02-4f68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll .CAB file viewer - {0CD7A5C0-9F37-11CE-AE65-08002B2E1262} - cabview.dll Accessible - {7e653215-fa25-46bd-a339-34a2790f3cb7} - C:\WINDOWS\system32\browseui.dll ActiveX Cache Folder - {88C6C381-2E85-11D0-94DE-444553540000} - C:\WINDOWS\system32\occache.dll Address EditBox - {A08C11D2-A228-11d0-825B-00AA005B4383} - C:\WINDOWS\system32\browseui.dll Administrative Tools - {D20EA4E1-3957-11d2-A40B-0C5020524153} - C:\WINDOWS\system32\shdocvw.dll Audio Media Properties Handler - {875CB1A1-0F29-45de-A1AE-CFB4950D0B78} - C:\WINDOWS\system32\shmedia.dll Augmented Shell Folder - {91EA3F8B-C99B-11d0-9815-00C04FD91972} - C:\WINDOWS\system32\browseui.dll Augmented Shell Folder 2 - {6413BA2C-B461-11d1-A18A-080036B11A03} - C:\WINDOWS\system32\browseui.dll Auto Update Property Sheet Extension - {5F327514-6C5E-4d60-8F16-D07FA08A78ED} - C:\WINDOWS\system32\wuaucpl.cpl Autoplay for SlideShow - {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - AVG Find Extension - {9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - C:\Program Files\AVG\AVG2013\avgse.dll Avi Properties Handler - {87D62D94-71B3-4b9a-9489-5FE6850DC73E} - C:\WINDOWS\system32\shmedia.dll BandProxy - {F61FFEC1-754F-11d0-80CA-00AA005B4383} - C:\WINDOWS\system32\browseui.dll Briefcase - {85BBD920-42A0-1069-A2E4-08002B30309D} - syncui.dll CDF Extension Copy Hook - {67EA19A0-CCEF-11d0-8024-00C04FD75D13} - C:\WINDOWS\system32\shdocvw.dll Code Download Agent - {7D559C10-9FE9-11d0-93F7-00AA0059CE02} - C:\WINDOWS\system32\webcheck.dll Compatibility Page - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} - SlayerXP.dll Compressed (zipped) Folder - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} - C:\WINDOWS\system32\zipfldr.dll Compressed (zipped) Folder Right Drag Handler - {BD472F60-27FA-11cf-B8B4-444553540000} - C:\WINDOWS\system32\zipfldr.dll Compressed (zipped) Folder SendTo Target - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} - C:\WINDOWS\system32\zipfldr.dll ConnectionAgent - {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} - C:\WINDOWS\system32\webcheck.dll Crypto PKO Extension - {7444C717-39BF-11D1-8CD9-00C04FC29D45} - C:\WINDOWS\system32\cryptext.dll Crypto Sign Extension - {7444C719-39BF-11D1-8CD9-00C04FC29D45} - C:\WINDOWS\system32\cryptext.dll Custom MRU AutoCompleted List - {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} - C:\WINDOWS\system32\browseui.dll Darwin App Publisher - {CFCCC7A0-A282-11D1-9082-006008059382} - C:\WINDOWS\system32\appwiz.cpl DfsShell - {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} - C:\WINDOWS\system32\dfsshlex.dll Directory Context Menu Verbs - {62AE1F9A-126A-11D0-A14B-0800361B1103} - C:\WINDOWS\system32\dsuiext.dll Directory Object Find - {163FDC20-2ABC-11d0-88F0-00A024AB2DBB} - C:\WINDOWS\system32\dsquery.dll Directory Property UI - {0D45D530-764B-11d0-A1CA-00AA00C16E65} - C:\WINDOWS\system32\dsuiext.dll Directory Query UI - {8A23E65E-31C2-11d0-891C-00A024AB2DBB} - C:\WINDOWS\system32\dsquery.dll Directory Start/Search Find - {F020E586-5264-11d1-A532-0000F8757D7E} - C:\WINDOWS\system32\dsquery.dll Disk Copy Extension - {59099400-57FF-11CE-BD94-0020AF85B590} - diskcopy.dll Disk Quota UI - {7988B573-EC89-11cf-9C00-00AA00A14F56} - dskquoui.dll Display Adapter CPL Extension - {42071712-76d4-11d1-8b24-00a0c9068ff3} - deskadp.dll Display Monitor CPL Extension - {42071713-76d4-11d1-8b24-00a0c9068ff3} - deskmon.dll Display TroubleShoot CPL Extension - {f92e8c40-3d33-11d2-b1aa-080036a75b03} - deskperf.dll Download Status - {22BF0C20-6DA7-11D0-B373-00A0C9034938} - C:\WINDOWS\system32\browseui.dll DS Security Page - {4E40F770-369C-11d0-8922-00A024AB2DBB} - dssec.dll E-mail - {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll Encryption Context Menu - {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Explorer Band - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll Extensions Manager Folder - {692F0339-CBAA-47e6-B5B5-3B84DB604E87} - C:\WINDOWS\system32\extmgr.dll Favorites Band - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll Fonts - {BD84B380-8CA2-1069-AB1D-08000948F534} - fontext.dll Fonts - {D20EA4E1-3957-11d2-A40B-0C5020524152} - C:\WINDOWS\system32\shdocvw.dll For &People... - {32714800-2E5F-11d0-8B85-00AA0044F941} - C:\Program Files\Outlook Express\wabfind.dll FTP Folders Webview - {63da6ec0-2e98-11cf-8d82-444553540000} - C:\WINDOWS\system32\msieftp.dll Fusion Cache - {1D2680C9-0E2A-469d-B787-065558BC7D43} - c:\WINDOWS\system32\mscoree.dll GDI+ file thumbnail extractor - {3F30C968-480A-4C6C-862D-EFC0897BB84B} - C:\WINDOWS\system32\shimgvw.dll Get a Passport Wizard - {58f1f272-9240-4f51-b6d4-fd63d1618591} - C:\WINDOWS\system32\netplwiz.dll Global Folder Settings - {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} - C:\WINDOWS\system32\browseui.dll Help and Support - {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll Help and Support - {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll History - {FF393560-C2A7-11CF-BFF4-444553540000} - C:\WINDOWS\system32\ieframe.dll HTML Document - {25336920-03f9-11cf-8fd0-00aa00686f13} - C:\WINDOWS\system32\mshtml.dll HTML Thumbnail Extractor - {EAB841A0-9550-11cf-8C16-00805F1408F3} - C:\WINDOWS\system32\shimgvw.dll HyperTerminal Icon Ext - {88895560-9AA2-1069-930E-00AA0030EBC8} - C:\WINDOWS\system32\hticons.dll ICC Profile - {DBCE2480-C732-101B-BE72-BA78E9AD5B27} - C:\WINDOWS\system32\icmui.dll ICM Monitor Management - {5DB2625A-54DF-11D0-B6C4-0800091AA605} - C:\WINDOWS\System32\icmui.dll ICM Printer Management - {675F097E-4C4D-11D0-B6C1-0800091AA605} - C:\WINDOWS\system32\icmui.dll ICM Scanner Management - {176d6597-26d3-11d1-b350-080036a75b03} - icmui.dll IE AutoComplete - {3028902F-6374-48b2-8DC6-9725E775B926} - C:\WINDOWS\system32\ieframe.dll IE BandProxy - {73CFD649-CD48-4fd8-A272-2070EA56526B} - C:\WINDOWS\system32\ieframe.dll IE Custom MRU AutoCompleted List - {FDE7673D-2E19-4145-8376-BBD58C4BC7BA} - C:\WINDOWS\system32\ieframe.dll IE Fade Task - {1C1EDB47-CE22-4bbb-B608-77B48F83C823} - C:\WINDOWS\system32\ieframe.dll IE History and Feeds Shell Data Source for Windows Search - {11016101-E366-4D22-BC06-4ADA335C892B} - C:\WINDOWS\system32\ieframe.dll IE IShellFolderBand - {6CF48EF8-44CD-45d2-8832-A16EA016311B} - C:\WINDOWS\system32\ieframe.dll IE Menu Band - {4B78D326-D922-44f9-AF2A-07805C2A3560} - C:\WINDOWS\system32\ieframe.dll IE Menu Desk Bar - {205D7A97-F16D-4691-86EF-F3075DCCA57D} - C:\WINDOWS\system32\ieframe.dll IE Menu Site - {44C76ECD-F7FA-411c-9929-1B77BA77F524} - C:\WINDOWS\system32\ieframe.dll IE Microsoft BrowserBand - {07C45BB1-4A8C-4642-A1F5-237E7215FF66} - C:\WINDOWS\system32\ieframe.dll IE Microsoft History AutoComplete List - {6038EF75-ABFC-4e59-AB6F-12D397F6568D} - C:\WINDOWS\system32\ieframe.dll IE Microsoft Multiple AutoComplete List Container - {B31C5FAE-961F-415b-BAF0-E697A5178B94} - C:\WINDOWS\system32\ieframe.dll IE Microsoft Shell Folder AutoComplete List - {9D958C62-3954-4b44-8FAB-C4670C1DB4C2} - C:\WINDOWS\system32\ieframe.dll IE MRU AutoComplete List - {98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} - C:\WINDOWS\system32\ieframe.dll IE Navigation Bar - {43886CD5-6529-41c4-A707-7B3C92C05E68} - C:\WINDOWS\system32\ieframe.dll IE Registry Tree Options Utility - {F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} - C:\WINDOWS\system32\ieframe.dll IE RSS Feeder Folder - {9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} - C:\WINDOWS\system32\ieframe.dll IE Search Band - {30D02401-6A81-11d0-8274-00C04FD5AE38} - C:\WINDOWS\system32\ieframe.dll IE Shell Band Site Menu - {E6EE9AAC-F76B-4947-8260-A9F136138E11} - C:\WINDOWS\system32\ieframe.dll IE Shell Rebar BandSite - {BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} - C:\WINDOWS\system32\ieframe.dll IE Tracking Shell Menu - {6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} - C:\WINDOWS\system32\ieframe.dll IE User Assist - {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} - C:\WINDOWS\system32\ieframe.dll IE4 Suite Splash Screen - {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\system32\shdocvw.dll In-pane search - {169A0691-8DF9-11d1-A1C4-00C04FD75D13} - C:\WINDOWS\system32\browseui.dll Installed Apps Enumerator - {0B124F8F-91F0-11D1-B8B5-006008059382} - C:\WINDOWS\system32\appwiz.cpl Internet - {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll Internet Name Space - {871C5380-42A0-1069-A2EA-08002B30309D} - C:\WINDOWS\system32\ieframe.dll InternetShortcut - {FBF23B40-E3F0-101B-8488-00AA003E56F8} - C:\WINDOWS\system32\ieframe.dll ISFBand OC - {131A6951-7F78-11D0-A979-00C04FD705A2} - C:\WINDOWS\system32\shdocvw.dll iTunes - {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - C:\Program Files\iTunes\iTunesMiniPlayer.dll Microsoft Agent Character Property Sheet Handler - {143A62C8-C33B-11D1-84FE-00C04FA34A14} - C:\WINDOWS\msagent\agentpsh.dll Microsoft AutoComplete - {00BB2763-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\system32\browseui.dll Microsoft Browser Architecture - {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} - C:\WINDOWS\system32\shdocvw.dll Microsoft Browser Architecture - {BC476F4C-D9D7-4100-8D4E-E043F6DEC409} - C:\WINDOWS\system32\ieframe.dll Microsoft BrowserBand - {7BA4C742-9E81-11CF-99D3-00AA004AE837} - C:\WINDOWS\system32\browseui.dll Microsoft Data Link - {2206CDB2-19C1-11D1-89E0-00C04FD7A829} - C:\Program Files\Common Files\System\Ole DB\oledb32.dll Microsoft DocProp Inplace Calendar Control - {6A205B57-2567-4A2C-B881-F787FAB579A3} - C:\WINDOWS\system32\docprop2.dll Microsoft DocProp Inplace Droplist Combo Control - {0EEA25CC-4362-4A12-850B-86EE61B0D3EB} - C:\WINDOWS\system32\docprop2.dll Microsoft DocProp Inplace Edit Box Control - {A9CF0EAE-901A-4739-A481-E35B73E47F6D} - C:\WINDOWS\system32\docprop2.dll Microsoft DocProp Inplace ML Edit Box Control - {8EE97210-FD1F-4B19-91DA-67914005F020} - C:\WINDOWS\system32\docprop2.dll Microsoft DocProp Inplace Time Control - {28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} - C:\WINDOWS\system32\docprop2.dll Microsoft DocProp Shell Ext - {883373C3-BF89-11D1-BE35-080036B11A03} - C:\WINDOWS\system32\docprop2.dll Microsoft History AutoComplete List - {00BB2764-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\system32\browseui.dll Microsoft Internet Toolbar - {5E6AB780-7743-11CF-A12B-00AA004AE837} - C:\WINDOWS\system32\browseui.dll Microsoft Multiple AutoComplete List Container - {00BB2765-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\system32\browseui.dll Microsoft Office HTML Icon Handler - {42042206-2D85-11D3-8CFF-005004838597} - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll Microsoft Office Metadata Handler - {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll Microsoft Office Outlook Custom Icon Handler - {0006F045-0000-0000-C000-000000000046} - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL Microsoft Office Outlook Desktop Icon Handler - {00020D75-0000-0000-C000-000000000046} - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL Microsoft Office Thumbnail Handler - {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll Microsoft Shell Folder AutoComplete List - {03C036F1-A186-11D0-824A-00AA005B4383} - C:\WINDOWS\system32\browseui.dll Microsoft Url History Service - {3C374A40-BAE4-11CF-BF7D-00AA006946EE} - C:\WINDOWS\system32\ieframe.dll Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Web Browser - {8856f961-340a-11d0-a96b-00c04fd705a2} - C:\WINDOWS\system32\ieframe.dll Microsoft.XPS.Shell.Metadata.1 - {45670FA8-ED97-4F44-BC93-305082590BFB} - C:\WINDOWS\System32\XPSSHHDR.DLL Microsoft.XPS.Shell.Thumbnail.1 - {44121072-A222-48f2-A58A-6D9AD51EBBE9} - C:\WINDOWS\System32\XPSSHHDR.DLL Midi Properties Handler - {A6FD9E45-6E44-43f9-8644-08598F5A74D9} - C:\WINDOWS\system32\shmedia.dll MMC Icon Handler - {7A80E4A8-8005-11D2-BCF8-00C04F72C717} - C:\WINDOWS\System32\mmcshext.dll MRU AutoComplete List - {6756A641-DE71-11d0-831B-00AA005B4383} - C:\WINDOWS\system32\browseui.dll MSHTML Document - {3050f3d9-98b5-11cf-bb82-00aa00bdce0b} - C:\WINDOWS\system32\mshtml.dll Multimedia File Property Sheet - {00022613-0000-0000-C000-000000000046} - mmsys.cpl Multiscan - {D9872D13-7651-4471-9EEE-F0A00218BEBB} - MyDocs Copy Hook - {ECF03A33-103D-11d2-854D-006008059367} - C:\WINDOWS\system32\mydocs.dll MyDocs Drop Target - {ECF03A32-103D-11d2-854D-006008059367} - C:\WINDOWS\system32\mydocs.dll MyDocs Properties - {4a7ded0a-ad25-11d0-98a8-0800361b1103} - C:\WINDOWS\system32\mydocs.dll Network Connections - {7007ACC7-3202-11D1-AAD2-00805FC1270E} - C:\WINDOWS\system32\NETSHELL.dll Network Connections - {992CFFA0-F557-101A-88EC-00DD010CCC48} - C:\WINDOWS\system32\NETSHELL.dll NTFS Security Page - {1F2E5C40-9550-11CE-99D2-00AA006E086C} - rshx32.dll Offline Files Folder - {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} - C:\WINDOWS\System32\cscui.dll Offline Files Folder Options - {10CFC467-4392-11d2-8DB4-00C04FA31A66} - C:\WINDOWS\System32\cscui.dll Offline Files Menu - {750fdf0e-2a26-11d1-a3ea-080036587f03} - C:\WINDOWS\System32\cscui.dll OLE Docfile Property Page - {3EA48300-8CF6-101B-84FB-666CCB9BCD32} - docprop.dll Outpost Shell Extension - {D3796116-94D3-4009-96D7-51578411CC7D} - PlusPack CPL Extension - {41E300E0-78B6-11ce-849B-444553540000} - C:\WINDOWS\system32\themeui.dll Portable Devices - {35786D3C-B075-49b9-88DD-029876E11C01} - C:\WINDOWS\system32\wpdshext.dll Portable Devices Menu - {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} - C:\WINDOWS\system32\wpdshext.dll Portable Media Devices - {640167b4-59b0-47a6-b335-a6b3c0695aea} - C:\WINDOWS\system32\Audiodev.dll PostAgent - {D8BD2030-6FC9-11D0-864F-00AA006809D9} - C:\WINDOWS\system32\webcheck.dll Previous Versions - {9DB7A13C-F208-4981-8353-73CC61AE2783} - C:\WINDOWS\system32\twext.dll Previous Versions Property Page - {596AB062-B4D2-4215-9F74-E9109B0A8153} - C:\WINDOWS\system32\twext.dll Print Ordering via the Web - {add36aa8-751a-4579-a266-d66f5202ccbb} - C:\WINDOWS\system32\netplwiz.dll Printers Security Page - {F37C5810-4D3F-11d0-B4BF-00AA00BBB723} - rshx32.dll Registry Tree Options Utility - {AF4F6510-F982-11d0-8595-00AA004CD6D8} - C:\WINDOWS\system32\browseui.dll Remote Sessions CPL Extension - {F0152790-D56E-4445-850E-4F3117DB740C} - C:\WINDOWS\system32\remotepg.dll Run... - {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll SampleView - {7F67036B-66F1-411A-AD85-759FB9C5B0DB} - C:\WINDOWS\system32\ShellvRTF.dll Scanners & Cameras - {3F953603-1008-4f6e-A73A-04AAC7A992F1} - wiashext.dll Scanners & Cameras - {83bbcbf3-b28a-4919-a5aa-73027445d672} - wiashext.dll Scanners & Cameras - {905667aa-acd6-11d2-8080-00805f6596d2} - wiashext.dll Scanners & Cameras - {E211B736-43FD-11D1-9EFB-0000F8757FCD} - wiashext.dll Scanners & Cameras - {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} - wiashext.dll Scheduled Tasks - {D6277990-4C6A-11CF-8D87-00AA0060F5BF} - C:\WINDOWS\system32\mstask.dll Search - {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll Search Assistant OC - {9461b922-3c5a-11d2-bf8b-00c04fb93661} - C:\WINDOWS\system32\shdocvw.dll Sendmail service - {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} - C:\WINDOWS\system32\sendmail.dll Sendmail service - {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} - C:\WINDOWS\system32\sendmail.dll Set Program Access and Defaults - {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll Shell Application Manager - {352EC2B7-8B9A-11D1-B8AE-006008059382} - C:\WINDOWS\system32\appwiz.cpl Shell Automation Inproc Service - {0A89A860-D7B1-11CE-8350-444553540000} - C:\WINDOWS\system32\shdocvw.dll Shell Band Site Menu - {ECD4FC4E-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll Shell DeskBar - {ECD4FC4C-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll Shell DeskBarApp - {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} - C:\WINDOWS\system32\browseui.dll Shell DocObject Viewer - {E7E4BC40-E76A-11CE-A9BB-00AA004AE837} - C:\WINDOWS\system32\ieframe.dll Shell extensions for file compression - {764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for Microsoft Windows Network objects - {59be4990-f85c-11ce-aff7-00aa003ca9f6} - ntlanui2.dll Shell extensions for sharing - {40dd6e20-7c17-11ce-a804-00aa003ca9f6} - ntshrui.dll Shell extensions for sharing - {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} - ntshrui.dll Shell extensions for Windows Script Host - {60254CA5-953B-11CF-8C96-00AA00B8708C} - C:\WINDOWS\system32\wshext.dll Shell Icon Handler for Application References - {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} - c:\WINDOWS\system32\dfshim.dll Shell Image Data Factory - {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} - C:\WINDOWS\system32\shimgvw.dll Shell Image Property Handler - {eb9b1153-3b57-4e68-959a-a3266bc3d7fe} - C:\WINDOWS\system32\shimgvw.dll Shell Image Verbs - {e84fda7c-1d6a-45f6-b725-cb260c236066} - C:\WINDOWS\system32\shimgvw.dll Shell properties for a DS object - {9E51E0D0-6E0F-11d2-9601-00C04FA31A86} - C:\WINDOWS\system32\dsquery.dll Shell Publishing Wizard Object - {6b33163c-76a5-4b6c-bf21-45de9cd503a1} - C:\WINDOWS\system32\netplwiz.dll Shell Rebar BandSite - {ECD4FC4D-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll Shell Scrap DataHandler - {56117100-C0CD-101B-81E2-00AA004AE837} - shscrap.dll Shell Search Band - {21569614-B795-46b1-85F4-E737A8DC09AD} - C:\WINDOWS\system32\browseui.dll ShellLink for Application References - {e82a2d71-5b2f-43a0-97b8-81be15854de8} - c:\WINDOWS\system32\dfshim.dll Subscription Folder - {F5175861-2688-11d0-9C5E-00AA00A45957} - C:\WINDOWS\system32\webcheck.dll Subscription Mgr - {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} - C:\WINDOWS\system32\webcheck.dll Summary Info Thumbnail handler (DOCFILES) - {9DBD2C50-62AD-11d0-B806-00C04FD706EC} - C:\WINDOWS\system32\shimgvw.dll Taskbar and Start Menu - {0DF44EAA-FF21-4412-828E-260A8728E7F1} - Tasks Folder Icon Handler - {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} - C:\WINDOWS\system32\mstask.dll Tasks Folder Shell Extension - {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} - C:\WINDOWS\system32\mstask.dll Temporary Internet Files - {7BD29E00-76C1-11CF-9DD0-00A0C9034933} - C:\WINDOWS\system32\ieframe.dll Temporary Internet Files - {7BD29E01-76C1-11CF-9DD0-00A0C9034933} - C:\WINDOWS\system32\ieframe.dll The Internet - {3DC7A020-0ACD-11CF-A9BB-00AA004AE837} - C:\WINDOWS\system32\ieframe.dll Track Popup Bar - {acf35015-526e-4230-9596-becbe19f0ac9} - C:\WINDOWS\system32\browseui.dll TrayAgent - {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} - C:\WINDOWS\system32\webcheck.dll TridentImageExtractor - {7376D660-C583-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\system32\browseui.dll User Accounts - {7A9D77BD-5403-11d2-8785-2E0420524153} - User Assist - {DD313E04-FEFF-11d1-8ECD-0000F87A470C} - C:\WINDOWS\system32\browseui.dll Video Media Properties Handler - {40C3D757-D6E4-4b49-BB41-0E5BBEA28817} - C:\WINDOWS\system32\shmedia.dll Video Thumbnail Extractor - {c5a40261-cd64-4ccf-84cb-c394da41d590} - C:\WINDOWS\system32\shmedia.dll Wav Properties Handler - {E4B29F9D-D390-480b-92FD-7DDB47101D71} - C:\WINDOWS\system32\shmedia.dll Web Folders - {BDEADF00-C265-11D0-BCED-00A0C90AB50F} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL Web Printer Shell Extension - {77597368-7b15-11d0-a0c2-080036af3f03} - printui.dll Web Publishing Wizard - {CC6EEFFB-43F6-46c5-9619-51D571967F7D} - C:\WINDOWS\system32\netplwiz.dll Web Search - {07798131-AF23-11d1-9111-00A0C98BA67D} - C:\WINDOWS\system32\browseui.dll WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll WebCheck SyncMgr Handler - {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} - C:\WINDOWS\system32\webcheck.dll WebCheckChannelAgent - {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} - C:\WINDOWS\system32\webcheck.dll WebCheckWebCrawler - {08165EA0-E946-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll Windows Media Player Add to Playlist Context Menu Handler - {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} - C:\WINDOWS\system32\wmpshell.dll Windows Media Player Burn Audio CD Context Menu Handler - {8DD448E6-C188-4aed-AF92-44956194EB1F} - C:\WINDOWS\system32\wmpshell.dll Windows Media Player Play as Playlist Context Menu Handler - {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} - C:\WINDOWS\system32\wmpshell.dll [This user (1)] Web Folders - {BDEADF00-C265-11d0-BCED-00A0C90AB50F} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -------------------- Registry 'Run' keys: [System Run] Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" AVG_UI = "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY EzPrint = "C:\Program Files\Lexmark 2300 Series\ezprint.exe" IntelAudioStudio = "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT ledpointer = CNYHKey.exe LifeCam = "C:\Program Files\Microsoft LifeCam\LifeExp.exe" LXCGCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 lxcgmon.exe = "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" Persistence = C:\WINDOWS\system32\igfxpers.exe RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" SunKistEM = C:\Program Files\Digital Media Reader\shwiconem.exe -------------------- Registry 'Run' subkeys: [User Run] * AutorunsDisabled * MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background [System Run] * AutorunsDisabled * Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" CHotkey = mHotkey.exe * OptionalComponents * @ = -------------------- Protocols: [Pluggable MIME filters (9)] application/octet-stream = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = mscoree.dll application/x-complus = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = mscoree.dll application/x-msdownload = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = mscoree.dll Class Install Handler = {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} = C:\WINDOWS\system32\urlmon.dll deflate = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\system32\urlmon.dll gzip = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\system32\urlmon.dll lzdhtml = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\system32\urlmon.dll text/webviewhtml = {733AC4CB-F1A4-11d0-B951-00A0C90312E1} = C:\WINDOWS\system32\SHELL32.dll text/xml = {807553E5-5146-11D5-A672-00B0D022E945} = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL [Protocol handlers (25)] about = {3050F406-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\system32\mshtml.dll cdl = {3dd53d40-7b8b-11D0-b013-00aa0059ce02} = C:\WINDOWS\system32\urlmon.dll dvd = {12D51199-0DB5-46FE-A120-47A3D7D937CC} = C:\WINDOWS\system32\msvidctl.dll file = {79eac9e7-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll ftp = {79eac9e3-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll gopher = {79eac9e4-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll http = {79eac9e2-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll https = {79eac9e5-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll its = {9D148291-B9C8-11D0-A4CC-0000F80149F6} = C:\WINDOWS\system32\itss.dll javascript = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\system32\mshtml.dll livecall = {828030A1-22C1-4009-854F-8E305202313F} = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL local = {79eac9e7-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll mailto = {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\system32\mshtml.dll mhtml = {05300401-BCBC-11d0-85E3-00C04FD85AB4} = C:\WINDOWS\system32\inetcomm.dll mk = {79eac9e6-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll ms-its = {9D148291-B9C8-11D0-A4CC-0000F80149F6} = C:\WINDOWS\system32\itss.dll ms-itss = {0A9007C0-4076-11D3-8789-0000F8105754} = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll msnim = {828030A1-22C1-4009-854F-8E305202313F} = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL mso-offdap11 = {32505114-5902-49B2-880A-1F7738E5A384} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL res = {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\system32\mshtml.dll skype4com = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL sysimage = {76E67A63-06E9-11D2-A840-006008059382} = C:\WINDOWS\system32\mshtml.dll tv = {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} = C:\WINDOWS\system32\msvidctl.dll vbscript = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\system32\mshtml.dll wia = {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} = C:\WINDOWS\system32\wiascr.dll -------------------- WOW compatibility: cmdline = C:\WINDOWS\system32\ntvdm.exe wowcmdline = C:\WINDOWS\system32\ntvdm.exe -a C:\WINDOWS\system32\krnl386 [KnownDlls (16-bit) (40)] avicap.dll avifile.dll comm.drv commdlg.dll compobj.dll ctl3dv2.dll ddeml.dll keyboard.drv lanman.drv mapi.dll mciavi.drv mciseq.drv mciwave.drv mmsystem.dll mouse.drv msacm.dll msvideo.dll netapi.dll ole2.dll ole2disp.dll ole2nls.dll olecli.dll olesvr.dll pmspl.dll progman.exe rasapi16.dll shell.dll sound.drv storage.dll system.drv timer.drv toolhelp.dll typelib.dll vga.drv wfwnet.drv win87em.dll winoldap.mod winsock.dll winspool.exe wowdeb.exe [KnownDlls (32-bit) (20)] advapi32.dll comdlg32.dll gdi32.dll imagehlp.dll kernel32.dll lz32.dll ole32.dll oleaut32.dll olecli32.dll olecnv32.dll olesvr32.dll olethk32.dll rpcrt4.dll shell32.dll url.dll urlmon.dll user32.dll version.dll wininet.dll wldap32.dll -------------------- ShellServiceObjectDelayLoad: [All users (5)] CDBurn = {fbeb8a05-beee-4442-804e-409d6c4515e9} = C:\WINDOWS\system32\SHELL32.dll PostBootReminder = {7849596a-48ea-486e-8937-a2a3009f31a9} = C:\WINDOWS\system32\SHELL32.dll SysTray = {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll WPDShServiceObj = {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll -------------------- SharedTaskScheduler (2): Browseui preloader = {438755C2-A8BA-11D1-B96B-00A0C90312E1} = C:\WINDOWS\system32\browseui.dll Component Categories cache daemon = {8C7461EF-2B13-11d2-BE35-3078302C2030} = C:\WINDOWS\system32\browseui.dll -------------------- Winsock LSP: [Protocols (17)] MSAFD Tcpip [TCP/IP] - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} - C:\WINDOWS\system32\mswsock.dll MSAFD Tcpip [UDP/IP] - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} - C:\WINDOWS\system32\mswsock.dll RSVP UDP Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\WINDOWS\system32\rsvpsp.dll RSVP TCP Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\WINDOWS\system32\rsvpsp.dll MSAFD nwlnkipx [IPX] - {11058240-BE47-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll MSAFD nwlnkspx [SPX] - {11058241-BE47-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll MSAFD nwlnkspx [SPX] [Pseudo Stream] - {11058241-BE47-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll MSAFD nwlnkspx [SPX II] - {11058241-BE47-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll MSAFD nwlnkspx [SPX II] [Pseudo Stream] - {11058241-BE47-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 3 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 3 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll MSAFD NetBIOS [\Device\NetBT_Tcpip_{3BBF674C-1113-41D3-B7DF-E12A5AB9EF53}] SEQPACKET 0 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll MSAFD NetBIOS [\Device\NetBT_Tcpip_{3BBF674C-1113-41D3-B7DF-E12A5AB9EF53}] DATAGRAM 0 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB458613-4778-4C16-92F4-0450C437C848}] SEQPACKET 1 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB458613-4778-4C16-92F4-0450C437C848}] DATAGRAM 1 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll MSAFD NetBIOS [\Device\NetBT_Tcpip_{74046427-157B-460E-8CF1-35C9520B9896}] SEQPACKET 2 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll MSAFD NetBIOS [\Device\NetBT_Tcpip_{74046427-157B-460E-8CF1-35C9520B9896}] DATAGRAM 2 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll [Namespace Providers (4)] Tcpip - {22059D40-7E9E-11CF-AE5A-00AA00A7112B} - C:\WINDOWS\System32\mswsock.dll NTDS - {3B2637EE-E580-11CF-A555-00C04FD8D4AC} - C:\WINDOWS\System32\winrnr.dll Network Location Awareness (NLA) Namespace - {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} - C:\WINDOWS\System32\mswsock.dll NWLink IPX/SPX/NetBIOS Compatible Transport Protocol - {E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B} - C:\WINDOWS\System32\nwprovau.dll -------------------- Hijack points: [Reset web settings URLs] SearchAssistant = CustomizeSearch = START_PAGE_URL = SEARCH_PAGE_URL = MS_START_PAGE_URL = [Internet Explorer URLs] * This user * - Internet Explorer\Main (5) Default_Page_Url = http://www.yahoo.com/?fr=fp-yie8 Local Page = C:\WINDOWS\system32\blank.htm Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page = http://www.yahoo.com/?fr=fp-yie8 Window Title = Windows Internet Explorer provided by Yahoo! - Internet Explorer\Desktop\General (2) BackupWallpaper = %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Wallpaper = %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp * All users * - Internet Explorer\Main (6) Default_Page_Url = http://go.microsoft.com/fwlink/?LinkId=69157 Default_Search_Url = http://go.microsoft.com/fwlink/?LinkId=54896 Local Page = C:\WINDOWS\system32\blank.htm Search Bar = http://www.google.com/ie Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 - Internet Explorer\Search (2) CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm SearchAssistant = http://www.google.com/ie - Internet Explorer\AboutURLs (6) blank = res://mshtml.dll/blank.htm DesktopItemNavigationFailure = res://ieframe.dll/navcancl.htm NavigationCanceled = res://ieframe.dll/navcancl.htm NavigationFailure = res://ieframe.dll/navcancl.htm OfflineInformation = res://ieframe.dll/offcancl.htm PostNotCached = res://ieframe.dll/repost.htm [Default URL prefixes] default = http:// ftp = ftp:// gopher = gopher:// home = http:// mosaic = http:// www = http:// [Hosts file location] DatabasePath = C:\WINDOWS\System32\drivers\etc\hosts -------------------- Protection & disabled items: [Hosts file (1)] * 127.0.0.1 * localhost [ActiveX killbits (228)] &Address - {01E04581-4EEE-11d0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (no name) - {083863F1-70DE-11d0-BD40-00A0C911CE86} - C:\WINDOWS\system32\devenum.dll (no name) - {323C0F99-820A-4e0b-B714-57942C6D9678} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC1~1.DLL (no name) - {53C74826-AB99-4D33-ACA4-3117F51D3788} - C:\WINDOWS\system32\SHELL32.dll (no name) - {6FBF8DD5-9E03-4af5-B779-FEBEF6754712} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC1~1.DLL (no name) - {b4b3aecb-dfd6-11d1-9daa-00805f85cfe3} - C:\WINDOWS\system32\CLBCatQ.DLL (no name) - {e846f0a0-d367-11d1-8286-00a0c9231c29} - C:\WINDOWS\system32\clbcatex.dll (no name) - {F4C30BB5-D7FC-4d60-9D49-7C6B67C3592D} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC1~1.DLL (no name) - {f5078f26-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll (no name) - {F5F545A6-39C4-40b5-814D-B45040A89FB5} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC1~1.DLL (no name) - {F81CD990-910B-4bbf-9CB3-6A77F3D697B3} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC1~1.DLL (no name) - {FEF10FA2-355E-4E06-9381-9B24D7F7CC88} - C:\WINDOWS\system32\SHELL32.dll 9x8Resize - {BC0D69A8-0923-4EEE-9375-9239F5A38B92} - C:\Program Files\Movie Maker\wmm2filt.dll ACM Class Manager - {33d9a761-90c8-11d0-bd43-00a0c911ce86} - C:\WINDOWS\system32\devenum.dll ADODB.Stream - {00000566-0000-0010-8000-00AA006D2EA4} - C:\Program Files\Common Files\System\ado\msado15.dll AEPlugIn Class - {E8C31D11-6FD2-4659-AD75-155FA143F42B} - C:\Program Files\Movie Maker\wmm2ae.dll Allocator Fix - {C0D076C5-E4C6-4561-8BF4-80DA8DB819D7} - C:\Program Files\Movie Maker\wmm2filt.dll AsyncMHandler Class - {3DA2AA3E-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ATSC Tune Request Location Information - {8872FF1B-98FA-4D7A-8D93-C9F1055F85BB} - C:\WINDOWS\system32\msvidctl.dll Audio Renderers Collection Class - {C5702CCF-9B79-11D3-B654-00C04F79498E} - C:\WINDOWS\system32\msvidctl.dll BDA Data Services Feature Segment - {334125C0-77E5-11D3-B653-00C04F79498E} - C:\WINDOWS\system32\msvidctl.dll BDA Tuner Device Segment - {A2E3074E-6C3D-11D3-B653-00C04F79498E} - C:\WINDOWS\system32\msvidctl.dll BDA Tuning Model Analog Radio Tuning Space - {8A674B4C-1F63-11D3-B64C-00C04F79498E} - C:\WINDOWS\system32\msvidctl.dll BDA Tuning Model Analog TV Tuning Space - {8A674B4D-1F63-11D3-B64C-00C04F79498E} - C:\WINDOWS\system32\msvidctl.dll BDA Tuning Model ATSC Channel Tune Request - {0369B4E6-45B6-11D3-B650-00C04F79498E} - C:\WINDOWS\system32\msvidctl.dll BDA Tuning Model ATSC Component Type Class (Broadcast Substream Type) - {A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE} - C:\WINDOWS\system32\msvidctl.dll BDA Tuning Model ATSC Tuning Space - {A2E30750-6C3D-11D3-B653-00C04F79498E} - C:\WINDOWS\system32\msvidctl.dll BDA Tuning Model Auxiliary Inputs Tuning Space - {F9769A06-7ACA-4E39-9CFB-97BB35F0E77E} - C:\WINDOWS\system32\msvidctl.dll BDA Tuning Model Channel Tune Request - {0369B4E5-45B6-11D3-B650-00C04F79498E} - C:\WINDOWS\system32\msvidctl.dll BDA Tuning Model Component Class(Broadcast Substream) - {59DC47A8-116C-11D3-9D8E-00C04F72D980} - C:\WINDOWS\system32\msvidctl.dll BDA Tuning Model Component Type Class (Broadcast Substream Type) - {823535A0-0318-11D3-9D8E-00C04F72D980} - C:\WINDOWS\system32\msvidctl.dll BDA Tuning Model DVB Cable Locator - {C531D9FD-9685-4028-8B68-6E1232079F1E} - C:\WINDOWS\system32\msvidctl.dll BDA Tuning Model DVB Satellite Locator - {1DF7D126-4050-47F0-A7CF-4C4CA9241333} - C:\WINDOWS\system32\msvidctl.dll BDA Tuning Model DVB Terrestrial Locator - {9CD64701-BDF3-4D14-8E03-F12983D86664} - C:\WINDOWS\system32\msvidctl.dll BDA Tuning Model DVB Tune Request - {15D6504A-5494-499C-886C-973C9E53B9F1} - C:\WINDOWS\system32\msvidctl.dll BDA Tuning Model DVB Tuning Space - {C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7} - C:\WINDOWS\system32\msvidctl.dll BDA Tuning Model DVB-Satellite Tuning Space - {B64016F3-C9A2-4066-96F0-BD9563314726} - C:\WINDOWS\system32\msvidctl.dll BDA Tuning Model Language Component Type Class (Broadcast Substream Type) - {1BE49F30-0E1B-11D3-9D8E-00C04F72D980} - C:\WINDOWS\system32\msvidctl.dll BDA Tuning Model MPEG2 Component Class (Broadcast Substream) - {055CB2D7-2969-45CD-914B-76890722F112} - C:\WINDOWS\system32\msvidctl.dll BDA Tuning Model MPEG2 Component Type Class (Broadcast Substream Type) - {418008F3-CF67-4668-9628-10DC52BE1D08} - C:\WINDOWS\system32\msvidctl.dll BDA Tuning Model MPEG2 Tune Request - {0955AC62-BF2E-4CBA-A2B9-A63F772D46CF} - C:\WINDOWS\system32\msvidctl.dll BDA Tuning Model MPEG2 Tune Request Factory - {2C63E4EB-4CEA-41B8-919C-E947EA19A77C} - C:\WINDOWS\system32\msvidctl.dll Bitmap - {4F3E50BD-A9D7-4721-B0E1-00CB42A0A747} - C:\Program Files\Movie Maker\wmm2filt.dll Briefcase - {85bbd920-42a0-1069-a2e4-08002b30309d} - syncui.dll CEnroll Class - {43F8F289-7A20-11D0-8F06-00C04FC295E1} - C:\WINDOWS\system32\xenroll.dll cfw Class - {ecabafc0-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll CLSID_ApprenticeICW - {8ee42293-c315-11d0-8d6f-00a0c9a06e1f} - C:\WINDOWS\system32\inetcfg.dll CLSID_CCommAcctImport - {1aa06ba1-0e88-11d1-8391-00c04fbd7c09} - C:\WINDOWS\system32\msoeacct.dll CLSID_CDIDeviceActionConfigPage - {18ab439e-fcf4-40d4-90da-f79baa3b0655} - C:\WINDOWS\system32\diactfrm.dll Collection of all the available BDA Tuning Model Tuning Space objects on this system - {D02AAC50-027E-11D3-9D8E-00C04F72D980} - C:\WINDOWS\system32\msvidctl.dll Collection of BDA Tuning Model Component Types(Broadcast Substream Types) - {A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980} - C:\WINDOWS\system32\msvidctl.dll CommunicationManager - {67dcc487-aa48-11d1-8f4f-00c04fb611c7} - C:\WINDOWS\system32\msdtctm.dll Developer Tools - {8FE85D00-4647-40B9-87E4-5EB8A52F4759} - C:\Program Files\Internet Explorer\iedvtool.dll DirectControl Class - {39A2C2A6-4778-11D2-9BDB-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx DirectX Transform Wrapper Property Page - {1B544C24-FD0B-11CE-8C63-00AA0044B520} - C:\Program Files\Movie Maker\wmm2filt.dll DiskManagement.Connection - {fd78d554-4c6e-11d0-970d-00a0c9191601} - C:\WINDOWS\System32\dmdskmgr.dll Dutch_Dutch Stemmer Resources - {860d28d0-8bf4-11ce-be59-00aa0051fe20} - infosoft.dll Encoder Feature Segment - {BB530C63-D9DF-4B49-9439-63453962E598} - C:\WINDOWS\system32\msvidctl.dll English_UK Stemmer Resources - {d99f7670-7f1a-11ce-be57-00aa0051fe20} - infosoft.dll English_US Stemmer Resources - {eeed4c20-7f1b-11ce-be57-00aa0051fe20} - infosoft.dll Features Collection Class - {C5702CD0-9B79-11D3-B654-00C04F79498E} - C:\WINDOWS\system32\msvidctl.dll File Playback Device Segment - {37B0353C-A4C8-11D2-B634-00C04F79498E} - C:\WINDOWS\system32\msvidctl.dll Frame Eater - {6C68955E-F965-4249-8E18-F0977B1D2899} - C:\Program Files\Movie Maker\wmm2filt.dll Free Threaded XML DOM Document 2.6 - {f5078f1c-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll French_French Stemmer Resources - {2a6eb050-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll FTP Folder Web View Automation - {210DA8A2-7445-11D1-91F7-006097DF5BD4} - C:\WINDOWS\system32\msieftp.dll Generic Sink Segment - {4A5869CF-929D-4040-AE03-FCAFC5B9CD42} - C:\WINDOWS\system32\msvidctl.dll German_German Stemmer Resources - {510a4910-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll H323MSP Class - {0F1BE7F8-45CA-11D2-831F-00A0244D2298} - C:\WINDOWS\system32\h323msp.dll HHCtrl Object - {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} - C:\WINDOWS\system32\hhctrl.ocx HHCtrl Object - {ADB880A6-D8FF-11CF-9377-00AA003B7A11} - C:\WINDOWS\system32\hhctrl.ocx HTML Inline Movie Control - {8422DAE7-9929-11CF-B8D3-004033373DA8} - C:\Program Files\Microsoft Office\OFFICE11\HTML\HTMLMM.OCX HTML Inline Sound Control - {8422DAE3-9929-11CF-B8D3-004033373DA8} - C:\Program Files\Microsoft Office\OFFICE11\HTML\HTMLMM.OCX IAVIStream & IAVIFile Proxy - {0002000D-0000-0000-C000-000000000046} - avifil32.dll ICM Class Manager - {33d9a760-90c8-11d0-bd43-00a0c911ce86} - C:\WINDOWS\system32\devenum.dll IndexServer Simple Command Creator - {c7b6c04a-cbb5-11d0-bb4c-00c04fc2f410} - C:\WINDOWS\system32\query.dll Input Devices Collection Class - {C5702CCC-9B79-11D3-B654-00C04F79498E} - C:\WINDOWS\system32\msvidctl.dll InstallEngineCtl Object - {6E449683-C509-11CF-AAFA-00AA00B6015C} - C:\WINDOWS\system32\asctrls.ocx IPConfMSP Class - {0F1BE7F7-45CA-11D2-831F-00A0244D2298} - C:\WINDOWS\system32\confmsp.dll Italian_Italian Stemmer Resources - {6d36ce10-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll Legacy Analog TV Tuner Device Segment - {1C15D484-911D-11D2-B632-00C04F79498E} - C:\WINDOWS\system32\msvidctl.dll LW Identities - {A9AE6C91-1D1B-11D2-B21A-00C04FA357FA} - C:\WINDOWS\system32\msident.dll Marquee Control - {250770f3-6af2-11cf-a915-008029e31fcd} - C:\Program Files\Microsoft Office\OFFICE11\HTML\HTMLMARQ.OCX MarshalableTI Class - {466d66fa-9616-11d2-9342-0000f875ae17} - C:\WINDOWS\system32\msconf.dll Media Streaming Dynamic Terminal - {AED6483F-3304-11D2-86F1-006008B0E5D2} - C:\WINDOWS\system32\termmgr.dll MessageMover Class - {ecabb0bf-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll Microsoft Agent Control 1.5 - {F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5} - C:\WINDOWS\msagent\agentctl.dll Microsoft Animation Control 6.0 (SP4) - {B09DE715-87C1-11D1-8BE3-0000F8754DA1} - C:\WINDOWS\system32\mscomct2.ocx Microsoft Common Browser Architecture - {AF604EFE-8897-11D1-B944-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll Microsoft DocHost User Interface Handler - {7057e952-bd1b-11d1-8919-00c04fc2c836} - C:\WINDOWS\system32\ieframe.dll Microsoft HTA Document 6.0 - {3050F5C8-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll Microsoft Html Document for Popup Window - {3050F67D-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll Microsoft Html Popup Window - {3050f667-98b5-11cf-bb82-00aa00bdce0b} - C:\WINDOWS\system32\mshtml.dll Microsoft HTML Window Security Proxy - {3050F391-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll Microsoft ImageComboBox Control 6.0 (SP6) - {DD9DA666-8594-11D1-B16A-00C0F0283628} - C:\WINDOWS\system32\MSCOMCTL.OCX Microsoft ImageList Control 6.0 (SP6) - {2C247F23-8591-11D1-B16A-00C0F0283628} - C:\WINDOWS\system32\MSCOMCTL.OCX Microsoft Index Server Scope Administration Object - {3bc4f3a7-652a-11d1-b4d4-00c04fc2db8d} - C:\WINDOWS\system32\ciodm.dll Microsoft ListView Control 6.0 (SP6) - {996BF5E0-8044-4650-ADEB-0B013914E99C} - C:\WINDOWS\system32\MSCOMCTL.OCX Microsoft ListView Control 6.0 (SP6) - {BDD1F04B-858B-11D1-B16A-00C0F0283628} - C:\WINDOWS\system32\MSCOMCTL.OCX Microsoft Movie Maker Age Filter - {ADEADEB8-E54B-11D1-9A72-0000F875EADE} - C:\Program Files\Movie Maker\wmm2fxa.dll Microsoft MovieMaker Fade In Fade Out - {EC85D8F1-1C4E-46E4-A748-7AA04E7C0496} - C:\Program Files\Movie Maker\wmm2fxa.dll Microsoft MPEG-4 Video Decompressor Property page - {598eba02-b49a-11d2-a1c1-00609778ea66} - C:\WINDOWS\system32\mp4sds32.ax Microsoft MS Audio Decompressor Control Property page - {8FE7E181-BB96-11D2-A1CB-00609778EA66} - C:\WINDOWS\system32\msadds32.ax Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll Microsoft Office Data Source Control 11.0 - {0002E55B-0000-0000-C000-000000000046} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL Microsoft Office Free/Busy Registration - {f28d867a-ddb1-11d3-b8e8-00a0c981aeeb} - C:\PROGRA~1\MICROS~2\OFFICE11\MSOSVFBR.DLL Microsoft Office Outlook View Control - {0006F063-0000-0000-C000-000000000046} - C:\Program Files\Microsoft Office\OFFICE11\OUTLCTL.DLL Microsoft Office Record Navigation Control 11.0 - {0002E55C-0000-0000-C000-000000000046} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL Microsoft Office Spreadsheet 11.0 - {0002E559-0000-0000-C000-000000000046} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL Microsoft ProgressBar Control 6.0 (SP6) - {35053A22-8589-11D1-B16A-00C0F0283628} - C:\WINDOWS\system32\MSCOMCTL.OCX Microsoft Rich Textbox Control 6.0 (SP4) - {3B7C8860-D78F-101B-B9B5-04021C009402} - C:\WINDOWS\system32\RichTx32.ocx Microsoft Slider Control 6.0 (SP6) - {F08DF954-8592-11D1-B16A-00C0F0283628} - C:\WINDOWS\system32\MSCOMCTL.OCX Microsoft StatusBar Control 6.0 (SP6) - {8E3867A3-8586-11D1-B16A-00C0F0283628} - C:\WINDOWS\system32\MSCOMCTL.OCX Microsoft TabStrip Control 6.0 (SP6) - {1EFB6596-857C-11D1-B16A-00C0F0283628} - C:\WINDOWS\system32\MSCOMCTL.OCX Microsoft Toolbar Control 6.0 (SP6) - {66833FE6-8583-11D1-B16A-00C0F0283628} - C:\WINDOWS\system32\MSCOMCTL.OCX Microsoft TreeView Control 6.0 (SP6) - {9181DC5F-E07D-418A-ACA6-8EEA1ECB8E9E} - C:\WINDOWS\system32\MSCOMCTL.OCX Microsoft TreeView Control 6.0 (SP6) - {C74190B6-8589-11D1-B16A-00C0F0283628} - C:\WINDOWS\system32\MSCOMCTL.OCX Microsoft WBEM Event Subsystem - {5d08b586-343a-11d0-ad46-00c04fd8fdff} - C:\WINDOWS\system32\wbem\wbemess.dll MidiOut Class Manager - {4efe2452-168a-11d1-bc76-00c04fb9453b} - C:\WINDOWS\system32\devenum.dll MMStream Class - {49C47CE5-9BA4-11D0-8212-00C04FC32C45} - C:\WINDOWS\system32\amstream.dll Movie Maker Special Effect 1 Input - {B4DC8DD9-2CC1-4081-9B2B-20D7030234EF} - C:\Program Files\Movie Maker\wmm2fxa.dll Movie Maker Special Effect 2 Inputs - {C63344D8-70D3-4032-9B32-7A3CAD5091A5} - C:\Program Files\Movie Maker\wmm2fxa.dll Movie Maker Special Effect Inplace 1 Input - {353359C1-39E1-491b-9951-464FD8AB071C} - C:\Program Files\Movie Maker\wmm2fxa.dll Movie Maker Video Adjustments - {5A20FD6F-F8FE-4A22-9EE7-307D72D09E6E} - C:\Program Files\Movie Maker\wmm2fxa.dll MS TV Video Control - {B0EDF163-910A-11D2-B632-00C04F79498E} - C:\WINDOWS\system32\msvidctl.dll MS Video Control Closed Captioning Feature Segment - {7F9CB14D-48E4-43B6-9346-1AEBC39C64D3} - C:\WINDOWS\system32\msvidctl.dll MSP Class - {4DDB6D36-3BC1-11D2-86F2-006008B0E5D2} - C:\WINDOWS\system32\wavemsp.dll MTSEvents Class - {ecabb0ab-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll Multimedia File Property Sheet - {00022613-0000-0000-c000-000000000046} - mmsys.cpl NDFXArtEffects - {E673DCF2-C316-4C6F-AA96-4E4DC6DC291E} - C:\Program Files\Movie Maker\wmm2fxb.dll Network Connections - {7007acc7-3202-11d1-aad2-00805fc1270e} - C:\WINDOWS\system32\NETSHELL.dll Network Connections - {992cffa0-f557-101a-88ec-00dd010ccc48} - C:\WINDOWS\system32\NETSHELL.dll Network Connections Tray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} - C:\WINDOWS\system32\NETSHELL.dll Outlook Express Address Book - {233A9694-667E-11D1-9DFB-006097D50408} - %ProgramFiles%\Outlook Express\msoe.dll Outlook Progress Ctl - {0006F071-0000-0000-C000-000000000046} - C:\PROGRA~1\MICROS~2\OFFICE11\OUTLLIB.DLL Output Devices Collection Class - {C5702CCD-9B79-11D3-B654-00C04F79498E} - C:\WINDOWS\system32\msvidctl.dll PostBootReminder object - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll PSDispatch - {00020420-0000-0000-c000-000000000046} - oleaut32.dll PSEnumVariant - {00020421-0000-0000-C000-000000000046} - oleaut32.dll PSOAInterface - {00020424-0000-0000-c000-000000000046} - oleaut32.dll PSSupportErrorInfo - {DF0B3D60-548F-101B-8E65-08002B2BD119} - oleaut32.dll PSTypeComp - {00020425-0000-0000-C000-000000000046} - oleaut32.dll PSTypeInfo - {00020422-0000-0000-C000-000000000046} - oleaut32.dll PSTypeLib - {00020423-0000-0000-C000-000000000046} - oleaut32.dll Queued Components Recorder - {ecabafc2-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll Record Queue - {5B4B05EB-1F63-446B-AAD1-E10A34D650E0} - C:\Program Files\Movie Maker\wmm2filt.dll Redirect - {42B07B28-2280-4937-B035-0293FB812781} - C:\WINDOWS\system32\dxtmsft.dll RefEdit.Ctrl - {00024512-0000-0000-C000-000000000046} - C:\Program Files\Microsoft Office\OFFICE11\REFEDIT.DLL RegWizCtrl - {50E5E3D1-C07E-11D0-B9FD-00A0249F6B00} - C:\WINDOWS\system32\regwizc.dll SafeWia Class - {0DAD5531-BF31-43AC-A513-1F8926BBF5EC} - C:\WINDOWS\system32\wiascr.dll Script Encoder Object - {32DA2B15-CFED-11D1-B747-00C04FC2B085} - C:\WINDOWS\system32\scrrun.dll SdpConferenceBlob Class - {9B2719DD-B696-11D0-A489-00C04FD91AC0} - C:\WINDOWS\system32\sdpblb.dll Search Assistant Control - {47c6c527-6204-4f91-849d-66e234dee015} - c:\windows\srchasst\srchui.dll ShellFolder for CD Burning - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll Shockwave ActiveX Control - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\WINDOWS\system32\macromed\Director\SwDir.dll Shortcut - {00021401-0000-0000-c000-000000000046} - shell32.dll ShotDetect - {CFFB1FC7-270D-4986-B299-FECF3F0E42DB} - C:\Program Files\Movie Maker\wmm2filt.dll Spanish_Modern Stemmer Resources - {b0516ff0-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll SpSharedRecoContext Class - {47206204-5ECA-11D2-960F-00C04F8EE628} - C:\Program Files\Common Files\Microsoft Shared\Speech\sapi.dll SpSharedRecognizer Class - {3BEE4890-4FE9-4A37-8C1E-5E7E12791C1F} - C:\Program Files\Common Files\Microsoft Shared\Speech\sapi.dll Standard Audio Renderer Device Segment - {37B03544-A4C8-11D2-B634-00C04F79498E} - C:\WINDOWS\system32\msvidctl.dll Standard Video Renderer Device Segment - {37B03543-A4C8-11D2-B634-00C04F79498E} - C:\WINDOWS\system32\msvidctl.dll Start Menu - {4622ad11-ff23-11d0-8d34-00a0c90f2719} - C:\WINDOWS\system32\SHELL32.dll Stetch - {F44BB2D0-F070-463E-9433-B0CCF3CFD627} - C:\Program Files\Movie Maker\wmm2filt.dll Stream Buffer Recording Control Object - {CAAFDD83-CEFC-4E3D-BA03-175F17A24F91} - C:\WINDOWS\system32\msvidctl.dll Stream Buffer Sink Segment - {9E77AAC4-35E5-42A1-BDC2-8F3FF399847C} - C:\WINDOWS\system32\msvidctl.dll Stream Buffer Source - {AD8E510D-217F-409B-8076-29C5E73B98E8} - C:\WINDOWS\system32\msvidctl.dll Swedish_Default Stemmer Resources - {9478f640-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll System Monitor Source Properties - {0CF32AA1-7571-11D0-93C4-00AA00A3DDEA} - C:\WINDOWS\system32\sysmon.ocx SysTray - {35cec8a3-2be6-11d2-8773-92e220524153} - C:\WINDOWS\system32\stobject.dll SysTrayInvoker - {730f6cdc-2c86-11d2-8773-92e220524153} - C:\WINDOWS\system32\stobject.dll TipGW Init - {F117831B-C052-11d1-B1C0-00C04FC2F3EF} - C:\WINDOWS\system32\msdtctm.dll Toolbar Extension for Executable - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\WINDOWS\system32\shdocvw.dll Trident HTMLEditor - {3050f4f5-98b5-11cf-bb82-00aa00bdce0b} - C:\WINDOWS\system32\mshtml.dll Utility Object for Binding Events SubObjects in Script Variables - {577FAA18-4518-445E-8F70-1473F8CF4BA4} - C:\WINDOWS\system32\msvidctl.dll VFW Capture Class Manager - {860bb310-5d01-11d0-bd3b-00a0c911ce86} - C:\WINDOWS\system32\devenum.dll Video Effect (1 input) Class Manager - {cc7bfb42-f175-11d1-a392-00e0291f3959} - C:\WINDOWS\system32\qedit.dll Video Effect (2 input) Class Manager - {cc7bfb43-f175-11d1-a392-00e0291f3959} - C:\WINDOWS\system32\qedit.dll Video Mixing Renderer 9 - {51b4abf3-748f-4e3b-a276-c828330e926a} - C:\WINDOWS\system32\quartz.dll Video Render Dynamic Terminal - {AED6483E-3304-11D2-86F1-006008B0E5D2} - C:\WINDOWS\system32\termmgr.dll Video Renderers Collection Class - {C5702CCE-9B79-11D3-B654-00C04F79498E} - C:\WINDOWS\system32\msvidctl.dll VideoPort Object - {ce292861-fc88-11d0-9e69-00c04fd7c15b} - C:\WINDOWS\system32\qdvd.dll VMR Allocator Presenter 9 - {2d2e24cb-0cd5-458f-86ea-3e6fa22c8e64} - C:\WINDOWS\system32\quartz.dll VMR ImageSync 9 - {e4979309-7a32-495e-8a92-7b014aad4961} - C:\WINDOWS\system32\quartz.dll WaveIn Class Manager - {33D9A762-90C8-11d0-BD43-00A0C911CE86} - C:\WINDOWS\system32\devenum.dll WaveOut and DSound Class Manager - {e0f158e1-cb04-11d0-bd4e-00a0c911ce86} - C:\WINDOWS\system32\devenum.dll Wbem Scripting Object Path - {172BDDF8-CEEA-11D1-8B05-00600806D9B6} - C:\WINDOWS\system32\wbem\wbemdisp.dll WDM Instance Provider - {d2d588b5-d081-11d0-99e0-00c04fc2f8ec} - C:\WINDOWS\system32\wbem\wmiprov.dll WebDVD Adminitration class - {FA7C375B-66A7-4280-879D-FD459C84BB02} - C:\WINDOWS\system32\msvidctl.dll WebDVD Device Segment - {011B3619-FE63-4814-8A84-15A194CE9CE3} - C:\WINDOWS\system32\msvidctl.dll WIA FileSystem USD - {d2923b86-15f1-46ff-a19a-de825f919576} - C:\WINDOWS\system32\fsusd.dll WIA Video Preview Class - {457A23DF-6F2A-4684-91D0-317FB768D87C} - C:\WINDOWS\system32\camocx.dll Windows Media Video Decompressor Property page - {9AADA567-04E0-11D4-9148-00C04F610D24} - C:\WINDOWS\system32\wmv8ds32.ax Windows Script Host Shell Object - {72C24DD5-D70A-438B-8A42-98424B88AFB8} - C:\WINDOWS\system32\wshom.ocx Windows Script Host Shell Object - {F935DC22-1CF0-11D0-ADB9-00C04FD58A0B} - C:\WINDOWS\system32\wshom.ocx WM Color Converter Filter - {CC45B0B0-72D8-4652-AE5F-5E3E266BE7ED} - C:\Program Files\Movie Maker\wmm2filt.dll WM TV Out Smooth Picture Filter - {41D2B841-7692-4C83-AFD3-F60E845341AF} - C:\Program Files\Movie Maker\wmm2filt.dll WM VIH2 Fix - {586FB486-5560-4FF3-96DF-1118C96AF456} - C:\Program Files\Movie Maker\wmm2filt.dll WMI ADSI Extension - {f0975afe-5c7f-11d2-8b74-00104b2afb41} - C:\WINDOWS\system32\wbem\wbemads.dll WMT Audio Analyzer - {1CB1623E-BBEC-4E8D-B2DF-DC08C6F4627C} - C:\Program Files\Movie Maker\wmm2filt.dll WMT Black Frame Generator - {2EA10031-0033-450E-8072-E27D9E768142} - C:\Program Files\Movie Maker\wmm2filt.dll WMT DeInterlace Filter - {C8F209F8-480E-454C-94A4-5392D88EBA0F} - C:\Program Files\Movie Maker\wmm2filt.dll WMT DeInterlace Prop Page - {A2EDA89A-0966-4B91-9C18-AB69F098187F} - C:\Program Files\Movie Maker\wmm2filt.dll WMT DirectX Transform Wrapper - {AECF5D2E-7A18-4DD2-BDCD-29B6F615B448} - C:\Program Files\Movie Maker\wmm2filt.dll WMT DV Extract Filter - {E476CBFF-E229-4524-B6B7-228A3129D1C7} - C:\Program Files\Movie Maker\wmm2filt.dll WMT FormatConversion - {2D20D4BB-B47E-4FB7-83BD-E3C2EE250D26} - C:\Program Files\Movie Maker\wmm2filt.dll WMT FormatConversion Prop Page - {E188F7A3-A04E-413E-99D1-D79A45F70305} - C:\Program Files\Movie Maker\wmm2filt.dll WMT Import Filter - {4D4C9FEF-ED80-47EA-A3FA-3215FDBB33AB} - C:\Program Files\Movie Maker\wmm2filt.dll WMT Interlacer - {C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F} - C:\Program Files\Movie Maker\wmm2filt.dll WMT Log Filter - {92883667-E95C-443D-AC96-4CACA27BEB6E} - C:\Program Files\Movie Maker\wmm2filt.dll WMT MuxDeMux Filter - {01002B17-5D93-4551-81E4-831FEF780A53} - C:\Program Files\Movie Maker\wmm2filt.dll WMT Sample Info Filter - {7F1232EE-44D7-4494-AB8B-CC61B10E21A5} - C:\Program Files\Movie Maker\wmm2filt.dll WMT Screen capture Filter - {31087270-d348-432c-899e-2d2f38ff29a0} - C:\Program Files\Movie Maker\wmm2filt.dll WMT Screen Capture Filter Task Page - {679E132F-561B-42F8-846C-A70DBDC62999} - C:\Program Files\Movie Maker\wmm2filt.dll WMT Switch Filter - {EF105BC3-C064-45F1-AD53-6D8A8578D01B} - C:\Program Files\Movie Maker\wmm2filt.dll WMT Virtual Renderer - {930FD02C-BBE7-4EB9-91CF-FC45CC91E3E6} - C:\Program Files\Movie Maker\wmm2filt.dll WMT Virtual Source - {C44C65C7-FDF1-453D-89A5-BCC28F5D69F9} - C:\Program Files\Movie Maker\wmm2filt.dll WMT Volume - {EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C} - C:\Program Files\Movie Maker\wmm2filt.dll XDS Feature Segment - {0149EEDF-D08F-4142-8D73-D23903D21E90} - C:\WINDOWS\system32\msvidctl.dll XML Data Source Object 2.6 - {f5078f1f-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll XML Document 2.6 - {f5078f22-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll XML Document 2.6 - {f5078f28-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll XML DOM Document 2.6 - {f5078f1b-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll XML HTTP 2.6 - {f5078f1e-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll XML Moniker 2.6 - {f5078f29-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll XML Parser 2.6 - {f5078f20-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll XML Schema Cache 2.6 - {f5078f1d-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll XSL Template 2.6 - {f5078f21-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll [Zones] * This user * - Restricted sites (94) 157.238.62.14 193.125.201.50 194.187.45.55 194.187.45.55 195.225.*.* 195.255.177.28 195.95.*.* 202.67.220.248 205.177.*.* 205.188.*.* 205.209.152.121 205.209.178.251 205.209.179.37 206.161.124.98 206.161.207.102 207.226.162.34 207.226.164.171 207.226.164.195 208.64.26.150 209.66.114.130 209.66.122.203 213.131.225.2 213.21.215.186 216.152.240.10 216.152.240.13 216.152.240.14 216.152.240.16 216.195.*.* 216.195.44.106 216.239.*.* 216.255.179.234 216.65.3.68 221.130.176.199 222.208.183.14 24.244.71.239 59.36.96.132 61.129.75.124 62.4.84.172 62.4.84.173 62.4.84.215 62.93.229.216 64.111.210.10 64.124.222.176 64.124.84.191 64.28.184.5 64.62.171.141 65.19.154.90 65.75.151.192 66.117.14.138 66.117.37.7 66.197.100.83 66.197.138.235 66.230.*.* 66.230.138.44 66.230.175.129 66.235.*.* 66.246.209.224 66.246.209.225 66.250.107.100 66.250.107.101 66.250.107.99 66.250.130.194 66.250.170.107 66.250.57.26 66.250.57.27 66.250.57.28 66.250.74.150 66.40.16.198 69.31.*.* 69.31.*.* 69.31.131.82 69.31.81.82 69.50.*.* 69.50.171.122 70.84.*.* 81.177.3.175 81.9.3.* 81.95.146.147 81.95.146.186 81.95.146.204 81.95.146.206 81.95.147.107 81.95.148.188 82.146.60.36 82.179.*.* 82.179.*.* 82.179.170.11 82.179.170.82 82.98.235.57 82.98.235.61 85.249.22.240 85.255.*.* 85.255.117.157 85.255.117.243 * All users * - Restricted sites (77) 157.238.62.14 193.125.201.50 194.187.45.55 195.255.177.28 202.67.220.248 205.209.152.121 205.209.178.251 205.209.179.37 206.161.124.98 206.161.207.102 207.226.162.34 207.226.164.171 207.226.164.195 208.64.26.150 209.66.114.130 209.66.122.203 213.131.225.2 213.21.215.186 216.152.240.10 216.152.240.13 216.152.240.14 216.152.240.16 216.195.44.106 216.255.179.234 216.65.3.68 221.130.176.199 222.208.183.14 24.244.71.239 59.36.96.132 61.129.75.124 62.4.84.172 62.4.84.173 62.4.84.215 62.93.229.216 64.111.210.10 64.124.222.176 64.124.84.191 64.28.184.5 64.62.171.141 65.19.154.90 65.75.151.192 66.117.14.138 66.117.37.7 66.197.100.83 66.197.138.235 66.230.138.44 66.230.175.129 66.246.209.224 66.246.209.225 66.250.107.100 66.250.107.101 66.250.107.99 66.250.130.194 66.250.170.107 66.250.57.26 66.250.57.27 66.250.57.28 66.250.74.150 66.40.16.198 69.31.131.82 69.31.81.82 69.50.171.122 81.177.3.175 81.95.146.147 81.95.146.186 81.95.146.204 81.95.146.206 81.95.147.107 81.95.148.188 82.146.60.36 82.179.170.11 82.179.170.82 82.98.235.57 82.98.235.61 85.249.22.240 85.255.117.157 85.255.117.243 [MSConfig XP (3)] FaxCenterServer = "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s msnmsgr = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Stopped/disabled NT Services] * Stopped (44) * .NET Runtime Optimization Service v2.0.50727_X86 = c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe Application Layer Gateway Service = C:\WINDOWS\System32\alg.exe ASP.NET State Service = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe COM+ Event System = C:\WINDOWS\system32\svchost.exe -k netsvcs COM+ System Application = C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Distributed Transaction Coordinator = C:\WINDOWS\system32\msdtc.exe Fast User Switching Compatibility = C:\WINDOWS\System32\svchost.exe -k netsvcs Google Update Service (gupdatem) = "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc HTTP SSL = C:\WINDOWS\System32\svchost.exe -k HTTPFilter IMAPI CD-Burning COM Service = C:\WINDOWS\system32\imapi.exe Indexing Service = C:\WINDOWS\system32\cisvc.exe InstallDriver Table Manager = "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" Logical Disk Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs Logical Disk Manager Administrative Service = C:\WINDOWS\System32\dmadmin.exe /com lxcg_device = C:\WINDOWS\system32\lxcgcoms.exe -service Mozilla Maintenance Service = "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" MS Software Shadow Copy Provider = C:\WINDOWS\system32\dllhost.exe /Processid:{63C33B1B-E9A2-4399-8C21-F59FA31488FA} Net Logon = C:\WINDOWS\system32\lsass.exe NetMeeting Remote Desktop Sharing = C:\WINDOWS\system32\mnmsrvc.exe Network Connections = C:\WINDOWS\System32\svchost.exe -k netsvcs Network Location Awareness (NLA) = C:\WINDOWS\system32\svchost.exe -k netsvcs Network Provisioning Service = C:\WINDOWS\System32\svchost.exe -k netsvcs NT LM Security Support Provider = C:\WINDOWS\system32\lsass.exe Office Source Engine = "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" Performance Logs and Alerts = C:\WINDOWS\system32\smlogsvc.exe Portable Media Serial Number Service = C:\WINDOWS\System32\svchost.exe -k netsvcs QoS RSVP = C:\WINDOWS\system32\rsvp.exe Remote Access Auto Connection Manager = C:\WINDOWS\system32\svchost.exe -k netsvcs Remote Access Connection Manager = C:\WINDOWS\system32\svchost.exe -k netsvcs Remote Desktop Help Session Manager = C:\WINDOWS\system32\sessmgr.exe Remote Procedure Call (RPC) Locator = C:\WINDOWS\system32\locator.exe Removable Storage = C:\WINDOWS\system32\svchost.exe -k netsvcs Smart Card = C:\WINDOWS\System32\SCardSvr.exe SSDP Discovery Service = C:\WINDOWS\system32\svchost.exe -k LocalService Telephony = C:\WINDOWS\System32\svchost.exe -k netsvcs Terminal Services = C:\WINDOWS\System32\svchost -k DComLaunch Uninterruptible Power Supply = C:\WINDOWS\System32\ups.exe Universal Plug and Play Device Host = C:\WINDOWS\system32\svchost.exe -k LocalService Volume Shadow Copy = C:\WINDOWS\System32\vssvc.exe Windows CardSpace = "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" Windows Installer = C:\WINDOWS\system32\msiexec.exe /V Windows Media Player Network Sharing Service = "C:\Program Files\Windows Media Player\WMPNetwk.exe" Windows Presentation Foundation Font Cache 3.0.0.0 = c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe WMI Performance Adapter = C:\WINDOWS\system32\wbem\wmiapsrv.exe * Stopped & disabled (12) * Adobe Flash Player Update Service = C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Alerter = C:\WINDOWS\system32\svchost.exe -k LocalService Background Intelligent Transfer Service = C:\WINDOWS\system32\svchost.exe -k netsvcs ClipBook = C:\WINDOWS\system32\clipsrv.exe Error Reporting Service = C:\WINDOWS\System32\svchost.exe -k netsvcs Fax = C:\WINDOWS\system32\fxssvc.exe getPlus(R) Helper = C:\WINDOWS\System32\svchost.exe -k getPlusHelper Messenger = C:\WINDOWS\system32\svchost.exe -k netsvcs Net.Tcp Port Sharing Service = "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" Network DDE = C:\WINDOWS\system32\netdde.exe Network DDE DSDM = C:\WINDOWS\system32\netdde.exe Routing and Remote Access = C:\WINDOWS\system32\svchost.exe -k netsvcs [Windows XP Security] * Security Center * - This user FirstRun = dword: 1 - All users FirstRunDisabled = dword: 1 AntiVirusDisableNotify = dword: 0 FirewallDisableNotify = dword: 0 UpdatesDisableNotify = dword: 0 AntiVirusOverride = dword: 0 FirewallOverride = dword: 0 * System Restore * - All users DisableSR = dword: 0 CreateFirstRunRp = dword: 1 DSMin = dword: 200 DSMax = dword: 400 RPSessionInterval = dword: 0 RPGlobalInterval = dword: 86400 RPLifeInterval = dword: 7776000 CompressionBurst = dword: 60 TimerInterval = dword: 120 DiskPercent = dword: 12 ThawInterval = dword: 900 RestoreDiskSpaceError = dword: 0 RestoreStatus = dword: 0 RestoreSafeModeStatus = dword: 0 ================================================== = Other users on this computer: Default user = ================================================== -------------------- Autostart folders: [Startup] desktop.ini [User Startup] desktop.ini -------------------- IniMapping values: User screensaver = logon.scr -------------------- Policies: [Alternate policies] * Software\Microsoft\Windows\CurrentVersion\policies\Explorer (2) * NoDriveTypeAutoRun = dword: 145 CDRAutoRun = dword: 0 -------------------- Internet Explorer toolbars: [WebBrowser (2)] &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll -------------------- Internet Explorer menu extensions (6): &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html -------------------- Registry 'Run' keys: [User RunOnce] RunNarrator = Narrator.exe -------------------- Hijack points: [Internet Explorer URLs] * Internet Explorer\Main (2) * Search Bar = http://www.google.com/ie Search Page = http://www.google.com * Internet Explorer\SearchURL (1) * (Default) = http://www.google.com/keyword/%s -------------------- Protection & disabled items: [Zones] * Restricted sites (95) * 157.238.62.14 193.125.201.50 194.187.45.55 194.187.45.55 195.225.*.* 195.255.177.28 195.95.*.* 202.67.220.248 205.177.*.* 205.188.*.* 205.209.152.121 205.209.178.251 205.209.179.37 206.161.124.98 206.161.207.102 207.226.162.34 207.226.164.171 207.226.164.195 208.64.26.150 209.66.114.130 209.66.122.203 213.131.225.2 213.21.215.186 216.152.240.10 216.152.240.13 216.152.240.14 216.152.240.16 216.195.*.* 216.195.44.106 216.239.*.* 216.255.179.234 216.65.3.68 221.130.176.199 222.208.183.14 24.244.71.239 59.36.96.132 61.129.75.124 62.4.84.172 62.4.84.173 62.4.84.215 62.93.229.216 64.111.210.10 64.124.222.176 64.124.84.191 64.28.184.5 64.62.171.141 65.19.154.90 65.75.151.192 66.117.14.138 66.117.37.7 66.197.100.83 66.197.138.235 66.230.*.* 66.230.138.44 66.230.175.129 66.235.*.* 66.246.209.224 66.246.209.225 66.250.107.100 66.250.107.101 66.250.107.99 66.250.130.194 66.250.170.107 66.250.57.26 66.250.57.27 66.250.57.28 66.250.74.150 66.40.16.198 69.31.*.* 69.31.*.* 69.31.131.82 69.31.81.82 69.50.*.* 69.50.171.122 70.84.*.* 81.177.3.175 81.9.3.* 81.95.146.147 81.95.146.186 81.95.146.204 81.95.146.204 81.95.146.206 81.95.147.107 81.95.148.188 82.146.60.36 82.179.*.* 82.179.*.* 82.179.170.11 82.179.170.82 82.98.235.57 82.98.235.61 85.249.22.240 85.255.*.* 85.255.117.157 85.255.117.243 ================================================== = Other users on this computer: LOCAL SERVICE = ================================================== -------------------- Autostart folders: [User Startup] desktop.ini -------------------- IniMapping values: User screensaver = C:\WINDOWS\System32\logon.scr -------------------- Policies: [Alternate policies] * Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) * NoDriveTypeAutoRun = dword: 145 -------------------- Hijack points: [Internet Explorer URLs] * Internet Explorer\Main (1) * Search Bar = http://www.google.com/ie -------------------- Protection & disabled items: [Zones] * Restricted sites (79) * 157.238.62.14 193.125.201.50 194.187.45.55 194.187.45.55 195.225.*.* 195.95.*.* 202.67.220.248 205.177.*.* 205.188.*.* 205.209.152.121 205.209.178.251 205.209.179.37 206.161.124.98 206.161.207.102 207.226.162.34 207.226.164.171 207.226.164.195 208.64.26.150 209.66.114.130 209.66.122.203 213.131.225.2 213.21.215.186 216.195.*.* 216.195.44.106 216.239.*.* 216.255.179.234 221.130.176.199 222.208.183.14 24.244.71.239 59.36.96.132 61.129.75.124 62.4.84.172 62.4.84.173 62.4.84.215 62.93.229.216 64.111.210.10 64.124.222.176 64.124.84.191 64.28.184.5 64.62.171.141 65.19.154.90 65.75.151.192 66.117.14.138 66.197.100.83 66.230.*.* 66.230.138.44 66.235.*.* 66.246.209.224 66.246.209.225 66.250.107.100 66.250.107.101 66.250.107.99 66.250.130.194 66.250.170.107 69.31.*.* 69.31.*.* 69.31.131.82 69.31.81.82 69.50.*.* 69.50.171.122 70.84.*.* 81.177.3.175 81.9.3.* 81.95.146.147 81.95.146.186 81.95.146.204 81.95.146.206 81.95.147.107 81.95.148.188 82.146.60.36 82.179.*.* 82.179.*.* 82.179.170.82 82.98.235.57 82.98.235.61 85.249.22.240 85.255.*.* 85.255.117.157 85.255.117.243 ================================================== = Other users on this computer: NETWORK SERVICE = ================================================== -------------------- Autostart folders: [User Startup] desktop.ini -------------------- IniMapping values: User screensaver = C:\WINDOWS\System32\logon.scr -------------------- Policies: [Alternate policies] * Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) * NoDriveTypeAutoRun = dword: 145 -------------------- Hijack points: [Internet Explorer URLs] * Internet Explorer\Main (1) * Search Bar = http://www.google.com/ie -------------------- Protection & disabled items: [Zones] * Restricted sites (94) * 157.238.62.14 193.125.201.50 194.187.45.55 194.187.45.55 195.225.*.* 195.255.177.28 195.95.*.* 202.67.220.248 205.177.*.* 205.188.*.* 205.209.152.121 205.209.178.251 205.209.179.37 206.161.124.98 206.161.207.102 207.226.162.34 207.226.164.171 207.226.164.195 208.64.26.150 209.66.114.130 209.66.122.203 213.131.225.2 213.21.215.186 216.152.240.10 216.152.240.13 216.152.240.14 216.152.240.16 216.195.*.* 216.195.44.106 216.239.*.* 216.255.179.234 216.65.3.68 221.130.176.199 222.208.183.14 24.244.71.239 59.36.96.132 61.129.75.124 62.4.84.172 62.4.84.173 62.4.84.215 62.93.229.216 64.111.210.10 64.124.222.176 64.124.84.191 64.28.184.5 64.62.171.141 65.19.154.90 65.75.151.192 66.117.14.138 66.117.37.7 66.197.100.83 66.197.138.235 66.230.*.* 66.230.138.44 66.230.175.129 66.235.*.* 66.246.209.224 66.246.209.225 66.250.107.100 66.250.107.101 66.250.107.99 66.250.130.194 66.250.170.107 66.250.57.26 66.250.57.27 66.250.57.28 66.250.74.150 66.40.16.198 69.31.*.* 69.31.*.* 69.31.131.82 69.31.81.82 69.50.*.* 69.50.171.122 70.84.*.* 81.177.3.175 81.9.3.* 81.95.146.147 81.95.146.186 81.95.146.204 81.95.146.206 81.95.147.107 81.95.148.188 82.146.60.36 82.179.*.* 82.179.*.* 82.179.170.11 82.179.170.82 82.98.235.57 82.98.235.61 85.249.22.240 85.255.*.* 85.255.117.157 85.255.117.243 ================================================== = Other users on this computer: SYSTEM = ================================================== -------------------- Autostart folders: [Startup] desktop.ini [User Startup] desktop.ini -------------------- IniMapping values: User screensaver = logon.scr -------------------- Policies: [Alternate policies] * Software\Microsoft\Windows\CurrentVersion\policies\Explorer (2) * NoDriveTypeAutoRun = dword: 145 CDRAutoRun = dword: 0 -------------------- Internet Explorer toolbars: [WebBrowser (2)] &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll -------------------- Internet Explorer menu extensions (6): &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html -------------------- Registry 'Run' keys: [User RunOnce] RunNarrator = Narrator.exe -------------------- Hijack points: [Internet Explorer URLs] * Internet Explorer\Main (2) * Search Bar = http://www.google.com/ie Search Page = http://www.google.com * Internet Explorer\SearchURL (1) * (Default) = http://www.google.com/keyword/%s -------------------- Protection & disabled items: [Zones] * Restricted sites (95) * 157.238.62.14 193.125.201.50 194.187.45.55 194.187.45.55 195.225.*.* 195.255.177.28 195.95.*.* 202.67.220.248 205.177.*.* 205.188.*.* 205.209.152.121 205.209.178.251 205.209.179.37 206.161.124.98 206.161.207.102 207.226.162.34 207.226.164.171 207.226.164.195 208.64.26.150 209.66.114.130 209.66.122.203 213.131.225.2 213.21.215.186 216.152.240.10 216.152.240.13 216.152.240.14 216.152.240.16 216.195.*.* 216.195.44.106 216.239.*.* 216.255.179.234 216.65.3.68 221.130.176.199 222.208.183.14 24.244.71.239 59.36.96.132 61.129.75.124 62.4.84.172 62.4.84.173 62.4.84.215 62.93.229.216 64.111.210.10 64.124.222.176 64.124.84.191 64.28.184.5 64.62.171.141 65.19.154.90 65.75.151.192 66.117.14.138 66.117.37.7 66.197.100.83 66.197.138.235 66.230.*.* 66.230.138.44 66.230.175.129 66.235.*.* 66.246.209.224 66.246.209.225 66.250.107.100 66.250.107.101 66.250.107.99 66.250.130.194 66.250.170.107 66.250.57.26 66.250.57.27 66.250.57.28 66.250.74.150 66.40.16.198 69.31.*.* 69.31.*.* 69.31.131.82 69.31.81.82 69.50.*.* 69.50.171.122 70.84.*.* 81.177.3.175 81.9.3.* 81.95.146.147 81.95.146.186 81.95.146.204 81.95.146.204 81.95.146.206 81.95.147.107 81.95.148.188 82.146.60.36 82.179.*.* 82.179.*.* 82.179.170.11 82.179.170.82 82.98.235.57 82.98.235.61 85.249.22.240 85.255.*.* 85.255.117.157 85.255.117.243 ================================================== = Other hardware configurations: Last known good = ================================================== -------------------- On-reboot actions: BootExecute = autocheck autochk * -------------------- Services: [NT Services (42)] AOL Connectivity Service = "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" AOL TopSpeed Monitor = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe Automatic Updates = C:\WINDOWS\system32\svchost.exe -k netsvcs AVG WatchDog = "C:\Program Files\AVG\AVG2013\avgwdsvc.exe" AVGIDSAgent = "C:\Program Files\AVG\AVG2013\avgidsagent.exe" Computer Browser = C:\WINDOWS\system32\svchost.exe -k netsvcs Cryptographic Services = C:\WINDOWS\system32\svchost.exe -k netsvcs DCOM Server Process Launcher = C:\WINDOWS\system32\svchost -k DcomLaunch DHCP Client = C:\WINDOWS\system32\svchost.exe -k netsvcs Distributed Link Tracking Client = C:\WINDOWS\system32\svchost.exe -k netsvcs DNS Client = C:\WINDOWS\system32\svchost.exe -k NetworkService Event Log = C:\WINDOWS\system32\services.exe Google Update Service (gupdate) = "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc Help and Support = C:\WINDOWS\System32\svchost.exe -k netsvcs HID Input Service = C:\WINDOWS\System32\svchost.exe -k netsvcs IPSEC Services = C:\WINDOWS\system32\lsass.exe Java Quick Starter = "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" MSCamSvc = "C:\Program Files\Microsoft LifeCam\MSCamS32.exe" Plug and Play = C:\WINDOWS\system32\services.exe Print Spooler = C:\WINDOWS\system32\spoolsv.exe Protected Storage = C:\WINDOWS\system32\lsass.exe Remote Procedure Call (RPC) = C:\WINDOWS\system32\svchost -k rpcss Secondary Logon = C:\WINDOWS\System32\svchost.exe -k netsvcs Security Accounts Manager = C:\WINDOWS\system32\lsass.exe Security Center = C:\WINDOWS\System32\svchost.exe -k netsvcs Server = C:\WINDOWS\system32\svchost.exe -k netsvcs Shell Hardware Detection = C:\WINDOWS\System32\svchost.exe -k netsvcs System Event Notification = C:\WINDOWS\system32\svchost.exe -k netsvcs System Restore Service = C:\WINDOWS\system32\svchost.exe -k netsvcs Task Scheduler = C:\WINDOWS\System32\svchost.exe -k netsvcs TCP/IP NetBIOS Helper = C:\WINDOWS\system32\svchost.exe -k LocalService Themes = C:\WINDOWS\System32\svchost.exe -k netsvcs Upload Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs WebClient = C:\WINDOWS\system32\svchost.exe -k LocalService Windows Audio = C:\WINDOWS\System32\svchost.exe -k netsvcs Windows Driver Foundation - User-mode Driver Framework = C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup Windows Firewall/Internet Connection Sharing (ICS) = C:\WINDOWS\system32\svchost.exe -k netsvcs Windows Image Acquisition (WIA) = C:\WINDOWS\system32\svchost.exe -k imgsvc Windows Management Instrumentation = C:\WINDOWS\system32\svchost.exe -k netsvcs Windows Time = C:\WINDOWS\System32\svchost.exe -k netsvcs Wireless Zero Configuration = C:\WINDOWS\System32\svchost.exe -k netsvcs Workstation = C:\WINDOWS\system32\svchost.exe -k netsvcs [SafeBoot services (Minimal boot)] * CD-ROM Drive * {4D36E965-E325-11CE-BFC1-08002BE10318} * DiskDrive * {4D36E967-E325-11CE-BFC1-08002BE10318} * Driver * AVG Anti-Spyware Driver dmboot.sys dmio.sys dmload.sys sermouse.sys vga.sys vgasave.sys * Driver Group * Base Boot Bus Extender Boot file system File system Filter PCI Configuration PNP Filter Primary disk SCSI Class System Bus Extender * Floppy disk drive * {4D36E980-E325-11CE-BFC1-08002BE10318} * FSFilter System Recovery * sr.sys * Hdc * {4D36E96A-E325-11CE-BFC1-08002BE10318} * Human Interface Devices * {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} * Keyboard * {4D36E96B-E325-11CE-BFC1-08002BE10318} * Mouse * {4D36E96F-E325-11CE-BFC1-08002BE10318} * PCMCIA Adapters * {4D36E977-E325-11CE-BFC1-08002BE10318} * SCSIAdapter * {4D36E97B-E325-11CE-BFC1-08002BE10318} * Service * AppMgmt AVG Anti-Spyware Guard CryptSvc DcomLaunch dmadmin dmserver EventLog HelpSvc Netlogon PlugPlay RpcSs SRService vds WinMgmt * Standard floppy disk controller * {4D36E969-E325-11CE-BFC1-08002BE10318} * System * {4D36E97D-E325-11CE-BFC1-08002BE10318} * Universal Serial Bus controllers * {36FC9E60-C465-11CF-8056-444553540000} * Volume * {71A27CDD-812A-11D0-BEC7-08002BE2092F} * Volume shadow copy * {533C5B84-EC70-11D2-9505-00C04F79DEAF} [SafeBoot services (Minimal boot + network support)] * CD-ROM Drive * {4D36E965-E325-11CE-BFC1-08002BE10318} * DiskDrive * {4D36E967-E325-11CE-BFC1-08002BE10318} * Driver * AVG Anti-Spyware Driver dmboot.sys dmio.sys dmload.sys ip6fw.sys ipnat.sys rdpcdd.sys rdpdd.sys rdpwd.sys sermouse.sys tdpipe.sys tdtcp.sys vga.sys vgasave.sys * Driver Group * Base Boot Bus Extender Boot file system File system Filter NDIS NDIS Wrapper NetBIOSGroup NetDDEGroup Network NetworkProvider PCI Configuration PNP Filter PNP_TDI Primary disk SCSI Class Streams Drivers System Bus Extender TDI * Floppy disk drive * {4D36E980-E325-11CE-BFC1-08002BE10318} * FSFilter System Recovery * sr.sys * Hdc * {4D36E96A-E325-11CE-BFC1-08002BE10318} * Human Interface Devices * {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} * Keyboard * {4D36E96B-E325-11CE-BFC1-08002BE10318} * Mouse * {4D36E96F-E325-11CE-BFC1-08002BE10318} * Net * {4D36E972-E325-11CE-BFC1-08002BE10318} * NetClient * {4D36E973-E325-11CE-BFC1-08002BE10318} * NetService * {4D36E974-E325-11CE-BFC1-08002BE10318} * NetTrans * {4D36E975-E325-11CE-BFC1-08002BE10318} * PCMCIA Adapters * {4D36E977-E325-11CE-BFC1-08002BE10318} * SCSIAdapter * {4D36E97B-E325-11CE-BFC1-08002BE10318} * Service * AFD AppMgmt AVG Anti-Spyware Guard Browser CryptSvc DcomLaunch Dhcp dmadmin dmserver DnsCache EventLog HelpSvc LanmanServer LanmanWorkstation LmHosts Messenger Ndisuio NetBIOS NetBT Netlogon NetMan NtLmSsp PlugPlay rdsessmgr RpcSs SharedAccess SRService Tcpip termservice vsmon WinMgmt WZCSVC * Standard floppy disk controller * {4D36E969-E325-11CE-BFC1-08002BE10318} * System * {4D36E97D-E325-11CE-BFC1-08002BE10318} * Universal Serial Bus controllers * {36FC9E60-C465-11CF-8056-444553540000} * Volume * {71A27CDD-812A-11D0-BEC7-08002BE2092F} [SafeBoot: Alternate shell] cmd.exe (not enabled) -------------------- Driver filters: [Class filters] * Infrared devices * - Upper filters IRENUM.sys * Medium Changers * - Upper filters GEARAspiWDM.sys * Storage volumes * - Upper filters VolSnap.sys * Tape drives * - Upper filters GEARAspiWDM.sys [Device filters] * CD-ROM Drive * - Upper filters redbook.sys - Lower filters imapi.sys * Communications Port * - Upper filters serenum.sys * Direct Parallel * - Lower filters PtiLink.sys * Microsoft LifeCam VX-5000 * - Lower filters MSHUSBVideo.sys * Microsoft LifeCam VX-5000 * - Lower filters MSHUSBVideo.sys * SoftV92 Data Fax Modem with SmartCP * - Lower filters HSFHWBS2.sys HSF_DP.sys winachsf.sys * Terminal Server Keyboard Driver * - Upper filters kbdclass.sys * Terminal Server Mouse Driver * - Upper filters mouclass.sys * USB Mass Storage Device * - Lower filters Sunkfilt.sys * WAN Miniport (IP) * - Lower filters NdisTapi.sys * WAN Miniport (PPPOE) * - Lower filters NdisTapi.sys * WAN Miniport (PPTP) * - Lower filters NdisTapi.sys -------------------- Print monitors (9): 2300 Series Port - lxcglmpm.DLL BJ Language Monitor - cnbjmon.dll Lexmark Print-2-Fax Port - LXPRMON.DLL Local Port - localspl.dll Microsoft Document Imaging Writer Monitor - mdimon.dll Microsoft Shared Fax Monitor - FXSMON.DLL PJL Language Monitor - pjlmon.dll Standard TCP/IP Port - tcpmon.dll USB Monitor - usbmon.dll -------------------- WOW compatibility: cmdline = C:\WINDOWS\system32\ntvdm.exe wowcmdline = C:\WINDOWS\system32\ntvdm.exe -a C:\WINDOWS\system32\krnl386 [KnownDlls (16-bit) (40)] avicap.dll avifile.dll comm.drv commdlg.dll compobj.dll ctl3dv2.dll ddeml.dll keyboard.drv lanman.drv mapi.dll mciavi.drv mciseq.drv mciwave.drv mmsystem.dll mouse.drv msacm.dll msvideo.dll netapi.dll ole2.dll ole2disp.dll ole2nls.dll olecli.dll olesvr.dll pmspl.dll progman.exe rasapi16.dll shell.dll sound.drv storage.dll system.drv timer.drv toolhelp.dll typelib.dll vga.drv wfwnet.drv win87em.dll winoldap.mod winsock.dll winspool.exe wowdeb.exe [KnownDlls (32-bit) (20)] advapi32.dll comdlg32.dll gdi32.dll imagehlp.dll kernel32.dll lz32.dll ole32.dll oleaut32.dll olecli32.dll olecnv32.dll olesvr32.dll olethk32.dll rpcrt4.dll shell32.dll url.dll urlmon.dll user32.dll version.dll wininet.dll wldap32.dll -------------------------------------------------- End of report, 171,359 bytes Commandline options: /showempty - Show empty sections /showcmts - Show comments in .bat files /noshowclsids - Hide class IDs /noshowprivate - Hide usernames and computer name /noshowusers - Hide entries from other users /noshowhardware - Hide entries from other hardware configurations /showlargehosts - Show hosts file even when more than 1000 lines are in it /showlargezones - Show Zones even when more than 1000 domains are in them /autosave - Run hidden, automatically save a report and quit /autosavepath: - Specify where to save log, when using /autosave. Use surrounding quotes for paths with spaces.