S\System32\wbem\framedyn.dll
C:\WINDOWS\System32\wbem\wbemcomn.dll
C:\WINDOWS\System32\wbem\wbemprox.dll
C:\WINDOWS\System32\wbem\wbemsvc.dll
C:\WINDOWS\System32\wbem\wmiutils.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[C:\WINDOWS\system32\wdfmgr.exe (20)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\WINTRUST.dll
[C:\WINDOWS\system32\winlogon.exe (70)]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\Ati2evxx.dll
C:\WINDOWS\system32\AUTHZ.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\cscdll.dll
C:\WINDOWS\system32\cscui.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\midimap.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSGINA.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NDdeApi.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ODBC32.dll
C:\WINDOWS\system32\odbcint.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PROFMAP.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\REGAPI.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\sfc.dll
C:\WINDOWS\system32\sfc_os.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SHSVCS.dll
C:\WINDOWS\system32\sxs.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\wdmaud.drv
C:\WINDOWS\system32\WgaLogon.dll
C:\WINDOWS\system32\WINHTTP.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSCARD.DLL
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WlNotify.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WTSAPI32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[C:\WINDOWS\TEMP\FAAE55.EXE (21)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll
--------------------
Autostart folders:
[Startup (1)]
desktop.ini
[User Startup (1)]
desktop.ini
[Common Startup (2)]
Bluetooth Manager.lnk
desktop.ini
[User Common Startup (2)]
Bluetooth Manager.lnk
desktop.ini
--------------------
IniMapping values:
System NT shell = Explorer.exe
User screensaver = C:\WINDOWS\System32\ssbezier.scr
--------------------
Autostarting batch files:
[autoexec.nt]
@echo off
lh %SystemRoot%\system32\mscdexnt.exe
lh %SystemRoot%\system32\redir
lh %SystemRoot%\system32\dosx
SET BLASTER=A220 I5 D1 P330 T3
[config.nt]
dos=high, umb
device=%SystemRoot%\system32\himem.sys
files=40
--------------------
On-reboot actions:
[Wininit.ini]
[Rename]
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=C:\DOCUME~1\PGRATZ~1\LOCALS~1\Temp\VIES6808
BootExecute = autocheck autochk *
--------------------
Shell commands:
.bat - MS-DOS Batch File - "%1" %*
.cmd - Windows NT Command Script - "%1" %*
.com - MS-DOS Application - "%1" %*
.exe - Application - "%1" %*
.hta - HTML Application - C:\WINDOWS\System32\mshta.exe "%1" %*
.js - JScript Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.jse - JScript Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.pif - Shortcut to MS-DOS Program - "%1" %*
.scr - Screen Saver - "%1" /S
.txt - Text Document - C:\WINDOWS\system32\NOTEPAD.EXE %1
.vbe - VBScript Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.vbs - VBScript Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.wsf - Windows Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.wsh - Windows Script Host Settings File - C:\WINDOWS\System32\WScript.exe "%1" %*
--------------------
Services:
[NT Services (53)]
Ati HotKey Poller = C:\WINDOWS\system32\Ati2evxx.exe
Automatic Updates = C:\WINDOWS\System32\svchost.exe -k netsvcs
Bluetooth Support Service = C:\WINDOWS\system32\svchost.exe -k bthsvcs
Computer Browser = C:\WINDOWS\System32\svchost.exe -k netsvcs
Cryptographic Services = C:\WINDOWS\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher = C:\WINDOWS\system32\svchost -k DcomLaunch
DHCP Client = C:\WINDOWS\System32\svchost.exe -k netsvcs
Distributed Link Tracking Client = C:\WINDOWS\system32\svchost.exe -k netsvcs
DNS Client = C:\WINDOWS\System32\svchost.exe -k NetworkService
Error Reporting Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
Event Log = C:\WINDOWS\system32\services.exe
EvtEng = C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
Help and Support = C:\WINDOWS\System32\svchost.exe -k netsvcs
HID Input Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
IIS Admin = C:\WINDOWS\system32\inetsrv\inetinfo.exe
Indexing Service = C:\WINDOWS\System32\cisvc.exe
IPSEC Services = C:\WINDOWS\System32\lsass.exe
Logical Disk Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs
Machine Debug Manager = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
Net Logon = C:\WINDOWS\System32\lsass.exe
OfficeScanNT Listener = C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
OfficeScanNT Personal Firewall = C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
OfficeScanNT RealTime Scan = C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
PC Tools Spyware Doctor = C:\Program Files\Spyware Doctor\sdhelp.exe
Plug and Play = C:\WINDOWS\system32\services.exe
Print Spooler = C:\WINDOWS\system32\spoolsv.exe
Protected Storage = C:\WINDOWS\system32\lsass.exe
RegSrvc = C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
Remote Procedure Call (RPC) = C:\WINDOWS\system32\svchost -k rpcss
Remote Registry = C:\WINDOWS\system32\svchost.exe -k LocalService
Secondary Logon = C:\WINDOWS\System32\svchost.exe -k netsvcs
Security Accounts Manager = C:\WINDOWS\system32\lsass.exe
Security Center = C:\WINDOWS\System32\svchost.exe -k netsvcs
Server = C:\WINDOWS\System32\svchost.exe -k netsvcs
Shell Hardware Detection = C:\WINDOWS\System32\svchost.exe -k netsvcs
Simple Mail Transfer Protocol (SMTP) = C:\WINDOWS\system32\inetsrv\inetinfo.exe
Spectrum24 Event Monitor = C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
System Event Notification = C:\WINDOWS\system32\svchost.exe -k netsvcs
System Restore Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
Task Scheduler = C:\WINDOWS\System32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper = C:\WINDOWS\System32\svchost.exe -k LocalService
Themes = C:\WINDOWS\System32\svchost.exe -k netsvcs
WebClient = C:\WINDOWS\System32\svchost.exe -k LocalService
Windows Audio = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Firewall/Internet Connection Sharing (ICS) = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Management Instrumentation = C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Search Service = C:\WINDOWS\system32\SearchIndexer.exe /Embedding
Windows Time = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows User Mode Driver Framework = C:\WINDOWS\system32\wdfmgr.exe
Wireless Zero Configuration = C:\WINDOWS\System32\svchost.exe -k netsvcs
WLANKEEPER = C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Workstation = C:\WINDOWS\System32\svchost.exe -k netsvcs
World Wide Web Publishing = C:\WINDOWS\system32\inetsrv\inetinfo.exe
[VxD Services (1)]
JAVASUP = JAVASUP.VXD
[SafeBoot services (Minimal boot)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}
* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}
* Driver *
dmboot.sys
dmio.sys
dmload.sys
sermouse.sys
vga.sys
vgasave.sys
* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
PCI Configuration
PNP Filter
Primary disk
SCSI Class
System Bus Extender
* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}
* FSFilter System Recovery *
sr.sys
* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}
* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}
* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}
* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}
* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}
* Service *
AppMgmt
CryptSvc
DcomLaunch
dmadmin
dmserver
EventLog
HelpSvc
Netlogon
PlugPlay
RpcSs
SRService
vds
WinMgmt
* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}
* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}
* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}
* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}
* Volume shadow copy *
{533C5B84-EC70-11D2-9505-00C04F79DEAF}
[SafeBoot services (Minimal boot + network support)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}
* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}
* Driver *
dmboot.sys
dmio.sys
dmload.sys
ip6fw.sys
ipnat.sys
rdpcdd.sys
rdpdd.sys
rdpwd.sys
sermouse.sys
tdpipe.sys
tdtcp.sys
vga.sys
vgasave.sys
* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
NDIS
NDIS Wrapper
NetBIOSGroup
NetDDEGroup
Network
NetworkProvider
PCI Configuration
PNP Filter
PNP_TDI
Primary disk
SCSI Class
Streams Drivers
System Bus Extender
TDI
* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}
* FSFilter System Recovery *
sr.sys
* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}
* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}
* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}
* Net *
{4D36E972-E325-11CE-BFC1-08002BE10318}
* NetClient *
{4D36E973-E325-11CE-BFC1-08002BE10318}
* NetService *
{4D36E974-E325-11CE-BFC1-08002BE10318}
* NetTrans *
{4D36E975-E325-11CE-BFC1-08002BE10318}
* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}
* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}
* Service *
AFD
AppMgmt
Browser
CryptSvc
DcomLaunch
Dhcp
dmadmin
dmserver
DnsCache
EventLog
HelpSvc
LanmanServer
LanmanWorkstation
LmHosts
Messenger
Ndisuio
NetBIOS
NetBT
Netlogon
NetMan
NtLmSsp
PlugPlay
rdsessmgr
RpcSs
sharedaccess
SRService
Tcpip
termservice
UploadMgr
WinMgmt
WZCSVC
* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}
* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}
* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}
* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}
[SafeBoot: Alternate shell]
cmd.exe (not enabled)
--------------------
Driver filters:
[Class filters]
* Disk drives *
- Upper filters
PartMgr.sys
- Lower filters
drvmcdb.sys
* DVD/CD-ROM drives *
- Lower filters
PxHelp20.sys
drvmcdb.sys
sscdbhk5.sys
* Infrared devices *
- Upper filters
IRENUM.sys
* Keyboards *
- Upper filters
kbdclass.sys
* Mice and other pointing devices *
- Upper filters
mouclass.sys
* Storage volumes *
- Upper filters
VolSnap.sys
* Tape drives *
- Lower filters
drvmcdb.sys
PxHelp20.sys
[Device filters]
* Alps Touch Pad *
- Upper filters
ApfiltrService.sys
* Bluetooth Device (RFCOMM Protocol TDI) *
- Upper filters
BthEnum.sys
* CD-ROM Drive *
- Upper filters
redbook.sys
* CD-ROM Drive *
- Upper filters
redbook.sys
- Lower filters
imapi.sys
* CD-ROM Drive *
- Upper filters
redbook.sys
- Lower filters
imapi.sys
* CD-ROM Drive *
- Upper filters
redbook.sys
- Lower filters
imapi.sys
* Conexant D110 MDC V.92 Modem *
- Lower filters
HSFHWICH.sys
HSF_DPV.sys
winachsf.sys
* Direct Parallel *
- Lower filters
PtiLink.sys
* Microsoft USB Wheel Mouse Optical (IntelliPoint) *
- Upper filters
Point32.sys
* Microsoft USB Wireless Mouse (IntelliPoint) *
- Upper filters
Point32.sys
* Microsoft USB Wireless Mouse (IntelliPoint) *
- Upper filters
Point32.sys
* Terminal Server Keyboard Driver *
- Upper filters
kbdclass.sys
* Terminal Server Mouse Driver *
- Upper filters
mouclass.sys
* WAN Miniport (IP) *
- Lower filters
NdisTapi.sys
* WAN Miniport (PPPOE) *
- Lower filters
NdisTapi.sys
* WAN Miniport (PPTP) *
- Lower filters
NdisTapi.sys
--------------------
Print monitors (8):
BJ Language Monitor - cnbjmon.dll
Local Port - localspl.dll
Microsoft Document Imaging Writer Monitor - mdimon.dll
Microsoft Office Live Meeting Document Writer Monitor - lmdimon.dll
PJL Language Monitor - pjlmon.dll
Standard TCP/IP Port - tcpmon.dll
Toshiba Bluetooth Monitor - tbtmon.dll
USB Monitor - usbmon.dll
--------------------
WinLogon autoruns:
UserInit = C:\WINDOWS\system32\userinit.exe,
VmApplet = rundll32 shell32,Control_RunDLL "sysdm.cpl"
[Notify (12)]
AtiExtEvent = Ati2evxx.dll
crypt32chain = crypt32.dll
cryptnet = cryptnet.dll
cscdll = cscdll.dll
IntelWireless = C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
ScCertProp = wlnotify.dll
Schedule = wlnotify.dll
sclgntfy = sclgntfy.dll
SensLogn = WlNotify.dll
termsrv = wlnotify.dll
WgaLogon = WgaLogon.dll
wlballoon = wlnotify.dll
[Group policy extensions (12)]
Wireless = gptext.dll
Folder Redirection = fdeploy.dll
Microsoft Disk Quota = dskquota.dll
QoS Packet Scheduler = gptext.dll
Scripts = gptext.dll
Internet Explorer Zonemapping = iedkcs32.dll
Windows Search Group Policy Extension = %SystemRoot%\System32\srchadmin.dll
Security = scecli.dll
Internet Explorer Branding = iedkcs32.dll
EFS recovery = scecli.dll
Software Installation = appmgmts.dll
IP Security = gptext.dll
--------------------
Policies:
[This user]
* Primary policies *
- Software\Policies\Microsoft\Cryptography\AutoEnrollment (1)
AEPolicy = dword: 7
- Software\Policies\Microsoft\Windows\Installer (1)
AlwaysInstallElevated = dword: 1
* Alternate policies *
- Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1)
NoDriveTypeAutoRun = dword: 145
[All users]
* Primary policies *
- Software\Policies\Microsoft\Messenger\Client (1)
DisablePawn = dword: 1
- Software\Policies\Microsoft\Windows\Installer (2)
EnableAdminTSRemote = dword: 1
AlwaysInstallElevated = dword: 1
- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000} (7)
ClassName = ipsecFilter
description = Matches all ICMP packets between this computer and any other computer.
name = ipsecFilter{72385235-70fa-11d1-864c-14a300000000}
ipsecName = All ICMP Traffic
ipsecID = {72385235-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387
- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000} (7)
ClassName = ipsecFilter
description = Matches all IP packets from this computer to any other computer, except broadcast, multicast, Kerberos, RSVP and ISAKMP (IKE).
name = ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}
ipsecName = All IP Traffic
ipsecID = {7238523a-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387
- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}
ipsecID = {72385231-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387
- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}
ipsecID = {72385234-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387
- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}
ipsecID = {72385237-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387
- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}
ipsecID = {7238523d-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387
- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{3257e96d-2cee-4e3a-969c-ff12c55bf5ad} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{3257e96d-2cee-4e3a-969c-ff12c55bf5ad}
ipsecID = {3257e96d-2cee-4e3a-969c-ff12c55bf5ad}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387
- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Accepts unsecured communication, but requests clients to establish trust and security methods. Will communicate insecurely to untrusted clients if they do not respond to request.
name = ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}
ipsecName = Request Security (Optional)
ipsecID = {72385233-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {3f91a81a-7647-11d1-864d-d46a00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387
- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Permit unsecured IP packets to pass through.
name = ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
ipsecName = Permit
ipsecID = {7238523b-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {8a171dd2-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387
- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients.
name = ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}
ipsecName = Require Security
ipsecID = {7238523f-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {3f91a81a-7647-11d1-864d-d46a00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387
- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{f63f74b3-c37a-4da5-8210-945f6c9ce058} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{f63f74b3-c37a-4da5-8210-945f6c9ce058}
ipsecID = {f63f74b3-c37a-4da5-8210-945f6c9ce058}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387
- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{fc792a46-b5ee-49dd-9b4a-9b855a32ca3b} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{fc792a46-b5ee-49dd-9b4a-9b855a32ca3b}
ipsecID = {fc792a46-b5ee-49dd-9b4a-9b855a32ca3b}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387
- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{047c4095-df6e-4afb-b492-9c767be510b7} (6)
ClassName = ipsecNFA
name = ipsecNFA{047c4095-df6e-4afb-b492-9c767be510b7}
ipsecID = {047c4095-df6e-4afb-b492-9c767be510b7}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{fc792a46-b5ee-49dd-9b4a-9b855a32ca3b}
whenChanged = dword: 1115329387
- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{25dd658e-37e2-455d-aeae-35860d6d40d5} (8)
ClassName = ipsecNFA
name = ipsecNFA{25dd658e-37e2-455d-aeae-35860d6d40d5}
ipsecName = Request Security (Optional) Rule
description = For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request.
ipsecID = {25dd658e-37e2-455d-aeae-35860d6d40d5}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115329387
- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{3f969eb1-592f-441c-bf45-f818950bb5f7} (6)
ClassName = ipsecNFA
name = ipsecNFA{3f969eb1-592f-441c-bf45-f818950bb5f7}
ipsecID = {3f969eb1-592f-441c-bf45-f818950bb5f7}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{f63f74b3-c37a-4da5-8210-945f6c9ce058}
whenChanged = dword: 1115329387
- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{63501ea9-1c8a-4569-acb3-32ad7673d4e8} (8)
ClassName = ipsecNFA
name = ipsecNFA{63501ea9-1c8a-4569-acb3-32ad7673d4e8}
ipsecName = Permit unsecure ICMP packets to pass through.
description = Permit unsecure ICMP packets to pass through.
ipsecID = {63501ea9-1c8a-4569-acb3-32ad7673d4e8}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115329387
- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{ae7e6376-1452-4029-bc0c-8051ddc91a4b} (8)
ClassName = ipsecNFA
name = ipsecNFA{ae7e6376-1452-4029-bc0c-8051ddc91a4b}
ipsecName = Require Security
description = Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients.
ipsecID = {ae7e6376-1452-4029-bc0c-8051ddc91a4b}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115329387
- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{c49fd2de-5c7d-418b-8a10-7b9e43deb25b} (8)
ClassName = ipsecNFA
name = ipsecNFA{c49fd2de-5c7d-418b-8a10-7b9e43deb25b}
ipsecName = Permit unsecure ICMP packets to pass through.
description = Permit unsecure ICMP packets to pass through.
ipsecID = {c49fd2de-5c7d-418b-8a10-7b9e43deb25b}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115329387
- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{d291d34b-044c-4e1e-8ee4-9b1b78d3bd5c} (6)
ClassName = ipsecNFA
name = ipsecNFA{d291d34b-044c-4e1e-8ee4-9b1b78d3bd5c}
ipsecID = {d291d34b-044c-4e1e-8ee4-9b1b78d3bd5c}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{3257e96d-2cee-4e3a-969c-ff12c55bf5ad}
whenChanged = dword: 1115329387
- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request.
name = ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}
ipsecName = Server (Request Security)
ipsecID = {72385230-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115329387
- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = Communicate normally (unsecured). Use the default response rule to negotiate with servers that request security. Only the requested protocol and port traffic with that server is secured.
name = ipsecPolicy{72385236-70fa-11d1-864c-14a300000000}
ipsecName = Client (Respond Only)
ipsecID = {72385236-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115329387
- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = For all IP traffic, always require security using Kerberos trust. Do NOT allow unsecured communication with untrusted clients.
name = ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}
ipsecName = Secure Server (Require Security)
ipsecID = {7238523c-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115329387
- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers (4)
TransparentEnabled = dword: 1
DefaultLevel = dword: 262144
AuthenticodeEnabled = dword: 0
PolicyScope = dword: 0
- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} (4)
Description = Stop the download of this file
FriendlyName = Mdac11.cab
SaferFlags = dword: 0
HashAlg = dword: 32771
- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} (4)
Description = Stop the download of this file
FriendlyName = mdac20.cab
SaferFlags = dword: 0
HashAlg = dword: 32771
- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} (4)
Description = Stop the download of this file
FriendlyName = mdac20_a.cab
SaferFlags = dword: 0
HashAlg = dword: 32771
- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} (4)
Description = Stop the download of this file
FriendlyName = _msadc10.cab
SaferFlags = dword: 0
HashAlg = dword: 32771
- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} (4)
Description = Stop the download of this file
FriendlyName = msadc11.cab
SaferFlags = dword: 0
HashAlg = dword: 32771
- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} (2)
Description =
SaferFlags = dword: 0
- Software\Policies\Microsoft\Windows NT\Printers (1)
PhysicalLocationSupport = dword: 1
* Alternate policies *
- Software\Microsoft\Windows\CurrentVersion\policies\NonEnum (4)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = dword: 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = dword: 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = dword: 32
{B73A057F-DC1B-4067-9D8E-B69A07A7C368} = dword: 1
- Software\Microsoft\Windows\CurrentVersion\policies\system (5)
dontdisplaylastusername = dword: 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = dword: 1
undockwithoutlogon = dword: 1
--------------------
Browser Helper Objects (5):
Adobe PDF Reader Link Helper = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
DriveLetterAccess = {5CA3D70E-1895-11CF-8E15-001234567890} = C:\WINDOWS\system32\dla\tfswshx.dll
Google Toolbar Helper = {AA58ED58-01DD-4d91-8333-CF10577473F7} = c:\program files\google\googletoolbar1.dll
PCTools Browser Monitor = {B56A7D7D-6927-48C8-A975-17DF180C71AC} = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
PCTools Site Guard = {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
--------------------
ActiveX objects (13):
BASEIE40_W2K - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe
BRANDING.CAB - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
DOTNETFRAMEWORKS - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
IE4Shell_NT - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
IEACCESS - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
MailNews - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
NetMeeting - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
OEACCESS - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
Theme Component - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
WAB - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
Windows Marketplace Link - {4b218e3e-bc98-4770-93d3-2731b9329278} - C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 C:\WINDOWS\inf\ie.inf
WMPACCESS - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
--------------------
Internet Explorer toolbars:
[This user]
* ShellBrowser (2) *
&Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
&Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
* WebBrowser (3) *
&Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
&Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll
&Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
--------------------
Internet Explorer buttons/tools (3):
Research - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
@xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
@C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
--------------------
Internet Explorer menu extensions:
[This user (2)]
Add to Windows &Live Favorites -
http://favorites.liv...m/quickadd.aspxE&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
--------------------
Internet Explorer Bands (8):
Search Band - {30D02401-6A81-11d0-8274-00C04FD5AE38} - C:\WINDOWS\System32\browseui.dll
&Tip of the Day - {4D5C8C25-D075-11d0-B416-00C04FB90376} - C:\WINDOWS\system32\shdocvw.dll
&Discuss - {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} - shdocvw.dll
File Search Explorer Band - {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - C:\WINDOWS\system32\SHELL32.dll
Favorites Band - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
History Band - {EFA24E62-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
Explorer Band - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
&Research - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
--------------------
Downloaded Program Files (14):
Microsoft XML Parser for Java - Microsoft XML Parser for Java - (no file) - file://C:\WINDOWS\Java\classes\xmldso.cab
Office Genuine Advantage Validation Tool - {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - C:\WINDOWS\system32\OGACheckControl.DLL -
http://go.microsoft....k/?linkid=58813OfficeScan Corp Edition Web-Deployment SetupINICtrl Class - {08D75BB0-D2B5-11D1-88FC-0080C859833B} - C:\WINDOWS\Downloaded Program Files\OfficeScanSetupINI.dll -
https://sjc-fp02/off...ll/setupini.cabOfficeScan Corp Edition Web-Deployment SetupCtrl Class - {08D75BC1-D2B5-11D1-88FC-0080C859833B} - C:\WINDOWS\Downloaded Program Files\OfficeScanSetup.dll -
https://sjc-fp02/off...stall/setup.cabMeet247 - Live Meeting - {2591F13E-4ED2-4EB6-AC24-F9F543BA4B7B} - C:\WINDOWS\DOWNLO~1\OMCLML~1.OCX -
https://www.meet247....mLauncher43.ocxOffice Update Installation Engine - {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - C:\WINDOWS\opuc.dll -
http://office.micros...ntent/opuc3.cabMalicious Software Removal Tool - {4B48D5DF-9021-45F7-A240-60304302A215} - C:\WINDOWS\Downloaded Program Files\WebCleaner.dll -
http://download.micr.../WebCleaner.cabOfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class - {5EFE8CB1-D095-11D1-88FC-0080C859833B} - C:\WINDOWS\Downloaded Program Files\OfficeScanRemoveCtrl.dll -
https://sjc-fp02/off.../RemoveCtrl.cabMUWebControl Class - {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - C:\WINDOWS\system32\muweb.dll -
http://update.micros...b?1139421660718Microsoft Virtual Server VMRC Control - {7C896371-4B7F-4B34-95B1-24851F5DED24} - C:\WINDOWS\Downloaded Program Files\VMRCActiveXClient.dll -
http://localhost/Vir...tiveXClient.cabShockwave Flash Object - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx -
http://download.macr...ash/swflash.cabGpcContainer Class - {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - C:\WINDOWS\Downloaded Program Files\ieatgpc.dll -
https://emcsoftwareg...bex/ieatgpc.cabMcFreeScan Class - {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll -
http://download.mcaf...820/mcfscan.cabRSClientPrint Class - {FA91DF8D-53AB-455D-AB20-F2F023E498D3} - C:\WINDOWS\Downloaded Program Files\RSClientPrint.dll -
http://localhost/Rep...OpType=PrintCab--------------------
URL search hooks:
[This user (1)]
Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll
--------------------
Explorer clones:
C:\WINDOWS\explorer.exe
--------------------
Image File Execution Options (1):
Your Image File Name Here without a path = ntsd -d
--------------------
ContextMenuHandlers:
[* (6)]
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll
Open With = {09799AFB-AD67-11d1-ABCD-00C04FC30936} = C:\WINDOWS\system32\SHELL32.dll
Open With EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = C:\WINDOWS\system32\SHELL32.dll
Start Menu Pin = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = C:\WINDOWS\system32\SHELL32.dll
tosBtShllExt = {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} = C:\WINDOWS\system32\TosBtShell.dll
WinZip = {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[Drive (7)]
Disk Copy Extension = {59099400-57FF-11CE-BD94-0020AF85B590} = diskcopy.dll
DriveLetterAccess = {5CA3D70E-1895-11CF-8E15-001234567890} = C:\WINDOWS\system32\dla\tfswshx.dll
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll
Portable Media Devices Menu = {cc86590a-b60a-48e6-996b-41d25ed39a1e} = C:\WINDOWS\system32\Audiodev.dll
RecordNow! ContextMenuExt = {E91B2703-013E-4A99-AD33-2B6FB00AA356} = C:\Program Files\Sonic\RecordNow Deluxe\RecordNow! Deluxe\shlext.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
ShellFolder for CD Burning = {fbeb8a05-beee-4442-804e-409d6c4515e9} = C:\WINDOWS\system32\SHELL32.dll
[Folder (2)]
SpySweeper = {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
WinZip = {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[CompressedFolder (1)]
Compressed (zipped) Folder Context Menu = {b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} = C:\WINDOWS\System32\zipfldr.dll
[Directory (5)]
EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = C:\WINDOWS\system32\SHELL32.dll
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
tosBtShllExt = {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} = C:\WINDOWS\system32\TosBtShell.dll
WinZip = {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[Directory\Background (1)]
New = {D969A300-E7FF-11d0-A93B-00A0C90F2719} = C:\WINDOWS\system32\SHELL32.dll
[ChannelShortcut (1)]
Channel Menu Handler Object = {f3da0dc0-9cc8-11d0-a599-00c04fd64437} = C:\WINDOWS\system32\cdfview.dll
[InternetShortcut (1)]
Internet Shortcut = {FBF23B40-E3F0-101B-8488-00AA003E56F8} = shdocvw.dll
[AllFileSystemObjects (2)]
Send To = {7BA4C740-9E81-11CF-99D3-00AA004AE837} = C:\WINDOWS\system32\SHELL32.dll
SpySweeper = {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
--------------------
ColumnHandlers (5):
(no name) - {0D2E74C4-3C34-11d2-A27E-00C04FC30871} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {24F14F01-7B1C-11d1-838f-0000F80461CF} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {24F14F02-7B1C-11d1-838f-0000F80461CF} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {66742402-F9B9-11D1-A202-0000F81FEDEE} - C:\WINDOWS\system32\SHELL32.dll
PDF Shell Extension - {F9DB5320-233E-11D1-9F84-707F02C10627} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
--------------------
ShellExecuteHooks (2):
URL Exec Hook = {56F9679E-7826-4C84-81F3-532071A8BCC5} = C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
URL Exec Hook = {AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll
--------------------
Approved Shell Extensions:
[All users (205)]
%DESC_PublishDropTarget% - {60fd46de-f830-4894-a628-6fa81bc0190d} - C:\WINDOWS\System32\photowiz.dll
&Address - {01E04581-4EEE-11d0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
.CAB file viewer - {0CD7A5C0-9F37-11CE-AE65-08002B2E1262} - cabview.dll
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} - {506F4668-F13E-4AA1-BB04-B43203AB3CC0} - C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL
{D66DC78C-4F61-447F-942B-3FB6980118CF} - {D66DC78C-4F61-447F-942B-3FB6980118CF} - C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL
Accessible - {7e653215-fa25-46bd-a339-34a2790f3cb7} - C:\WINDOWS\System32\browseui.dll
ActiveX Cache Folder - {88C6C381-2E85-11D0-94DE-444553540000} - C:\WINDOWS\System32\occache.dll
Address Bar Parser - {E0E11A09-5CB8-4B6C-8332-E00720A168F2} - C:\WINDOWS\System32\browseui.dll
Address EditBox - {A08C11D2-A228-11d0-825B-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
Administrative Tools - {D20EA4E1-3957-11d2-A40B-0C5020524153} - C:\WINDOWS\system32\shdocvw.dll
Audio Media Properties Handler - {875CB1A1-0F29-45de-A1AE-CFB4950D0B78} - C:\WINDOWS\System32\shmedia.dll
Augmented Shell Folder - {91EA3F8B-C99B-11d0-9815-00C04FD91972} - C:\WINDOWS\System32\browseui.dll
Augmented Shell Folder 2 - {6413BA2C-B461-11d1-A18A-080036B11A03} - C:\WINDOWS\System32\browseui.dll
Auto Update Property Sheet Extension - {5F327514-6C5E-4d60-8F16-D07FA08A78ED} - C:\WINDOWS\system32\wuaucpl.cpl
Avi Properties Handler - {87D62D94-71B3-4b9a-9489-5FE6850DC73E} - C:\WINDOWS\System32\shmedia.dll
BandProxy - {F61FFEC1-754F-11d0-80CA-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
Bluetooth - {45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} - C:\WINDOWS\system32\TosBtExt.dll
Briefcase - {85BBD920-42A0-1069-A2E4-08002B30309D} - syncui.dll
CDF Extension Copy Hook - {67EA19A0-CCEF-11d0-8024-00C04FD75D13} - C:\WINDOWS\system32\shdocvw.dll
Channel File - {f39a0dc0-9cc8-11d0-a599-00c04fd64433} - C:\WINDOWS\system32\cdfview.dll
Channel Handler Object - {f3ba0dc0-9cc8-11d0-a599-00c04fd64435} - C:\WINDOWS\system32\cdfview.dll
Channel Menu - {f3da0dc0-9cc8-11d0-a599-00c04fd64437} - C:\WINDOWS\system32\cdfview.dll
Channel Properties - {f3ea0dc0-9cc8-11d0-a599-00c04fd64438} - C:\WINDOWS\system32\cdfview.dll
Channel Shortcut - {f3aa0dc0-9cc8-11d0-a599-00c04fd64434} - C:\WINDOWS\system32\cdfview.dll
Code Download Agent - {7D559C10-9FE9-11d0-93F7-00AA0059CE02} - C:\WINDOWS\System32\webcheck.dll
Compatibility Page - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} - SlayerXP.dll
Compressed (zipped) Folder - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} - C:\WINDOWS\System32\zipfldr.dll
Compressed (zipped) Folder Right Drag Handler - {BD472F60-27FA-11cf-B8B4-444553540000} - C:\WINDOWS\System32\zipfldr.dll
Compressed (zipped) Folder SendTo Target - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} - C:\WINDOWS\System32\zipfldr.dll
ConnectionAgent - {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} - C:\WINDOWS\System32\webcheck.dll
Crypto PKO Extension - {7444C717-39BF-11D1-8CD9-00C04FC29D45} - C:\WINDOWS\system32\cryptext.dll
Crypto Sign Extension - {7444C719-39BF-11D1-8CD9-00C04FC29D45} - C:\WINDOWS\system32\cryptext.dll
Custom MRU AutoCompleted List - {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} - C:\WINDOWS\System32\browseui.dll
Darwin App Publisher - {CFCCC7A0-A282-11D1-9082-006008059382} - C:\WINDOWS\System32\appwiz.cpl
DfsShell - {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} - C:\WINDOWS\System32\dfsshlex.dll
Directory Context Menu Verbs - {62AE1F9A-126A-11D0-A14B-0800361B1103} - C:\WINDOWS\System32\dsuiext.dll
Directory Object Find - {163FDC20-2ABC-11d0-88F0-00A024AB2DBB} - C:\WINDOWS\System32\dsquery.dll
Directory Property UI - {0D45D530-764B-11d0-A1CA-00AA00C16E65} - C:\WINDOWS\System32\dsuiext.dll
Directory Query UI - {8A23E65E-31C2-11d0-891C-00A024AB2DBB} - C:\WINDOWS\System32\dsquery.dll
Directory Start/Search Find - {F020E586-5264-11d1-A532-0000F8757D7E} - C:\WINDOWS\System32\dsquery.dll
Disk Copy Extension - {59099400-57FF-11CE-BD94-0020AF85B590} - diskcopy.dll
Disk Quota UI - {7988B573-EC89-11cf-9C00-00AA00A14F56} - dskquoui.dll
Display Adapter CPL Extension - {42071712-76d4-11d1-8b24-00a0c9068ff3} - deskadp.dll
Display Monitor CPL Extension - {42071713-76d4-11d1-8b24-00a0c9068ff3} - deskmon.dll
Display Panning CPL Extension - {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll
Display TroubleShoot CPL Extension - {f92e8c40-3d33-11d2-b1aa-080036a75b03} - deskperf.dll
Download Status - {22BF0C20-6DA7-11D0-B373-00A0C9034938} - C:\WINDOWS\System32\browseui.dll
DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
DS Security Page - {4E40F770-369C-11d0-8922-00A024AB2DBB} - dssec.dll
E-mail - {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Encryption Context Menu - {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} -
Explorer Band - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
Extensions Manager Folder - {692F0339-CBAA-47e6-B5B5-3B84DB604E87} - C:\WINDOWS\system32\extmgr.dll
Favorites Band - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
Fonts - {BD84B380-8CA2-1069-AB1D-08000948F534} - fontext.dll
Fonts - {D20EA4E1-3957-11d2-A40B-0C5020524152} - C:\WINDOWS\system32\shdocvw.dll
For &People... - {32714800-2E5F-11d0-8B85-00AA0044F941} - C:\Program Files\Outlook Express\wabfind.dll
FTP Folders Webview - {63da6ec0-2e98-11cf-8d82-444553540000} - C:\WINDOWS\System32\msieftp.dll
Fusion Cache - {1D2680C9-0E2A-469d-B787-065558BC7D43} - C:\WINDOWS\system32\mscoree.dll
GDI+ file thumbnail extractor - {3F30C968-480A-4C6C-862D-EFC0897BB84B} - C:\WINDOWS\System32\shimgvw.dll
Get a Passport Wizard - {58f1f272-9240-4f51-b6d4-fd63d1618591} - C:\WINDOWS\System32\netplwiz.dll
Global Folder Settings - {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} - C:\WINDOWS\System32\browseui.dll
Help and Support - {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Help and Support - {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
History - {FF393560-C2A7-11CF-BFF4-444553540000} - C:\WINDOWS\system32\shdocvw.dll
History Band - {EFA24E62-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
HTML Thumbnail Extractor - {EAB841A0-9550-11cf-8C16-00805F1408F3} - C:\WINDOWS\System32\shimgvw.dll
HyperTerminal Icon Ext - {88895560-9AA2-1069-930E-00AA0030EBC8} - C:\WINDOWS\System32\hticons.dll
ICC Profile - {DBCE2480-C732-101B-BE72-BA78E9AD5B27} - C:\WINDOWS\system32\icmui.dll
ICM Monitor Management - {5DB2625A-54DF-11D0-B6C4-0800091AA605} - C:\WINDOWS\System32\icmui.dll
ICM Printer Management - {675F097E-4C4D-11D0-B6C1-0800091AA605} - C:\WINDOWS\system32\icmui.dll
ICM Scanner Management - {176d6597-26d3-11d1-b350-080036a75b03} - icmui.dll
IE4 Suite Splash Screen - {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\system32\shdocvw.dll
IIS Shell Extension - {5a61f7a0-cde1-11cf-9113-00aa00425c62} - C:\WINDOWS\system32\inetsrv\w3ext.dll
In-pane search - {169A0691-8DF9-11d1-A1C4-00C04FD75D13} - C:\WINDOWS\System32\browseui.dll
Installed Apps Enumerator - {0B124F8F-91F0-11D1-B8B5-006008059382} - C:\WINDOWS\System32\appwiz.cpl
IntelliPoint Activities Control Panel Property Page - {653DCCC2-13DB-45B2-A389-427885776CFE} - "C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"
IntelliPoint Buttons Control Panel Property Page - {124597D8-850A-41AE-849C-017A4FA99CA2} - "C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"
IntelliPoint Wheel Control Panel Property Page - {AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} - "C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"
IntelliPoint Wireless Control Panel Property Page - {20082881-FC36-4E47-9A7A-644C95FF749F} - "C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"
Internet - {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Internet Name Space - {871C5380-42A0-1069-A2EA-08002B30309D} - C:\WINDOWS\system32\shdocvw.dll
InternetShortcut - {FBF23B40-E3F0-101B-8488-00AA003E56F8} - shdocvw.dll
ISFBand OC - {131A6951-7F78-11D0-A979-00C04FD705A2} - C:\WINDOWS\system32\shdocvw.dll
Maxtor Locked Drives - {7059DA7A-7E60-11d2-A355-00C04FB9D26E} - C:\WINDOWS\System32\MXONmSpace.dll
Media Band - {32683183-48a0-441b-a342-7c2a440a9478} -
Microsoft Agent Character Property Sheet Handler - {143A62C8-C33B-11D1-84FE-00C04FA34A14} - C:\WINDOWS\msagent\agentpsh.dll
Microsoft AutoComplete - {00BB2763-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\System32\browseui.dll
Microsoft Browser Architecture - {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} - C:\WINDOWS\system32\shdocvw.dll
Microsoft BrowserBand - {7BA4C742-9E81-11CF-99D3-00AA004AE837} - C:\WINDOWS\System32\browseui.dll
Microsoft Data Link - {2206CDB2-19C1-11D1-89E0-00C04FD7A829} - C:\Program Files\Common Files\System\Ole DB\oledb32.dll
Microsoft DocProp Inplace Calendar Control - {6A205B57-2567-4A2C-B881-F787FAB579A3} - C:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Inplace Droplist Combo Control - {0EEA25CC-4362-4A12-850B-86EE61B0D3EB} - C:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Inplace Edit Box Control - {A9CF0EAE-901A-4739-A481-E35B73E47F6D} - C:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Inplace ML Edit Box Control - {8EE97210-FD1F-4B19-91DA-67914005F020} - C:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Inplace Time Control - {28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} - C:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Shell Ext - {883373C3-BF89-11D1-BE35-080036B11A03} - C:\WINDOWS\System32\docprop2.dll
Microsoft History AutoComplete List - {00BB2764-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\System32\browseui.dll
Microsoft Internet Toolbar - {5E6AB780-7743-11CF-A12B-00AA004AE837} - C:\WINDOWS\System32\browseui.dll
Microsoft Multiple AutoComplete List Container - {00BB2765-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\System32\browseui.dll
Microsoft Office HTML Icon Handler - {42042206-2D85-11D3-8CFF-005004838597} - C:\Program Files\Microsoft Office\Office12\msohev.dll
Microsoft Office Metadata Handler - {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
Microsoft Office Outlook Custom Icon Handler - {0006F045-0000-0000-C000-000000000046} - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
Microsoft Office Outlook Desktop Icon Handler - {00020D75-0000-0000-C000-000000000046} - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
Microsoft Office Thumbnail Handler - {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
Microsoft Shell Folder AutoComplet