Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

multiple iexplore.exe causing errors on startup

Started by peterg99 , Aug 31 2006 11:05 AM

  • Please log in to reply

#1
peterg99
Posted 31 August 2006 - 11:05 AM

peterg99

    Member

  • Member
  • PipPip
  • 19 posts
Well, it started with multiple IE windows popping up unexpectedly. I have tried various fixes I could find and probably made it worse :whistling:
Now, on re-boot, 6 -9 iexplore.exe run briefly, then error out with “The instruction at “0x1009397e” referenced memory at “0x015fc3e8”. The memory could not be “read”. Click OK to terminate the program.” (The addresses vary slightly.)
I have SpyDoctor running and Trend Micro OfficeScan (courtesy of my employer). I regularly run Windows updates including the malware removal one. I have run several other tools, including the scf scan for Windows. None reported any malware.
The only “positive find” – that I do not know what it means - comes from sysinternals RootKitRevealer:
HKLM\SYSTEM\ControlSet001\Services\d347prt\Cfg\0Jf40 8/7/2006 8:47 PM 0 bytes Hidden from Windows API
I am posting my hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 9:17:54 AM, on 8/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\LZC2FC.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\pgratzinger\My Documents\Downloads\sysinternals\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfgate.com/weather/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE" -a
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ace.allincal.com
O15 - Trusted Zone: http://crm.allincal.com
O15 - Trusted Zone: http://*.labcrm
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://sjc-fp02/off...ll/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://sjc-fp02/off...stall/setup.cab
O16 - DPF: {2591F13E-4ED2-4EB6-AC24-F9F543BA4B7B} (Meet247 - Live Meeting) - https://www.meet247....mLauncher43.ocx
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://sjc-fp02/off.../RemoveCtrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1139421660718
O16 - DPF: {7C896371-4B7F-4B34-95B1-24851F5DED24} (Microsoft Virtual Server VMRC Control) - http://localhost/Vir...tiveXClient.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://emcsoftwareg...bex/ieatgpc.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...820/mcfscan.cab
O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - http://localhost/Rep...OpType=PrintCab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Allincal.com
O17 - HKLM\Software\..\Telephony: DomainName = Allincal.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Allincal.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server FullText Search (MSSQLSERVER) (msftesql) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe" -s:MSSQL.2 -f:MSSQLSERVER (file missing)
O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
O23 - Service: SQL Server Analysis Services (MSSQLSERVER) (MSSQLServerOLAPService) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\Config (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing)
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Virtual Machine Helper (vmh) - Unknown owner - C:\Program Files\Microsoft Virtual Server\vmh.exe" -service (file missing)
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Hope you can help me :blink:
  • 0

Advertisements

#2
Metallica
Posted 08 September 2006 - 08:45 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Hi peterg99,

The d347prt is part of the Device Driver for "Virtual DAEMON Tools" Virtual CD/DVD-ROM, but I want to check for Rootkits anyway.

Download and Save Blacklight to your desktop (choose "I ACCEPT" then click "DOWNLOAD" on the website).

Double-click blbeta.exe then accept the agreement, click > "Scan" then > "Next".

You'll see a list of all items found. There will also be a log on your desktop with the name "fsbl.xxxxxxxxxxxxxx.log" (the xxxxxxxxxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

Regards,
  • 0

#3
peterg99
Posted 08 September 2006 - 11:20 AM

peterg99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I don't think the Blacklight scan found anything. A slick product, though: I hope it is as effective as the UI implies :whistling:

09/08/06 08:34:32 [Info]: BlackLight Engine 1.0.46 initialized
09/08/06 08:34:32 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/08/06 08:34:32 [Note]: 7019 4
09/08/06 08:34:32 [Note]: 7005 0
09/08/06 08:34:38 [Note]: 7006 0
09/08/06 08:34:38 [Note]: 7011 4000
09/08/06 08:34:39 [Note]: 7026 0
09/08/06 08:34:39 [Note]: 7026 0
09/08/06 08:35:30 [Note]: FSRAW library version 1.7.1019
09/08/06 08:58:14 [Note]: 7007 0
  • 0

#4
Metallica
Posted 08 September 2006 - 12:13 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Never failed me sofar.
And I'm glad to say it doesn't show anything. :whistling:

I would like to do some weeding in your startups.
You do have quite a few that will start if and when you need them, so they don't have to be running all the time.
HijackThis make backups, so if I include anything you want to keep, we can put it back.


Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Then reboot and let me know if that is a big improvement.

Regards,
  • 0

#5
peterg99
Posted 08 September 2006 - 01:37 PM

peterg99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I do not see an improvement, sorry. This is the log taken when the iexplore.exe's are running without my intervention. I opened the Task Manager. The processes you asked me to fix are gone as they better be :whistling:

Logfile of HijackThis v1.99.1
Scan saved at 12:30:44 PM, on 9/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe
C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\TEMP\WH6BC1.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Trend Micro\OfficeScan Client\TSC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\pgratzinger\My Documents\Downloads\sysinternals\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfgate.com/weather/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE" -a
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\pgratzinger\My Documents\Downloads\sysinternals\HijackThis.exe /startupscan
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ace.allincal.com
O15 - Trusted Zone: http://crm.allincal.com
O15 - Trusted Zone: http://*.labcrm
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://sjc-fp02/off...ll/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://sjc-fp02/off...stall/setup.cab
O16 - DPF: {2591F13E-4ED2-4EB6-AC24-F9F543BA4B7B} (Meet247 - Live Meeting) - https://www.meet247....mLauncher43.ocx
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://sjc-fp02/off.../RemoveCtrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1139421660718
O16 - DPF: {7C896371-4B7F-4B34-95B1-24851F5DED24} (Microsoft Virtual Server VMRC Control) - http://localhost/Vir...tiveXClient.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://emcsoftwareg...bex/ieatgpc.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...820/mcfscan.cab
O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - http://localhost/Rep...OpType=PrintCab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Allincal.com
O17 - HKLM\Software\..\Telephony: DomainName = Allincal.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Allincal.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server FullText Search (MSSQLSERVER) (msftesql) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe" -s:MSSQL.2 -f:MSSQLSERVER (file missing)
O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
O23 - Service: SQL Server Analysis Services (MSSQLSERVER) (MSSQLServerOLAPService) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\Config (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing)
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Virtual Machine Helper (vmh) - Unknown owner - C:\Program Files\Microsoft Virtual Server\vmh.exe" -service (file missing)
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • 0

#6
Metallica
Posted 08 September 2006 - 01:55 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  • 0

#7
peterg99
Posted 08 September 2006 - 02:30 PM

peterg99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here is the log:

pgratzinger - 06-09-08 13:24:25.73
ComboFix 06.09.07 - Running from: C:\Documents and Settings\pgratzinger\Desktop

Microsoft Windows XP [Version 5.1.2600]

((((((((((((((((((((((((((((((( Files Created from 2006-08-08 to 2006-09-08 ))))))))))))))))))))))))))))))))))


2006-08-24 11:51 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2006-08-24 11:51 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2006-08-24 11:51 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2006-08-24 11:51 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-08-24 11:51 404,752 --a------ C:\WINDOWS\system32\javart.dll
2006-08-24 11:51 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2006-08-24 11:51 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2006-08-24 11:51 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2006-08-24 11:51 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2006-08-24 11:51 172,304 --a------ C:\WINDOWS\system32\jview.exe
2006-08-24 11:51 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2006-08-24 11:51 171,280 --a------ C:\WINDOWS\system32\jit.dll
2006-08-24 11:51 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2006-08-24 11:51 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2006-08-24 11:51 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2006-08-24 11:51 113 --a------ C:\WINDOWS\system32\zonedon.reg
2006-08-24 11:51 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2006-08-15 08:49 184,897 --a------ C:\WINDOWS\system32\atasnt40.dll
2006-08-09 20:20 117,760 --------- C:\WINDOWS\system32\xmllite.dll
2006-08-09 17:40 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-08 12:32 -------- d-------- C:\Program Files\Spyware Doctor
2006-09-02 11:03 -------- d-------- C:\Documents and Settings\pgratzinger\Application Data\Amescon
2006-08-31 17:38 -------- d-------- C:\Documents and Settings\pgratzinger\Application Data\IsolatedStorage
2006-08-31 08:27 -------- d-------- C:\Program Files\CleanUp!
2006-08-31 07:38 -------- d-------- C:\Program Files\Amescon
2006-08-31 06:21 51072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-08-24 17:06 -------- d-------- C:\Program Files\ErrorKiller
2006-08-23 14:49 -------- d-------- C:\Program Files\Google
2006-08-23 14:20 -------- d-------- C:\Documents and Settings\pgratzinger\Application Data\JetBrains
2006-08-22 10:59 -------- d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2006-08-21 13:18 -------- d-------- C:\Program Files\Report Packs
2006-08-17 21:48 -------- d-------- C:\Program Files\Apoint
2006-08-17 20:56 -------- d---s---- C:\Documents and Settings\pgratzinger\Application Data\Microsoft
2006-08-17 16:18 -------- d-------- C:\Program Files\Windows Desktop Search
2006-08-17 11:03 -------- d-------- C:\Program Files\Microsoft Office
2006-08-17 11:03 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-17 11:02 -------- d-------- C:\Program Files\Microsoft Works
2006-08-17 10:55 -------- d-------- C:\Program Files\Microsoft Visual Studio 8
2006-08-15 08:49 51392 --a------ C:\WINDOWS\system32\drivers\atnt40k.sys
2006-08-14 21:58 -------- d-------- C:\Documents and Settings\pgratzinger\Application Data\Adobe
2006-08-14 21:17 -------- d-------- C:\Documents and Settings\pgratzinger\Application Data\ProClarity
2006-08-14 21:16 -------- d-------- C:\Program Files\Common Files\ProClarity
2006-08-14 21:15 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-08-14 21:14 -------- d-------- C:\Program Files\ProClarity
2006-08-14 21:14 -------- d-------- C:\Program Files\Common Files\Software FX Shared
2006-08-14 21:14 -------- d-------- C:\Program Files\Common Files
2006-08-14 21:10 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-14 16:55 -------- d-------- C:\Documents and Settings\pgratzinger\Application Data\ICAClient
2006-08-14 16:51 -------- d-------- C:\Program Files\Citrix
2006-08-12 20:37 -------- d-------- C:\Program Files\Ultrapico
2006-08-12 09:55 -------- d-------- C:\Documents and Settings\pgratzinger\Application Data\Ultrapico
2006-08-12 08:51 -------- d-------- C:\Documents and Settings\pgratzinger\Application Data\AdobeUM
2006-08-09 22:05 -------- d-------- C:\Program Files\Internet Explorer
2006-08-09 21:59 -------- d-------- C:\Documents and Settings\pgratzinger\Application Data\MSN6
2006-08-09 21:40 -------- d-------- C:\Program Files\Microsoft Beta Client
2006-08-09 21:39 -------- d-------- C:\Program Files\Microsoft File Transfer Manager
2006-08-09 18:57 -------- d-------- C:\Program Files\Windows Media Player
2006-08-09 17:47 -------- d-------- C:\Program Files\Registry Cleaner
2006-08-09 14:42 -------- d-------- C:\Program Files\Microsoft Visual SourceSafe
2006-08-09 12:25 -------- d-------- C:\Program Files\Microsoft SQL Server
2006-08-09 10:15 -------- d-------- C:\Program Files\Sonic
2006-08-08 15:30 -------- d-------- C:\Program Files\Files Comparer
2006-08-08 10:38 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-08-08 09:49 -------- d-------- C:\Documents and Settings\pgratzinger\Application Data\PC Tools
2006-08-07 19:51 -------- d-------- C:\Program Files\Microsoft Office Communicator
2006-08-07 19:51 -------- d-------- C:\Program Files\Microsoft IntelliPoint
2006-08-07 19:51 -------- d-------- C:\Program Files\D-Tools
2006-08-07 19:50 16897 --a------ C:\WINDOWS\MXOALDR.EXE
2006-08-05 10:58 -------- d-------- C:\Program Files\MSDN
2006-08-05 10:39 -------- d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2006-08-05 10:39 -------- d-------- C:\Program Files\Microsoft Device Emulator
2006-08-05 10:32 -------- d-------- C:\Program Files\MSBuild
2006-08-05 10:32 -------- d-------- C:\Program Files\HTML Help Workshop
2006-08-05 10:31 -------- d-------- C:\Program Files\Common Files\Merge Modules
2006-08-05 10:29 -------- d-------- C:\Program Files\CE Remote Tools
2006-08-04 09:33 -------- d-------- C:\Program Files\SQLXML 4.0
2006-08-04 09:33 -------- d-------- C:\Program Files\Microsoft Analysis Services
2006-08-02 08:02 -------- d-------- C:\Program Files\Microsoft Virtual Server
2006-08-01 21:26 -------- d-------- C:\Program Files\Microsoft Virtual PC
2006-07-27 14:22 -------- d-------- C:\Program Files\Common Files\Adobe
2006-07-27 14:05 -------- d-------- C:\Program Files\IFilterShop
2006-07-27 13:56 -------- d-------- C:\Program Files\Adobe
2006-07-27 13:53 -------- d-------- C:\Program Files\Lookout Software
2006-07-27 06:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 09:51 -------- d-------- C:\Documents and Settings\pgratzinger\Application Data\Google
2006-07-21 01:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-17 18:04 46 --a------ C:\WINDOWS\system32\nett12.dll
2006-07-17 18:02 -------- d-------- C:\Program Files\Transcender
2006-07-13 17:47 -------- d-------- C:\Documents and Settings\pgratzinger\Application Data\CyberLink
2006-07-13 12:23 -------- d-------- C:\Program Files\WinZip
2006-07-12 19:03 -------- d-------- C:\Documents and Settings\pgratzinger\Application Data\Macromedia
2006-07-11 12:09 -------- d-------- C:\Documents and Settings\pgratzinger\Application Data\Help
2006-07-11 08:03 -------- d-------- C:\Program Files\OfficeUpdate11
2006-07-10 16:38 30592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2006-07-10 12:10 -------- d-------- C:\Program Files\Windows Media Connect 2


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MaxtorOneTouch"="C:\\PROGRA~1\\Maxtor\\OneTouch\\Utils\\OneTouch.exe"
"MXOBG"="C:\\WINDOWS\\MXOALDR.EXE"
"BluetoothAuthenticationAgent"="\"rundll32.exe\" bthprops.cpl,,BluetoothAuthenticationAgent"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"Apoint"="\"C:\\Program Files\\Apoint\\Apoint.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"ISUSPM Startup"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"OfficeScanNT Monitor"="\"C:\\Program Files\\Trend Micro\\OfficeScan Client\\Pccntmon.exe\" -HideWindow"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"DWPersistentQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\DWTRIG20.EXE\" -a"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Communicator"="\"C:\\Program Files\\Microsoft Office Communicator\\Communicator.exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"HijackThis startup scan"="C:\\Documents and Settings\\pgratzinger\\My Documents\\Downloads\\sysinternals\\HijackThis.exe /startupscan"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,80,01,00,00,00,00,00,00,00,06,00,00,8e,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="\"C:\\Program Files\\Microsoft Office Communicator\\Communicator.exe\""
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="\"C:\\Program Files\\Microsoft Office Communicator\\Communicator.exe\""
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless


Completion time: Fri 09/08/2006 13:25:52.98
ComboFix.txt
  • 0

#8
Metallica
Posted 08 September 2006 - 02:54 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
OK. There is one file in that log that I don't recognize.

Can you surf to:
http://www.thespykil...x.php?topic=5.0

Follow the instructions there to upload:
C:\WINDOWS\system32\nett12.dll

Post back here with a link to the topic you started there, so i can find it.

Thanks,
  • 0

#9
peterg99
Posted 08 September 2006 - 03:25 PM

peterg99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here is the link to the uploaded file:
http://www.thespykil...hp?topic=2533.0

Thanks!
  • 0

#10
Metallica
Posted 09 September 2006 - 05:58 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Got it, thanks.
Tiny and harmless.

Which leaves us with th etask to find out what starts the iexplore processes.

To Get StartupList:
  • Please download StartupList to your desktop.
  • Double click the startuplist.zip to extract the files inside.
  • When the new window opens, please double click on StartupList.exe
  • A window will open that will begin listing all of the startups with icons and text. In the lower left hand corner, it will show the status. When it says "ready" in the bottom left corner, it has finished running.
  • At the top of the window, click File>Save As and save startuplist.txt to your desktop.
  • Close startuplist.exe window
  • Post a copy of startuplist.txt in your next reply
The file may not fit in one post. If that is true try attaching it or post the list in pieces spread over several posts.

Regards,
  • 0

Advertisements

#11
peterg99
Posted 09 September 2006 - 08:56 PM

peterg99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi Pieter,

I will attach the startup log presently but I first want to let you know that something has changed: I can still see the iexplorer.exe instances in the Task Manager but they do not error out, just go away after running briefly. I honestly do not know if that is good or bad, it is a bit creepy though as there is no browser window open and this could be happening without me ever knowing...

StartupList report, 9/9/2006, 7:07:03 PM
StartupList version 2.01.0
Started from: C:\Documents and Settings\pgratzinger\Desktop\StartupList.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Logged on as 'pgratzinger' to 'ALLIN-1004'
* Using default options (see end of log for possible options)
==================================================

Running processes (50):

[C:\Documents and Settings\pgratzinger\Desktop\StartupList.exe (47)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\apphelp.dll
C:\WINDOWS\system32\asycfilt.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSCOMCTL.OCX
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\mslbui.dll
C:\WINDOWS\system32\MSVBVM60.DLL
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTDSAPI.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\wbem\fastprox.dll
C:\WINDOWS\System32\wbem\wbemcomn.dll
C:\WINDOWS\System32\wbem\wbemdisp.dll
C:\WINDOWS\System32\wbem\wbemprox.dll
C:\WINDOWS\System32\wbem\wbemsvc.dll
C:\WINDOWS\System32\wbem\wmiutils.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe (38)]
C:\PROGRA~1\Intel\Wireless\Bin\IntelAE5.dll
C:\PROGRA~1\Intel\Wireless\Bin\PsRegApi.dll
C:\PROGRA~1\Intel\Wireless\Bin\TraceAPI.DLL
C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WinSCard.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WTSAPI32.dll
C:\WINDOWS\system32\xpsp2res.dll

[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (24)]
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\csm.dll
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\psapi.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (58)]
C:\Program Files\Common Files\System\ado\msado15.dll
C:\Program Files\Common Files\System\msadc\msadce.dll
C:\Program Files\Common Files\System\msadc\msadcer.dll
C:\Program Files\Common Files\System\Ole DB\msdasql.dll
C:\Program Files\Common Files\System\Ole DB\MSDASQLR.DLL
C:\Program Files\Common Files\System\Ole DB\MSDATL3.dll
C:\Program Files\Common Files\System\Ole DB\oledb32.dll
C:\Program Files\Common Files\System\Ole DB\OLEDB32R.DLL
C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll
C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\CLUSAPI.DLL
C:\WINDOWS\system32\colbact.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\comsvcs.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSDART.DLL
C:\WINDOWS\System32\msjet40.dll
C:\WINDOWS\System32\MSJINT40.DLL
C:\WINDOWS\System32\msjter40.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\mswstr10.dll
C:\WINDOWS\system32\MTXCLU.DLL
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ODBC32.dll
C:\WINDOWS\system32\odbccp32.dll
C:\WINDOWS\system32\odbcint.dll
C:\WINDOWS\System32\odbcji32.dll
C:\WINDOWS\System32\odbcjt32.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RESUTILS.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (23)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\xpsp2res.dll

[C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (41)]
C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll
C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\System32\CLUSAPI.dll
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\System32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\System32\netcfgx.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (45)]
C:\Program Files\Intel\Wireless\Bin\C1XStngs.dll
C:\Program Files\Intel\Wireless\Bin\LSAWRAPI.dll
C:\Program Files\Intel\Wireless\Bin\MurocApi.dll
C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll
C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll
C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll
C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\WTSAPI32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe (53)]
C:\Program Files\Intel\Wireless\Bin\C1XStngs.dll
C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL
C:\Program Files\Intel\Wireless\Bin\LSAWRAPI.dll
C:\Program Files\Intel\Wireless\Bin\MurocApi.dll
C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll
C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll
C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll
C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\mslbui.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\msxml4.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\oledlg.dll
C:\WINDOWS\system32\OLEPRO32.DLL
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WTSAPI32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\Program Files\Internet Explorer\iexplore.exe (98)]
C:\DOCUME~1\PGRATZ~1\LOCALS~1\Temp\t1157814530.dll
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\program files\google\googletoolbar1.dll
C:\Program Files\Microsoft Office\Office12\msohev.dll
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\IME\SPGRMR.DLL
C:\WINDOWS\ime\sptip.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\appHelp.dll
C:\WINDOWS\system32\browselc.dll
C:\WINDOWS\system32\BROWSEUI.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\CRYPTUI.dll
C:\WINDOWS\System32\CSCDLL.dll
C:\WINDOWS\System32\cscui.dll
C:\WINDOWS\system32\dla\tfswcres.dll
C:\WINDOWS\system32\dla\tfswshx.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\jscript.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
C:\WINDOWS\system32\MFC42.DLL
C:\WINDOWS\system32\midimap.dll
C:\WINDOWS\system32\mlang.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\System32\mshtml.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\MSIMG32.dll
C:\WINDOWS\System32\msimtf.dll
C:\WINDOWS\system32\mslbui.dll
C:\WINDOWS\System32\msls31.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\MSVCR71.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEACC.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RASAPI32.DLL
C:\WINDOWS\system32\rasman.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\schannel.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\sensapi.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\shdoclc.dll
C:\WINDOWS\system32\SHDOCVW.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\TAPI32.dll
C:\WINDOWS\system32\tfswapi.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\vbscript.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\wdmaud.drv
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\wshbth.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\Program Files\Messenger\msmsgs.exe (70)]
C:\Program Files\Messenger\custsat.dll
C:\Program Files\Messenger\MSGSLANG.DLL
C:\Program Files\Messenger\msimmsgr.dll
C:\Program Files\Messenger\MSVCR71.dll
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\apphelp.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\credui.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\dssenh.dll
C:\WINDOWS\System32\es.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\MSIMG32.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RASAPI32.DLL
C:\WINDOWS\system32\rasman.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\schannel.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\sensapi.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\TAPI32.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\userenv.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\wintrust.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\wshbth.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\wtsapi32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

[C:\Program Files\Microsoft Office Communicator\Communicator.exe (118)]
C:\PROGRA~1\MICROS~2\LIVEME~1\Addins\LMPAPI.dll
C:\Program Files\Common Files\Microsoft Shared\office12\1033\MSOINTL.DLL
C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll
C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
C:\Program Files\Common Files\SYSTEM\MSMAPI\1033\MSMAPI32.DLL
C:\Program Files\Microsoft Office Communicator\lcapi.dll
C:\Program Files\Microsoft Office Communicator\lcimsp.dll
C:\Program Files\Microsoft Office Communicator\LCLANG.DLL
C:\Program Files\Microsoft Office Communicator\lcmedia.dll
C:\Program Files\Microsoft Office Communicator\lcres.dll
C:\Program Files\Microsoft Office Communicator\MSVCR71.dll
C:\Program Files\Microsoft Office\Office12\1033\mapir.dll
C:\Program Files\Microsoft Office\Office12\contab32.dll
C:\Program Files\Microsoft Office\Office12\emsmdb32.dll
C:\Program Files\Microsoft Office\Office12\MSPST32.DLL
C:\Program Files\Microsoft Office\Office12\olmapi32.dll
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\system32\ACTIVEDS.dll
C:\WINDOWS\system32\adsldpc.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\apphelp.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\credui.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\cryptnet.dll
C:\WINDOWS\system32\D3DIM700.DLL
C:\WINDOWS\system32\dbghelp.dll
C:\WINDOWS\system32\DCIMAN32.dll
C:\WINDOWS\system32\DDRAW.dll
C:\WINDOWS\System32\devenum.dll
C:\WINDOWS\system32\DHCPCSVC.DLL
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\dpnhupnp.dll
C:\WINDOWS\system32\dsound.dll
C:\WINDOWS\system32\dssenh.dll
C:\WINDOWS\System32\es.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.dll
C:\WINDOWS\System32\inetcomm.dll
C:\WINDOWS\System32\inetres.dll
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MAPI32.dll
C:\WINDOWS\system32\midimap.dll
C:\WINDOWS\system32\mlang.dll
C:\WINDOWS\system32\MPRAPI.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msdmo.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\mslbui.dll
C:\WINDOWS\System32\MSOERT2.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\msxml3.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTDSAPI.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEACC.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\ptlcsp.dll
C:\WINDOWS\System32\quartz.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RASAPI32.dll
C:\WINDOWS\system32\rasman.dll
C:\WINDOWS\system32\RICHED20.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\sapiprxy.dll
C:\WINDOWS\system32\schannel.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SensApi.dll
C:\WINDOWS\system32\setupapi.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHFOLDER.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\TAPI32.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\wdmaud.drv
C:\WINDOWS\system32\WINHTTP.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\WinSCard.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\wshbth.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\WTSAPI32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

[C:\Program Files\Spyware Doctor\sdhelp.exe (30)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\system32\advapi32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\version.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\wsock32.dll
C:\WINDOWS\system32\WtsApi32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\Program Files\Spyware Doctor\swdoctor.exe (112)]
C:\Program Files\Spyware Doctor\chilkatxml.dll
C:\Program Files\Spyware Doctor\ikhtool.dll
C:\Program Files\Spyware Doctor\iSHelp.dll
C:\Program Files\Spyware Doctor\rtl70.bpl
C:\Program Files\Spyware Doctor\Tools\actcookie.dll
C:\Program Files\Spyware Doctor\Tools\actstartup.dll
C:\Program Files\Spyware Doctor\Tools\BAScanner.dll
C:\Program Files\Spyware Doctor\Tools\bhoscanner.dll
C:\Program Files\Spyware Doctor\Tools\browserscanner.dll
C:\Program Files\Spyware Doctor\Tools\diskscanner.dll
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\exploitguard.dll
C:\Program Files\Spyware Doctor\Tools\genscanner.dll
C:\Program Files\Spyware Doctor\Tools\hostsscanner.dll
C:\Program Files\Spyware Doctor\Tools\iemonitor.dll
C:\Program Files\Spyware Doctor\Tools\iesdpb.dll
C:\Program Files\Spyware Doctor\Tools\iesdsg.dll
C:\Program Files\Spyware Doctor\Tools\IMGuard.dll
C:\Program Files\Spyware Doctor\Tools\Immunizer.dll
C:\Program Files\Spyware Doctor\Tools\itoollib.dll
C:\Program Files\Spyware Doctor\Tools\keyloggerguard.dll
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\Tools\lspscanner.dll
C:\Program Files\Spyware Doctor\Tools\maldetective.dll
C:\Program Files\Spyware Doctor\Tools\memory.dll
C:\Program Files\Spyware Doctor\Tools\networkguard.dll
C:\Program Files\Spyware Doctor\Tools\popupblocker.dll
C:\Program Files\Spyware Doctor\Tools\processguard.dll
C:\Program Files\Spyware Doctor\Tools\pscanner.dll
C:\Program Files\Spyware Doctor\Tools\PWindow.dll
C:\Program Files\Spyware Doctor\Tools\regscanner.dll
C:\Program Files\Spyware Doctor\Tools\scheduler.dll
C:\Program Files\Spyware Doctor\Tools\sdn.dll
C:\Program Files\Spyware Doctor\Tools\siteguard.dll
C:\Program Files\Spyware Doctor\Tools\StartupScanner.dll
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\Program Files\Spyware Doctor\vcl70.bpl
C:\WINDOWS\system32\ACTIVEDS.dll
C:\WINDOWS\system32\adsldpc.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\apphelp.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\CRYPTUI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\HHCTRL.OCX
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\inetmib1.dll
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LINKINFO.dll
C:\WINDOWS\system32\LZ32.DLL
C:\WINDOWS\system32\MFC42.DLL
C:\WINDOWS\system32\mpr.dll
C:\WINDOWS\system32\MPRAPI.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msscript.ocx
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\MSVBVM60.DLL
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ntshrui.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\Oleacc.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\oledlg.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\system32\perfos.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RASAPI32.DLL
C:\WINDOWS\system32\rasman.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\sensapi.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\shdoclc.dll
C:\WINDOWS\system32\shdocvw.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\snmpapi.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\TAPI32.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\vbscript.dll
C:\WINDOWS\system32\version.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\winmm.dll
C:\WINDOWS\system32\winspool.drv
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\WtsApi32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll

[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (27)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\apphelp.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\TosAvdtAPI.dll
C:\WINDOWS\system32\TosBdAPI.dll
C:\WINDOWS\system32\TosBtAPI.dll
C:\WINDOWS\system32\TosSndAPI.dll
C:\WINDOWS\system32\TosSndPlug.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll

[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (33)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\apphelp.dll
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\HHCTRL.OCX
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LCWizard.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\mslbui.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\TosBdAPI.dll
C:\WINDOWS\system32\TosBtAPI.dll
C:\WINDOWS\system32\TosSndAPI.dll
C:\WINDOWS\system32\TosSndPlug.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (43)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\OemBtAcpiAPI.dll
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtAfh.dll
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtLoad.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\apphelp.dll
C:\WINDOWS\system32\CFGMGR32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\HHCTRL.OCX
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LCWizard.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\mslbui.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\TosBdAPI.dll
C:\WINDOWS\system32\TosBtAPI.dll
C:\WINDOWS\system32\TosBtSDDB.dll
C:\WINDOWS\system32\TosCommAPI.dll
C:\WINDOWS\system32\TosGnsAPI.dll
C:\WINDOWS\system32\TosHidAPI.dll
C:\WINDOWS\system32\TosLaneAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WtsApi32.dll
C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll

[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe (27)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\apphelp.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSVCRT.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\TosBdAPI.dll
C:\WINDOWS\system32\TosBtAcc.dll
C:\WINDOWS\system32\TosBtAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll

[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe (42)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtWrp.dll
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosNtfs.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\apphelp.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\HHCTRL.OCX
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LCWizard.dll
C:\WINDOWS\system32\MFC42.DLL
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHFOLDER.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\TosBdAPI.dll
C:\WINDOWS\system32\TosBtAPI.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WtsApi32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

[C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe (33)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\Program Files\Trend Micro\OfficeScan Client\OfcDog.dll
C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll
C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll
C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll
C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll
C:\Program Files\Trend Micro\OfficeScan Client\PSAPI.DLL
C:\Program Files\Trend Micro\OfficeScan Client\TimeString.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll

[C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe (53)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwCommon.dll
C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll
C:\Program Files\Trend Micro\OfficeScan Client\PSAPI.DLL
C:\Program Files\Trend Micro\OfficeScan Client\tmCfwApi.dll
C:\Program Files\Trend Micro\OfficeScan Client\ZLib.dll
C:\WINDOWS\system32\ACTIVEDS.dll
C:\WINDOWS\system32\adsldpc.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\inetmib1.dll
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MPRAPI.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\mswsock.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\rasapi32.dll
C:\WINDOWS\system32\rasman.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\snmpapi.dll
C:\WINDOWS\system32\TAPI32.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\wshbth.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe (40)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\Program Files\Trend Micro\OfficeScan Client\loadhttp.dll
C:\Program Files\Trend Micro\OfficeScan Client\ntmonres.dll
C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll
C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll
C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll
C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll
C:\Program Files\Trend Micro\OfficeScan Client\PSAPI.DLL
C:\Program Files\Trend Micro\OfficeScan Client\Pwd.dll
C:\Program Files\Trend Micro\OfficeScan Client\TimeString.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\apphelp.dll
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\mslbui.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SECUR32.dll
C:\WINDOWS\system32\security.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe (62)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\Program Files\Trend Micro\OfficeScan Client\libTmCAV.dll
C:\Program Files\Trend Micro\OfficeScan Client\loadhttp.dll
C:\Program Files\Trend Micro\OfficeScan Client\OfcDog.dll
C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll
C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll
C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll
C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll
C:\Program Files\Trend Micro\OfficeScan Client\PSAPI.DLL
C:\Program Files\Trend Micro\OfficeScan Client\Pwd.dll
C:\Program Files\Trend Micro\OfficeScan Client\TMSOCK.dll
C:\Program Files\Trend Micro\OfficeScan Client\TmUpdate.dll
C:\WINDOWS\system32\ACTIVEDS.dll
C:\WINDOWS\system32\adsldpc.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\ATL.DLL
C:\WINDOWS
  • 0

#12
peterg99
Posted 09 September 2006 - 08:59 PM

peterg99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\System32\credui.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\inetmib1.dll
C:\WINDOWS\System32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MPRAPI.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\mswsock.dll
C:\WINDOWS\system32\Netapi32.dll
C:\WINDOWS\System32\netshell.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\rtutils.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\SECUR32.dll
C:\WINDOWS\system32\security.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\snmpapi.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\wshbth.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\Explorer.EXE (83)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\actxprxy.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\apphelp.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\System32\BatMeter.dll
C:\WINDOWS\system32\BROWSEUI.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\credui.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\CRYPTUI.dll
C:\WINDOWS\System32\CSCDLL.dll
C:\WINDOWS\System32\cscui.dll
C:\WINDOWS\System32\davclnt.dll
C:\WINDOWS\System32\drprov.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LINKINFO.dll
C:\WINDOWS\system32\MFC42.DLL
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\System32\MSIMG32.dll
C:\WINDOWS\system32\MSISIP.DLL
C:\WINDOWS\system32\mslbui.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\System32\NETRAP.dll
C:\WINDOWS\system32\NETSHELL.dll
C:\WINDOWS\System32\NETUI0.dll
C:\WINDOWS\System32\NETUI1.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\System32\ntlanman.dll
C:\WINDOWS\system32\ntshrui.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\System32\POWRPROF.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\System32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHDOCVW.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\System32\stobject.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\System32\themeui.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\webcheck.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\wshext.dll
C:\WINDOWS\System32\WSOCK32.dll
C:\WINDOWS\System32\WTSAPI32.dll
C:\WINDOWS\system32\WZCSAPI.DLL
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\System32\alg.exe (35)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\ATL.DLL
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\MSACM32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\MSWSOCK.DLL
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\System32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\System32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\WINMM.dll
C:\WINDOWS\System32\WS2_32.dll
C:\WINDOWS\System32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\System32\WSOCK32.dll
C:\WINDOWS\System32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\Ati2evxx.exe (18)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Ati2edxx.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll

[C:\WINDOWS\system32\Ati2evxx.exe (19)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Ati2edxx.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll

[C:\WINDOWS\system32\cidaemon.exe (31)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\query.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\cidaemon.exe (33)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LangWrbk.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\query.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\cidaemon.exe (34)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADMWPROX.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\query.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\System32\cisvc.exe (36)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\System32\ADMWPROX.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\MSACM32.dll
C:\WINDOWS\System32\msi.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\System32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\System32\PSAPI.DLL
C:\WINDOWS\System32\query.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\rsaenh.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\System32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\WINMM.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\System32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\csrss.exe (19)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\basesrv.dll
C:\WINDOWS\system32\CSRSRV.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\KERNEL32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\sxs.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\winsrv.dll

[C:\WINDOWS\system32\ctfmon.exe (27)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSUTB.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\dla\tfswctrl.exe (31)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\dla\tfswcres.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\tfswapi.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\Wtsapi32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\inetsrv\inetinfo.exe (84)]
C:\Program Files\Common Files\ProClarity\Server\PHTTPFilter.dll
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
C:\WINDOWS\system32\ADMWPROX.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\exstrace.dll
C:\WINDOWS\system32\FCACHDLL.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IISMAP.dll
C:\WINDOWS\system32\IisRTL.DLL
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\inetsrv\admexs.dll
C:\WINDOWS\system32\inetsrv\aqueue.dll
C:\WINDOWS\system32\inetsrv\COADMIN.dll
C:\WINDOWS\system32\inetsrv\compfilt.dll
C:\WINDOWS\system32\inetsrv\gzip.dll
C:\WINDOWS\system32\inetsrv\httpext.dll
C:\WINDOWS\system32\inetsrv\iisadmin.dll
C:\WINDOWS\system32\inetsrv\IISFECNV.dll
C:\WINDOWS\system32\inetsrv\iislog.dll
C:\WINDOWS\system32\inetsrv\INFOCOMM.dll
C:\WINDOWS\system32\inetsrv\ISATQ.dll
C:\WINDOWS\system32\inetsrv\iscomlog.dll
C:\WINDOWS\system32\inetsrv\lonsint.dll
C:\WINDOWS\system32\inetsrv\md5filt.dll
C:\WINDOWS\system32\inetsrv\metadata.dll
C:\WINDOWS\system32\inetsrv\nsepm.dll
C:\WINDOWS\system32\inetsrv\ntfsdrv.dll
C:\WINDOWS\system32\inetsrv\pwsdata.dll
C:\WINDOWS\system32\inetsrv\rpcref.dll
C:\WINDOWS\system32\inetsrv\seo.dll
C:\WINDOWS\system32\inetsrv\SMTPSVC.dll
C:\WINDOWS\system32\inetsrv\sspifilt.dll
C:\WINDOWS\system32\inetsrv\svcext.dll
C:\WINDOWS\system32\inetsrv\w3svc.dll
C:\WINDOWS\system32\inetsrv\wamreg.dll
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTDSAPI.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\RWNH.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\schannel.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\Security.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\STAXMEM.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\VSSAPI.DLL
C:\WINDOWS\system32\wdigest.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\wintrust.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\lsass.exe (62)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\AUTHZ.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\dssenh.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\ipsecsvc.dll
C:\WINDOWS\system32\kerberos.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LSASRV.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msprivs.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\netlogon.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTDSAPI.dll
C:\WINDOWS\system32\oakley.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\psbase.dll
C:\WINDOWS\system32\pstorsvc.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\SAMSRV.dll
C:\WINDOWS\system32\scecli.dll
C:\WINDOWS\system32\schannel.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\w32time.dll
C:\WINDOWS\system32\wdigest.dll
C:\WINDOWS\system32\WINIPSEC.DLL
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\rundll32.exe (36)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\bthprops.cpl
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\DEVMGR.DLL
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WMI.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\SearchIndexer.exe (61)]
C:\Program Files\Common Files\System\Ole DB\oledb32.dll
C:\Program Files\Common Files\System\Ole DB\oledb32r.dll
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\dbghelp.dll
C:\WINDOWS\system32\esent.dll
C:\WINDOWS\system32\filteng.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\infosoft.dll
C:\WINDOWS\system32\invqrypi.dll
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LangWrbk.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSDART.DLL
C:\WINDOWS\system32\msscb.dll
C:\WINDOWS\system32\mssrch.dll
C:\WINDOWS\system32\msstrc.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcp60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\MUI\0409\pqsutil.dll.mui
C:\WINDOWS\system32\MUI\0409\SearchIndexer.exe.mui
C:\WINDOWS\system32\MUI\0409\tquery.dll.mui
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\perfproc.dll
C:\WINDOWS\system32\Pqsutil.DLL
C:\WINDOWS\system32\propdefs.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\query.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\sapiprxy.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\TQUERY.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\winhttp.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WTSAPI32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\services.exe (38)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\AUTHZ.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\eventlog.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NCObjAPI.DLL
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SCESRV.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\umpnpmgr.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\wtsapi32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\System32\smss.exe (1)]
C:\WINDOWS\system32\ntdll.dll

[C:\WINDOWS\system32\spoolsv.exe (67)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\cnbjmon.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\inetpp.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\lmdimon.dll
C:\WINDOWS\system32\localspl.dll
C:\WINDOWS\system32\mdimon.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\mswsock.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\NETRAP.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTDSAPI.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\pjlmon.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\sfc_os.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lmdippr.dll
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll
C:\WINDOWS\system32\SPOOLSS.DLL
C:\WINDOWS\system32\tbtmon.dll
C:\WINDOWS\system32\tbtmon98Language.dll
C:\WINDOWS\system32\tcpmon.dll
C:\WINDOWS\system32\TosBdAPI.dll
C:\WINDOWS\system32\TosBtAPI.dll
C:\WINDOWS\system32\TosBtHcrpAPI.dll
C:\WINDOWS\system32\usbmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\win32spl.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\winspool.drv
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\wshbth.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\System32\svchost.exe (154)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\AppPatch\AcGenral.DLL
c:\windows\pchealth\helpctr\binaries\pchsvc.dll
C:\WINDOWS\System32\ACTIVEDS.dll
C:\WINDOWS\System32\adsldpc.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\ADVPACK.dll
C:\WINDOWS\system32\Apphelp.dll
c:\windows\system32\ATL.DLL
c:\windows\system32\audiosrv.dll
c:\windows\system32\AUTHZ.dll
c:\windows\system32\browser.dll
C:\WINDOWS\System32\Cabinet.dll
c:\windows\system32\certcli.dll
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\System32\CLUSAPI.DLL
C:\WINDOWS\system32\colbact.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\system32\comsvcs.dll
c:\windows\system32\credui.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\System32\cryptdll.dll
c:\windows\system32\cryptsvc.dll
C:\WINDOWS\system32\CRYPTUI.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dmserver.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\ersvc.dll
c:\windows\system32\es.dll
c:\windows\system32\ESENT.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\System32\h323.tsp
c:\windows\system32\HID.DLL
C:\WINDOWS\System32\hidphone.tsp
c:\windows\system32\hidserv.dll
C:\WINDOWS\System32\hnetcfg.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\System32\ipconf.tsp
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ipnathlp.dll
C:\WINDOWS\system32\kerberos.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\kmddsp.tsp
C:\WINDOWS\System32\mlang.dll
C:\WINDOWS\system32\modemui.dll
C:\WINDOWS\System32\MPRAPI.dll
C:\WINDOWS\System32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
c:\windows\system32\msi.dll
C:\WINDOWS\System32\MSIDLE.DLL
C:\WINDOWS\System32\mspatcha.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\System32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\MTXCLU.DLL
C:\WINDOWS\system32\NCObjAPI.DLL
C:\WINDOWS\System32\ndptsp.tsp
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\System32\netcfgx.dll
c:\windows\system32\netman.dll
c:\windows\system32\netshell.dll
C:\WINDOWS\system32\ntdll.dll
c:\windows\system32\NTDSAPI.dll
C:\WINDOWS\System32\ntlsapi.dll
C:\WINDOWS\System32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
c:\windows\system32\POWRPROF.dll
C:\WINDOWS\System32\PSAPI.DLL
C:\WINDOWS\System32\rasadhlp.dll
C:\WINDOWS\System32\RASAPI32.dll
C:\WINDOWS\System32\raschap.dll
C:\WINDOWS\System32\RASDLG.dll
C:\WINDOWS\System32\rasman.dll
C:\WINDOWS\System32\rasmans.dll
C:\WINDOWS\System32\rasppp.dll
C:\WINDOWS\System32\rastapi.dll
C:\WINDOWS\System32\rastls.dll
C:\WINDOWS\System32\RESUTILS.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\rsaenh.dll
c:\windows\system32\rtutils.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\System32\SCHANNEL.dll
c:\windows\system32\schedsvc.dll
c:\windows\system32\seclogon.dll
c:\windows\system32\Secur32.dll
c:\windows\system32\sens.dll
C:\WINDOWS\System32\SETUPAPI.dll
C:\WINDOWS\System32\sfc.dll
C:\WINDOWS\System32\sfc_os.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\System32\SHFOLDER.dll
C:\WINDOWS\System32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\srsvc.dll
c:\windows\system32\srvsvc.dll
C:\WINDOWS\System32\SSDPAPI.dll
C:\WINDOWS\System32\SXS.DLL
C:\WINDOWS\System32\TAPI32.dll
c:\windows\system32\tapisrv.dll
c:\windows\system32\trkwks.dll
C:\WINDOWS\System32\unimdm.tsp
C:\WINDOWS\System32\unimdmat.dll
C:\WINDOWS\System32\uniplat.dll
C:\WINDOWS\System32\upnp.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\VSSAPI.DLL
c:\windows\system32\w32time.dll
C:\WINDOWS\System32\Wbem\esscli.dll
C:\WINDOWS\System32\Wbem\FastProx.dll
C:\WINDOWS\System32\wbem\ncprov.dll
C:\WINDOWS\System32\wbem\repdrvfs.dll
C:\WINDOWS\System32\wbem\wbemcomn.dll
C:\WINDOWS\System32\Wbem\wbemcore.dll
C:\WINDOWS\System32\wbem\wbemess.dll
C:\WINDOWS\System32\wbem\wbemsvc.dll
C:\WINDOWS\System32\wbem\wmiprvsd.dll
c:\windows\system32\wbem\wmisvc.dll
C:\WINDOWS\System32\wbem\wmiutils.dll
C:\WINDOWS\System32\WINHTTP.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\System32\WINIPSEC.DLL
C:\WINDOWS\System32\WINMM.dll
C:\WINDOWS\System32\WinSCard.dll
C:\WINDOWS\System32\WINSPOOL.DRV
C:\WINDOWS\System32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
c:\windows\system32\wkssvc.dll
C:\WINDOWS\system32\WLDAP32.dll
c:\windows\system32\WMI.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\wscsvc.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WSOCK32.dll
c:\windows\system32\WTSAPI32.dll
C:\WINDOWS\system32\wuaueng.dll
c:\windows\system32\wuauserv.dll
C:\WINDOWS\system32\wups.dll
C:\WINDOWS\System32\WZCSAPI.DLL
c:\windows\system32\wzcsvc.dll
C:\WINDOWS\System32\xmlprovi.dll
C:\WINDOWS\System32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\System32\svchost.exe (33)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\comctl32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\System32\hnetcfg.dll
C:\WINDOWS\system32\IMM32.DLL
c:\windows\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\MSACM32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\System32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\System32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\WINMM.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\svchost.exe (36)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
c:\windows\system32\bthserv.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\secur32.dll
c:\windows\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\svchost.exe (43)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\rsaenh.dll
c:\windows\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\WLDAP32.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
C:\WINDOWS\system32\wshbth.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\System32\svchost.exe (46)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\System32\hnetcfg.dll
C:\WINDOWS\system32\IMM32.DLL
c:\windows\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
c:\windows\system32\lmhsvc.dll
C:\WINDOWS\System32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\System32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\System32\PSAPI.DLL
c:\windows\system32\regsvc.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\System32\Secur32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\System32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
c:\windows\system32\ssdpsrv.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
c:\windows\system32\webclnt.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\System32\WINMM.dll
C:\WINDOWS\system32\WLDAP32.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\System32\wsock32.dll
C:\WINDOWS\System32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\svchost.exe (51)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\AppPatch\AcGenral.DLL
c:\windows\system32\ACTIVEDS.dll
c:\windows\system32\adsldpc.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
c:\windows\system32\ATL.DLL
c:\windows\system32\AUTHZ.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
c:\windows\system32\ICAAPI.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
c:\windows\system32\mstlsapi.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\REGAPI.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\SAMLIB.dll
c:\windows\system32\Secur32.dll
c:\windows\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
c:\windows\system32\termsrv.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\System32\wbem\wmiprvse.exe (45)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NCObjAPI.DLL
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTDSAPI.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\wbem\cimwin32.dll
C:\WINDOWS\System32\wbem\FastProx.dll
C:\WINDOW
  • 0

#13
peterg99
Posted 09 September 2006 - 09:01 PM

peterg99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
S\System32\wbem\framedyn.dll
C:\WINDOWS\System32\wbem\wbemcomn.dll
C:\WINDOWS\System32\wbem\wbemprox.dll
C:\WINDOWS\System32\wbem\wbemsvc.dll
C:\WINDOWS\System32\wbem\wmiutils.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\wdfmgr.exe (20)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\WINTRUST.dll

[C:\WINDOWS\system32\winlogon.exe (70)]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\Ati2evxx.dll
C:\WINDOWS\system32\AUTHZ.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\cscdll.dll
C:\WINDOWS\system32\cscui.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\midimap.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSGINA.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NDdeApi.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ODBC32.dll
C:\WINDOWS\system32\odbcint.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PROFMAP.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\REGAPI.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\sfc.dll
C:\WINDOWS\system32\sfc_os.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SHSVCS.dll
C:\WINDOWS\system32\sxs.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\wdmaud.drv
C:\WINDOWS\system32\WgaLogon.dll
C:\WINDOWS\system32\WINHTTP.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSCARD.DLL
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WlNotify.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WTSAPI32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\TEMP\FAAE55.EXE (21)]
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\tools\swpg.dat
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll

--------------------

Autostart folders:

[Startup (1)]
desktop.ini

[User Startup (1)]
desktop.ini

[Common Startup (2)]
Bluetooth Manager.lnk
desktop.ini

[User Common Startup (2)]
Bluetooth Manager.lnk
desktop.ini

--------------------

IniMapping values:

System NT shell = Explorer.exe
User screensaver = C:\WINDOWS\System32\ssbezier.scr

--------------------

Autostarting batch files:

[autoexec.nt]
@echo off
lh %SystemRoot%\system32\mscdexnt.exe
lh %SystemRoot%\system32\redir
lh %SystemRoot%\system32\dosx
SET BLASTER=A220 I5 D1 P330 T3

[config.nt]
dos=high, umb
device=%SystemRoot%\system32\himem.sys
files=40

--------------------

On-reboot actions:

[Wininit.ini]
[Rename]
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=C:\DOCUME~1\PGRATZ~1\LOCALS~1\Temp\VIES6808

BootExecute = autocheck autochk *

--------------------

Shell commands:

.bat - MS-DOS Batch File - "%1" %*
.cmd - Windows NT Command Script - "%1" %*
.com - MS-DOS Application - "%1" %*
.exe - Application - "%1" %*
.hta - HTML Application - C:\WINDOWS\System32\mshta.exe "%1" %*
.js - JScript Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.jse - JScript Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.pif - Shortcut to MS-DOS Program - "%1" %*
.scr - Screen Saver - "%1" /S
.txt - Text Document - C:\WINDOWS\system32\NOTEPAD.EXE %1
.vbe - VBScript Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.vbs - VBScript Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.wsf - Windows Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.wsh - Windows Script Host Settings File - C:\WINDOWS\System32\WScript.exe "%1" %*

--------------------

Services:

[NT Services (53)]
Ati HotKey Poller = C:\WINDOWS\system32\Ati2evxx.exe
Automatic Updates = C:\WINDOWS\System32\svchost.exe -k netsvcs
Bluetooth Support Service = C:\WINDOWS\system32\svchost.exe -k bthsvcs
Computer Browser = C:\WINDOWS\System32\svchost.exe -k netsvcs
Cryptographic Services = C:\WINDOWS\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher = C:\WINDOWS\system32\svchost -k DcomLaunch
DHCP Client = C:\WINDOWS\System32\svchost.exe -k netsvcs
Distributed Link Tracking Client = C:\WINDOWS\system32\svchost.exe -k netsvcs
DNS Client = C:\WINDOWS\System32\svchost.exe -k NetworkService
Error Reporting Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
Event Log = C:\WINDOWS\system32\services.exe
EvtEng = C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
Help and Support = C:\WINDOWS\System32\svchost.exe -k netsvcs
HID Input Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
IIS Admin = C:\WINDOWS\system32\inetsrv\inetinfo.exe
Indexing Service = C:\WINDOWS\System32\cisvc.exe
IPSEC Services = C:\WINDOWS\System32\lsass.exe
Logical Disk Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs
Machine Debug Manager = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
Net Logon = C:\WINDOWS\System32\lsass.exe
OfficeScanNT Listener = C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
OfficeScanNT Personal Firewall = C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
OfficeScanNT RealTime Scan = C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
PC Tools Spyware Doctor = C:\Program Files\Spyware Doctor\sdhelp.exe
Plug and Play = C:\WINDOWS\system32\services.exe
Print Spooler = C:\WINDOWS\system32\spoolsv.exe
Protected Storage = C:\WINDOWS\system32\lsass.exe
RegSrvc = C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
Remote Procedure Call (RPC) = C:\WINDOWS\system32\svchost -k rpcss
Remote Registry = C:\WINDOWS\system32\svchost.exe -k LocalService
Secondary Logon = C:\WINDOWS\System32\svchost.exe -k netsvcs
Security Accounts Manager = C:\WINDOWS\system32\lsass.exe
Security Center = C:\WINDOWS\System32\svchost.exe -k netsvcs
Server = C:\WINDOWS\System32\svchost.exe -k netsvcs
Shell Hardware Detection = C:\WINDOWS\System32\svchost.exe -k netsvcs
Simple Mail Transfer Protocol (SMTP) = C:\WINDOWS\system32\inetsrv\inetinfo.exe
Spectrum24 Event Monitor = C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
System Event Notification = C:\WINDOWS\system32\svchost.exe -k netsvcs
System Restore Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
Task Scheduler = C:\WINDOWS\System32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper = C:\WINDOWS\System32\svchost.exe -k LocalService
Themes = C:\WINDOWS\System32\svchost.exe -k netsvcs
WebClient = C:\WINDOWS\System32\svchost.exe -k LocalService
Windows Audio = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Firewall/Internet Connection Sharing (ICS) = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Management Instrumentation = C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Search Service = C:\WINDOWS\system32\SearchIndexer.exe /Embedding
Windows Time = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows User Mode Driver Framework = C:\WINDOWS\system32\wdfmgr.exe
Wireless Zero Configuration = C:\WINDOWS\System32\svchost.exe -k netsvcs
WLANKEEPER = C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Workstation = C:\WINDOWS\System32\svchost.exe -k netsvcs
World Wide Web Publishing = C:\WINDOWS\system32\inetsrv\inetinfo.exe

[VxD Services (1)]
JAVASUP = JAVASUP.VXD

[SafeBoot services (Minimal boot)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
dmboot.sys
dmio.sys
dmload.sys
sermouse.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
PCI Configuration
PNP Filter
Primary disk
SCSI Class
System Bus Extender

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AppMgmt
CryptSvc
DcomLaunch
dmadmin
dmserver
EventLog
HelpSvc
Netlogon
PlugPlay
RpcSs
SRService
vds
WinMgmt

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}

* Volume shadow copy *
{533C5B84-EC70-11D2-9505-00C04F79DEAF}


[SafeBoot services (Minimal boot + network support)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
dmboot.sys
dmio.sys
dmload.sys
ip6fw.sys
ipnat.sys
rdpcdd.sys
rdpdd.sys
rdpwd.sys
sermouse.sys
tdpipe.sys
tdtcp.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
NDIS
NDIS Wrapper
NetBIOSGroup
NetDDEGroup
Network
NetworkProvider
PCI Configuration
PNP Filter
PNP_TDI
Primary disk
SCSI Class
Streams Drivers
System Bus Extender
TDI

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* Net *
{4D36E972-E325-11CE-BFC1-08002BE10318}

* NetClient *
{4D36E973-E325-11CE-BFC1-08002BE10318}

* NetService *
{4D36E974-E325-11CE-BFC1-08002BE10318}

* NetTrans *
{4D36E975-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AFD
AppMgmt
Browser
CryptSvc
DcomLaunch
Dhcp
dmadmin
dmserver
DnsCache
EventLog
HelpSvc
LanmanServer
LanmanWorkstation
LmHosts
Messenger
Ndisuio
NetBIOS
NetBT
Netlogon
NetMan
NtLmSsp
PlugPlay
rdsessmgr
RpcSs
sharedaccess
SRService
Tcpip
termservice
UploadMgr
WinMgmt
WZCSVC

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}


[SafeBoot: Alternate shell]
cmd.exe (not enabled)

--------------------

Driver filters:

[Class filters]
* Disk drives *
- Upper filters
PartMgr.sys

- Lower filters
drvmcdb.sys

* DVD/CD-ROM drives *
- Lower filters
PxHelp20.sys
drvmcdb.sys
sscdbhk5.sys

* Infrared devices *
- Upper filters
IRENUM.sys

* Keyboards *
- Upper filters
kbdclass.sys

* Mice and other pointing devices *
- Upper filters
mouclass.sys

* Storage volumes *
- Upper filters
VolSnap.sys

* Tape drives *
- Lower filters
drvmcdb.sys
PxHelp20.sys



[Device filters]
* Alps Touch Pad *
- Upper filters
ApfiltrService.sys

* Bluetooth Device (RFCOMM Protocol TDI) *
- Upper filters
BthEnum.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* Conexant D110 MDC V.92 Modem *
- Lower filters
HSFHWICH.sys
HSF_DPV.sys
winachsf.sys

* Direct Parallel *
- Lower filters
PtiLink.sys

* Microsoft USB Wheel Mouse Optical (IntelliPoint) *
- Upper filters
Point32.sys

* Microsoft USB Wireless Mouse (IntelliPoint) *
- Upper filters
Point32.sys

* Microsoft USB Wireless Mouse (IntelliPoint) *
- Upper filters
Point32.sys

* Terminal Server Keyboard Driver *
- Upper filters
kbdclass.sys

* Terminal Server Mouse Driver *
- Upper filters
mouclass.sys

* WAN Miniport (IP) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPPOE) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPTP) *
- Lower filters
NdisTapi.sys



--------------------

Print monitors (8):

BJ Language Monitor - cnbjmon.dll
Local Port - localspl.dll
Microsoft Document Imaging Writer Monitor - mdimon.dll
Microsoft Office Live Meeting Document Writer Monitor - lmdimon.dll
PJL Language Monitor - pjlmon.dll
Standard TCP/IP Port - tcpmon.dll
Toshiba Bluetooth Monitor - tbtmon.dll
USB Monitor - usbmon.dll

--------------------

WinLogon autoruns:

UserInit = C:\WINDOWS\system32\userinit.exe,
VmApplet = rundll32 shell32,Control_RunDLL "sysdm.cpl"

[Notify (12)]
AtiExtEvent = Ati2evxx.dll
crypt32chain = crypt32.dll
cryptnet = cryptnet.dll
cscdll = cscdll.dll
IntelWireless = C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
ScCertProp = wlnotify.dll
Schedule = wlnotify.dll
sclgntfy = sclgntfy.dll
SensLogn = WlNotify.dll
termsrv = wlnotify.dll
WgaLogon = WgaLogon.dll
wlballoon = wlnotify.dll

[Group policy extensions (12)]
Wireless = gptext.dll
Folder Redirection = fdeploy.dll
Microsoft Disk Quota = dskquota.dll
QoS Packet Scheduler = gptext.dll
Scripts = gptext.dll
Internet Explorer Zonemapping = iedkcs32.dll
Windows Search Group Policy Extension = %SystemRoot%\System32\srchadmin.dll
Security = scecli.dll
Internet Explorer Branding = iedkcs32.dll
EFS recovery = scecli.dll
Software Installation = appmgmts.dll
IP Security = gptext.dll

--------------------

Policies:

[This user]
* Primary policies *
- Software\Policies\Microsoft\Cryptography\AutoEnrollment (1)
AEPolicy = dword: 7

- Software\Policies\Microsoft\Windows\Installer (1)
AlwaysInstallElevated = dword: 1

* Alternate policies *
- Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1)
NoDriveTypeAutoRun = dword: 145



[All users]
* Primary policies *
- Software\Policies\Microsoft\Messenger\Client (1)
DisablePawn = dword: 1

- Software\Policies\Microsoft\Windows\Installer (2)
EnableAdminTSRemote = dword: 1
AlwaysInstallElevated = dword: 1

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000} (7)
ClassName = ipsecFilter
description = Matches all ICMP packets between this computer and any other computer.
name = ipsecFilter{72385235-70fa-11d1-864c-14a300000000}
ipsecName = All ICMP Traffic
ipsecID = {72385235-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000} (7)
ClassName = ipsecFilter
description = Matches all IP packets from this computer to any other computer, except broadcast, multicast, Kerberos, RSVP and ISAKMP (IKE).
name = ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}
ipsecName = All IP Traffic
ipsecID = {7238523a-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}
ipsecID = {72385231-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}
ipsecID = {72385234-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}
ipsecID = {72385237-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}
ipsecID = {7238523d-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{3257e96d-2cee-4e3a-969c-ff12c55bf5ad} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{3257e96d-2cee-4e3a-969c-ff12c55bf5ad}
ipsecID = {3257e96d-2cee-4e3a-969c-ff12c55bf5ad}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Accepts unsecured communication, but requests clients to establish trust and security methods. Will communicate insecurely to untrusted clients if they do not respond to request.
name = ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}
ipsecName = Request Security (Optional)
ipsecID = {72385233-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {3f91a81a-7647-11d1-864d-d46a00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Permit unsecured IP packets to pass through.
name = ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
ipsecName = Permit
ipsecID = {7238523b-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {8a171dd2-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients.
name = ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}
ipsecName = Require Security
ipsecID = {7238523f-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {3f91a81a-7647-11d1-864d-d46a00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{f63f74b3-c37a-4da5-8210-945f6c9ce058} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{f63f74b3-c37a-4da5-8210-945f6c9ce058}
ipsecID = {f63f74b3-c37a-4da5-8210-945f6c9ce058}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{fc792a46-b5ee-49dd-9b4a-9b855a32ca3b} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{fc792a46-b5ee-49dd-9b4a-9b855a32ca3b}
ipsecID = {fc792a46-b5ee-49dd-9b4a-9b855a32ca3b}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{047c4095-df6e-4afb-b492-9c767be510b7} (6)
ClassName = ipsecNFA
name = ipsecNFA{047c4095-df6e-4afb-b492-9c767be510b7}
ipsecID = {047c4095-df6e-4afb-b492-9c767be510b7}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{fc792a46-b5ee-49dd-9b4a-9b855a32ca3b}
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{25dd658e-37e2-455d-aeae-35860d6d40d5} (8)
ClassName = ipsecNFA
name = ipsecNFA{25dd658e-37e2-455d-aeae-35860d6d40d5}
ipsecName = Request Security (Optional) Rule
description = For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request.
ipsecID = {25dd658e-37e2-455d-aeae-35860d6d40d5}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{3f969eb1-592f-441c-bf45-f818950bb5f7} (6)
ClassName = ipsecNFA
name = ipsecNFA{3f969eb1-592f-441c-bf45-f818950bb5f7}
ipsecID = {3f969eb1-592f-441c-bf45-f818950bb5f7}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{f63f74b3-c37a-4da5-8210-945f6c9ce058}
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{63501ea9-1c8a-4569-acb3-32ad7673d4e8} (8)
ClassName = ipsecNFA
name = ipsecNFA{63501ea9-1c8a-4569-acb3-32ad7673d4e8}
ipsecName = Permit unsecure ICMP packets to pass through.
description = Permit unsecure ICMP packets to pass through.
ipsecID = {63501ea9-1c8a-4569-acb3-32ad7673d4e8}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{ae7e6376-1452-4029-bc0c-8051ddc91a4b} (8)
ClassName = ipsecNFA
name = ipsecNFA{ae7e6376-1452-4029-bc0c-8051ddc91a4b}
ipsecName = Require Security
description = Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients.
ipsecID = {ae7e6376-1452-4029-bc0c-8051ddc91a4b}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{c49fd2de-5c7d-418b-8a10-7b9e43deb25b} (8)
ClassName = ipsecNFA
name = ipsecNFA{c49fd2de-5c7d-418b-8a10-7b9e43deb25b}
ipsecName = Permit unsecure ICMP packets to pass through.
description = Permit unsecure ICMP packets to pass through.
ipsecID = {c49fd2de-5c7d-418b-8a10-7b9e43deb25b}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{d291d34b-044c-4e1e-8ee4-9b1b78d3bd5c} (6)
ClassName = ipsecNFA
name = ipsecNFA{d291d34b-044c-4e1e-8ee4-9b1b78d3bd5c}
ipsecID = {d291d34b-044c-4e1e-8ee4-9b1b78d3bd5c}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{3257e96d-2cee-4e3a-969c-ff12c55bf5ad}
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request.
name = ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}
ipsecName = Server (Request Security)
ipsecID = {72385230-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = Communicate normally (unsecured). Use the default response rule to negotiate with servers that request security. Only the requested protocol and port traffic with that server is secured.
name = ipsecPolicy{72385236-70fa-11d1-864c-14a300000000}
ipsecName = Client (Respond Only)
ipsecID = {72385236-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = For all IP traffic, always require security using Kerberos trust. Do NOT allow unsecured communication with untrusted clients.
name = ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}
ipsecName = Secure Server (Require Security)
ipsecID = {7238523c-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers (4)
TransparentEnabled = dword: 1
DefaultLevel = dword: 262144
AuthenticodeEnabled = dword: 0
PolicyScope = dword: 0

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} (4)
Description = Stop the download of this file
FriendlyName = Mdac11.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} (4)
Description = Stop the download of this file
FriendlyName = mdac20.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} (4)
Description = Stop the download of this file
FriendlyName = mdac20_a.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} (4)
Description = Stop the download of this file
FriendlyName = _msadc10.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} (4)
Description = Stop the download of this file
FriendlyName = msadc11.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} (2)
Description =
SaferFlags = dword: 0

- Software\Policies\Microsoft\Windows NT\Printers (1)
PhysicalLocationSupport = dword: 1

* Alternate policies *
- Software\Microsoft\Windows\CurrentVersion\policies\NonEnum (4)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = dword: 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = dword: 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = dword: 32
{B73A057F-DC1B-4067-9D8E-B69A07A7C368} = dword: 1

- Software\Microsoft\Windows\CurrentVersion\policies\system (5)
dontdisplaylastusername = dword: 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = dword: 1
undockwithoutlogon = dword: 1



--------------------

Browser Helper Objects (5):

Adobe PDF Reader Link Helper = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
DriveLetterAccess = {5CA3D70E-1895-11CF-8E15-001234567890} = C:\WINDOWS\system32\dla\tfswshx.dll
Google Toolbar Helper = {AA58ED58-01DD-4d91-8333-CF10577473F7} = c:\program files\google\googletoolbar1.dll
PCTools Browser Monitor = {B56A7D7D-6927-48C8-A975-17DF180C71AC} = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
PCTools Site Guard = {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

--------------------

ActiveX objects (13):

BASEIE40_W2K - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe
BRANDING.CAB - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
DOTNETFRAMEWORKS - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
IE4Shell_NT - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
IEACCESS - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
MailNews - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
NetMeeting - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
OEACCESS - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
Theme Component - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
WAB - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
Windows Marketplace Link - {4b218e3e-bc98-4770-93d3-2731b9329278} - C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 C:\WINDOWS\inf\ie.inf
WMPACCESS - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

--------------------

Internet Explorer toolbars:

[This user]
* ShellBrowser (2) *
&Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
&Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

* WebBrowser (3) *
&Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
&Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll
&Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll


--------------------

Internet Explorer buttons/tools (3):

Research - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
@xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
@C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

--------------------

Internet Explorer menu extensions:

[This user (2)]
Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

--------------------

Internet Explorer Bands (8):

Search Band - {30D02401-6A81-11d0-8274-00C04FD5AE38} - C:\WINDOWS\System32\browseui.dll
&Tip of the Day - {4D5C8C25-D075-11d0-B416-00C04FB90376} - C:\WINDOWS\system32\shdocvw.dll
&Discuss - {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} - shdocvw.dll
File Search Explorer Band - {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - C:\WINDOWS\system32\SHELL32.dll
Favorites Band - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
History Band - {EFA24E62-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
Explorer Band - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
&Research - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

--------------------

Downloaded Program Files (14):

Microsoft XML Parser for Java - Microsoft XML Parser for Java - (no file) - file://C:\WINDOWS\Java\classes\xmldso.cab
Office Genuine Advantage Validation Tool - {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - C:\WINDOWS\system32\OGACheckControl.DLL - http://go.microsoft....k/?linkid=58813
OfficeScan Corp Edition Web-Deployment SetupINICtrl Class - {08D75BB0-D2B5-11D1-88FC-0080C859833B} - C:\WINDOWS\Downloaded Program Files\OfficeScanSetupINI.dll - https://sjc-fp02/off...ll/setupini.cab
OfficeScan Corp Edition Web-Deployment SetupCtrl Class - {08D75BC1-D2B5-11D1-88FC-0080C859833B} - C:\WINDOWS\Downloaded Program Files\OfficeScanSetup.dll - https://sjc-fp02/off...stall/setup.cab
Meet247 - Live Meeting - {2591F13E-4ED2-4EB6-AC24-F9F543BA4B7B} - C:\WINDOWS\DOWNLO~1\OMCLML~1.OCX - https://www.meet247....mLauncher43.ocx
Office Update Installation Engine - {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - C:\WINDOWS\opuc.dll - http://office.micros...ntent/opuc3.cab
Malicious Software Removal Tool - {4B48D5DF-9021-45F7-A240-60304302A215} - C:\WINDOWS\Downloaded Program Files\WebCleaner.dll - http://download.micr.../WebCleaner.cab
OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class - {5EFE8CB1-D095-11D1-88FC-0080C859833B} - C:\WINDOWS\Downloaded Program Files\OfficeScanRemoveCtrl.dll - https://sjc-fp02/off.../RemoveCtrl.cab
MUWebControl Class - {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - C:\WINDOWS\system32\muweb.dll - http://update.micros...b?1139421660718
Microsoft Virtual Server VMRC Control - {7C896371-4B7F-4B34-95B1-24851F5DED24} - C:\WINDOWS\Downloaded Program Files\VMRCActiveXClient.dll - http://localhost/Vir...tiveXClient.cab
Shockwave Flash Object - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx - http://download.macr...ash/swflash.cab
GpcContainer Class - {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - C:\WINDOWS\Downloaded Program Files\ieatgpc.dll - https://emcsoftwareg...bex/ieatgpc.cab
McFreeScan Class - {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll - http://download.mcaf...820/mcfscan.cab
RSClientPrint Class - {FA91DF8D-53AB-455D-AB20-F2F023E498D3} - C:\WINDOWS\Downloaded Program Files\RSClientPrint.dll - http://localhost/Rep...OpType=PrintCab

--------------------

URL search hooks:

[This user (1)]
Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll

--------------------

Explorer clones:

C:\WINDOWS\explorer.exe

--------------------

Image File Execution Options (1):

Your Image File Name Here without a path = ntsd -d

--------------------

ContextMenuHandlers:

[* (6)]
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll
Open With = {09799AFB-AD67-11d1-ABCD-00C04FC30936} = C:\WINDOWS\system32\SHELL32.dll
Open With EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = C:\WINDOWS\system32\SHELL32.dll
Start Menu Pin = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = C:\WINDOWS\system32\SHELL32.dll
tosBtShllExt = {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} = C:\WINDOWS\system32\TosBtShell.dll
WinZip = {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[Drive (7)]
Disk Copy Extension = {59099400-57FF-11CE-BD94-0020AF85B590} = diskcopy.dll
DriveLetterAccess = {5CA3D70E-1895-11CF-8E15-001234567890} = C:\WINDOWS\system32\dla\tfswshx.dll
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll
Portable Media Devices Menu = {cc86590a-b60a-48e6-996b-41d25ed39a1e} = C:\WINDOWS\system32\Audiodev.dll
RecordNow! ContextMenuExt = {E91B2703-013E-4A99-AD33-2B6FB00AA356} = C:\Program Files\Sonic\RecordNow Deluxe\RecordNow! Deluxe\shlext.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
ShellFolder for CD Burning = {fbeb8a05-beee-4442-804e-409d6c4515e9} = C:\WINDOWS\system32\SHELL32.dll

[Folder (2)]
SpySweeper = {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
WinZip = {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[CompressedFolder (1)]
Compressed (zipped) Folder Context Menu = {b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} = C:\WINDOWS\System32\zipfldr.dll

[Directory (5)]
EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = C:\WINDOWS\system32\SHELL32.dll
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
tosBtShllExt = {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} = C:\WINDOWS\system32\TosBtShell.dll
WinZip = {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[Directory\Background (1)]
New = {D969A300-E7FF-11d0-A93B-00A0C90F2719} = C:\WINDOWS\system32\SHELL32.dll

[ChannelShortcut (1)]
Channel Menu Handler Object = {f3da0dc0-9cc8-11d0-a599-00c04fd64437} = C:\WINDOWS\system32\cdfview.dll

[InternetShortcut (1)]
Internet Shortcut = {FBF23B40-E3F0-101B-8488-00AA003E56F8} = shdocvw.dll

[AllFileSystemObjects (2)]
Send To = {7BA4C740-9E81-11CF-99D3-00AA004AE837} = C:\WINDOWS\system32\SHELL32.dll
SpySweeper = {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll

--------------------

ColumnHandlers (5):

(no name) - {0D2E74C4-3C34-11d2-A27E-00C04FC30871} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {24F14F01-7B1C-11d1-838f-0000F80461CF} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {24F14F02-7B1C-11d1-838f-0000F80461CF} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {66742402-F9B9-11D1-A202-0000F81FEDEE} - C:\WINDOWS\system32\SHELL32.dll
PDF Shell Extension - {F9DB5320-233E-11D1-9F84-707F02C10627} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

--------------------

ShellExecuteHooks (2):

URL Exec Hook = {56F9679E-7826-4C84-81F3-532071A8BCC5} = C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
URL Exec Hook = {AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

--------------------

Approved Shell Extensions:

[All users (205)]
%DESC_PublishDropTarget% - {60fd46de-f830-4894-a628-6fa81bc0190d} - C:\WINDOWS\System32\photowiz.dll
&Address - {01E04581-4EEE-11d0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
.CAB file viewer - {0CD7A5C0-9F37-11CE-AE65-08002B2E1262} - cabview.dll
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} - {506F4668-F13E-4AA1-BB04-B43203AB3CC0} - C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL
{D66DC78C-4F61-447F-942B-3FB6980118CF} - {D66DC78C-4F61-447F-942B-3FB6980118CF} - C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL
Accessible - {7e653215-fa25-46bd-a339-34a2790f3cb7} - C:\WINDOWS\System32\browseui.dll
ActiveX Cache Folder - {88C6C381-2E85-11D0-94DE-444553540000} - C:\WINDOWS\System32\occache.dll
Address Bar Parser - {E0E11A09-5CB8-4B6C-8332-E00720A168F2} - C:\WINDOWS\System32\browseui.dll
Address EditBox - {A08C11D2-A228-11d0-825B-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
Administrative Tools - {D20EA4E1-3957-11d2-A40B-0C5020524153} - C:\WINDOWS\system32\shdocvw.dll
Audio Media Properties Handler - {875CB1A1-0F29-45de-A1AE-CFB4950D0B78} - C:\WINDOWS\System32\shmedia.dll
Augmented Shell Folder - {91EA3F8B-C99B-11d0-9815-00C04FD91972} - C:\WINDOWS\System32\browseui.dll
Augmented Shell Folder 2 - {6413BA2C-B461-11d1-A18A-080036B11A03} - C:\WINDOWS\System32\browseui.dll
Auto Update Property Sheet Extension - {5F327514-6C5E-4d60-8F16-D07FA08A78ED} - C:\WINDOWS\system32\wuaucpl.cpl
Avi Properties Handler - {87D62D94-71B3-4b9a-9489-5FE6850DC73E} - C:\WINDOWS\System32\shmedia.dll
BandProxy - {F61FFEC1-754F-11d0-80CA-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
Bluetooth - {45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} - C:\WINDOWS\system32\TosBtExt.dll
Briefcase - {85BBD920-42A0-1069-A2E4-08002B30309D} - syncui.dll
CDF Extension Copy Hook - {67EA19A0-CCEF-11d0-8024-00C04FD75D13} - C:\WINDOWS\system32\shdocvw.dll
Channel File - {f39a0dc0-9cc8-11d0-a599-00c04fd64433} - C:\WINDOWS\system32\cdfview.dll
Channel Handler Object - {f3ba0dc0-9cc8-11d0-a599-00c04fd64435} - C:\WINDOWS\system32\cdfview.dll
Channel Menu - {f3da0dc0-9cc8-11d0-a599-00c04fd64437} - C:\WINDOWS\system32\cdfview.dll
Channel Properties - {f3ea0dc0-9cc8-11d0-a599-00c04fd64438} - C:\WINDOWS\system32\cdfview.dll
Channel Shortcut - {f3aa0dc0-9cc8-11d0-a599-00c04fd64434} - C:\WINDOWS\system32\cdfview.dll
Code Download Agent - {7D559C10-9FE9-11d0-93F7-00AA0059CE02} - C:\WINDOWS\System32\webcheck.dll
Compatibility Page - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} - SlayerXP.dll
Compressed (zipped) Folder - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} - C:\WINDOWS\System32\zipfldr.dll
Compressed (zipped) Folder Right Drag Handler - {BD472F60-27FA-11cf-B8B4-444553540000} - C:\WINDOWS\System32\zipfldr.dll
Compressed (zipped) Folder SendTo Target - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} - C:\WINDOWS\System32\zipfldr.dll
ConnectionAgent - {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} - C:\WINDOWS\System32\webcheck.dll
Crypto PKO Extension - {7444C717-39BF-11D1-8CD9-00C04FC29D45} - C:\WINDOWS\system32\cryptext.dll
Crypto Sign Extension - {7444C719-39BF-11D1-8CD9-00C04FC29D45} - C:\WINDOWS\system32\cryptext.dll
Custom MRU AutoCompleted List - {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} - C:\WINDOWS\System32\browseui.dll
Darwin App Publisher - {CFCCC7A0-A282-11D1-9082-006008059382} - C:\WINDOWS\System32\appwiz.cpl
DfsShell - {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} - C:\WINDOWS\System32\dfsshlex.dll
Directory Context Menu Verbs - {62AE1F9A-126A-11D0-A14B-0800361B1103} - C:\WINDOWS\System32\dsuiext.dll
Directory Object Find - {163FDC20-2ABC-11d0-88F0-00A024AB2DBB} - C:\WINDOWS\System32\dsquery.dll
Directory Property UI - {0D45D530-764B-11d0-A1CA-00AA00C16E65} - C:\WINDOWS\System32\dsuiext.dll
Directory Query UI - {8A23E65E-31C2-11d0-891C-00A024AB2DBB} - C:\WINDOWS\System32\dsquery.dll
Directory Start/Search Find - {F020E586-5264-11d1-A532-0000F8757D7E} - C:\WINDOWS\System32\dsquery.dll
Disk Copy Extension - {59099400-57FF-11CE-BD94-0020AF85B590} - diskcopy.dll
Disk Quota UI - {7988B573-EC89-11cf-9C00-00AA00A14F56} - dskquoui.dll
Display Adapter CPL Extension - {42071712-76d4-11d1-8b24-00a0c9068ff3} - deskadp.dll
Display Monitor CPL Extension - {42071713-76d4-11d1-8b24-00a0c9068ff3} - deskmon.dll
Display Panning CPL Extension - {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll
Display TroubleShoot CPL Extension - {f92e8c40-3d33-11d2-b1aa-080036a75b03} - deskperf.dll
Download Status - {22BF0C20-6DA7-11D0-B373-00A0C9034938} - C:\WINDOWS\System32\browseui.dll
DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
DS Security Page - {4E40F770-369C-11d0-8922-00A024AB2DBB} - dssec.dll
E-mail - {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Encryption Context Menu - {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} -
Explorer Band - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
Extensions Manager Folder - {692F0339-CBAA-47e6-B5B5-3B84DB604E87} - C:\WINDOWS\system32\extmgr.dll
Favorites Band - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
Fonts - {BD84B380-8CA2-1069-AB1D-08000948F534} - fontext.dll
Fonts - {D20EA4E1-3957-11d2-A40B-0C5020524152} - C:\WINDOWS\system32\shdocvw.dll
For &People... - {32714800-2E5F-11d0-8B85-00AA0044F941} - C:\Program Files\Outlook Express\wabfind.dll
FTP Folders Webview - {63da6ec0-2e98-11cf-8d82-444553540000} - C:\WINDOWS\System32\msieftp.dll
Fusion Cache - {1D2680C9-0E2A-469d-B787-065558BC7D43} - C:\WINDOWS\system32\mscoree.dll
GDI+ file thumbnail extractor - {3F30C968-480A-4C6C-862D-EFC0897BB84B} - C:\WINDOWS\System32\shimgvw.dll
Get a Passport Wizard - {58f1f272-9240-4f51-b6d4-fd63d1618591} - C:\WINDOWS\System32\netplwiz.dll
Global Folder Settings - {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} - C:\WINDOWS\System32\browseui.dll
Help and Support - {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Help and Support - {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
History - {FF393560-C2A7-11CF-BFF4-444553540000} - C:\WINDOWS\system32\shdocvw.dll
History Band - {EFA24E62-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
HTML Thumbnail Extractor - {EAB841A0-9550-11cf-8C16-00805F1408F3} - C:\WINDOWS\System32\shimgvw.dll
HyperTerminal Icon Ext - {88895560-9AA2-1069-930E-00AA0030EBC8} - C:\WINDOWS\System32\hticons.dll
ICC Profile - {DBCE2480-C732-101B-BE72-BA78E9AD5B27} - C:\WINDOWS\system32\icmui.dll
ICM Monitor Management - {5DB2625A-54DF-11D0-B6C4-0800091AA605} - C:\WINDOWS\System32\icmui.dll
ICM Printer Management - {675F097E-4C4D-11D0-B6C1-0800091AA605} - C:\WINDOWS\system32\icmui.dll
ICM Scanner Management - {176d6597-26d3-11d1-b350-080036a75b03} - icmui.dll
IE4 Suite Splash Screen - {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\system32\shdocvw.dll
IIS Shell Extension - {5a61f7a0-cde1-11cf-9113-00aa00425c62} - C:\WINDOWS\system32\inetsrv\w3ext.dll
In-pane search - {169A0691-8DF9-11d1-A1C4-00C04FD75D13} - C:\WINDOWS\System32\browseui.dll
Installed Apps Enumerator - {0B124F8F-91F0-11D1-B8B5-006008059382} - C:\WINDOWS\System32\appwiz.cpl
IntelliPoint Activities Control Panel Property Page - {653DCCC2-13DB-45B2-A389-427885776CFE} - "C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"
IntelliPoint Buttons Control Panel Property Page - {124597D8-850A-41AE-849C-017A4FA99CA2} - "C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"
IntelliPoint Wheel Control Panel Property Page - {AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} - "C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"
IntelliPoint Wireless Control Panel Property Page - {20082881-FC36-4E47-9A7A-644C95FF749F} - "C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"
Internet - {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Internet Name Space - {871C5380-42A0-1069-A2EA-08002B30309D} - C:\WINDOWS\system32\shdocvw.dll
InternetShortcut - {FBF23B40-E3F0-101B-8488-00AA003E56F8} - shdocvw.dll
ISFBand OC - {131A6951-7F78-11D0-A979-00C04FD705A2} - C:\WINDOWS\system32\shdocvw.dll
Maxtor Locked Drives - {7059DA7A-7E60-11d2-A355-00C04FB9D26E} - C:\WINDOWS\System32\MXONmSpace.dll
Media Band - {32683183-48a0-441b-a342-7c2a440a9478} -
Microsoft Agent Character Property Sheet Handler - {143A62C8-C33B-11D1-84FE-00C04FA34A14} - C:\WINDOWS\msagent\agentpsh.dll
Microsoft AutoComplete - {00BB2763-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\System32\browseui.dll
Microsoft Browser Architecture - {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} - C:\WINDOWS\system32\shdocvw.dll
Microsoft BrowserBand - {7BA4C742-9E81-11CF-99D3-00AA004AE837} - C:\WINDOWS\System32\browseui.dll
Microsoft Data Link - {2206CDB2-19C1-11D1-89E0-00C04FD7A829} - C:\Program Files\Common Files\System\Ole DB\oledb32.dll
Microsoft DocProp Inplace Calendar Control - {6A205B57-2567-4A2C-B881-F787FAB579A3} - C:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Inplace Droplist Combo Control - {0EEA25CC-4362-4A12-850B-86EE61B0D3EB} - C:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Inplace Edit Box Control - {A9CF0EAE-901A-4739-A481-E35B73E47F6D} - C:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Inplace ML Edit Box Control - {8EE97210-FD1F-4B19-91DA-67914005F020} - C:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Inplace Time Control - {28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} - C:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Shell Ext - {883373C3-BF89-11D1-BE35-080036B11A03} - C:\WINDOWS\System32\docprop2.dll
Microsoft History AutoComplete List - {00BB2764-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\System32\browseui.dll
Microsoft Internet Toolbar - {5E6AB780-7743-11CF-A12B-00AA004AE837} - C:\WINDOWS\System32\browseui.dll
Microsoft Multiple AutoComplete List Container - {00BB2765-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\System32\browseui.dll
Microsoft Office HTML Icon Handler - {42042206-2D85-11D3-8CFF-005004838597} - C:\Program Files\Microsoft Office\Office12\msohev.dll
Microsoft Office Metadata Handler - {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
Microsoft Office Outlook Custom Icon Handler - {0006F045-0000-0000-C000-000000000046} - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
Microsoft Office Outlook Desktop Icon Handler - {00020D75-0000-0000-C000-000000000046} - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
Microsoft Office Thumbnail Handler - {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
Microsoft Shell Folder AutoComplet
  • 0

#14
peterg99
Posted 09 September 2006 - 09:03 PM

peterg99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
e List - {03C036F1-A186-11D0-824A-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
Microsoft Url History Service - {3C374A40-BAE4-11CF-BF7D-00AA006946EE} - C:\WINDOWS\system32\shdocvw.dll
Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll
Microsoft Visual SourceSafe - {B73A057F-DC1B-4067-9D8E-B69A07A7C368} - C:\Program Files\Microsoft Visual SourceSafe\tdnamespaceextension.dll
Midi Properties Handler - {A6FD9E45-6E44-43f9-8644-08598F5A74D9} - C:\WINDOWS\System32\shmedia.dll
MMC Icon Handler - {7A80E4A8-8005-11D2-BCF8-00C04F72C717} - C:\WINDOWS\System32\mmcshext.dll
MRU AutoComplete List - {6756A641-DE71-11d0-831B-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
Multimedia File Property Sheet - {00022613-0000-0000-C000-000000000046} - mmsys.cpl
MyDocs Copy Hook - {ECF03A33-103D-11d2-854D-006008059367} - C:\WINDOWS\System32\mydocs.dll
MyDocs Drop Target - {ECF03A32-103D-11d2-854D-006008059367} - C:\WINDOWS\System32\mydocs.dll
MyDocs Properties - {4a7ded0a-ad25-11d0-98a8-0800361b1103} - C:\WINDOWS\System32\mydocs.dll
Network Connections - {7007ACC7-3202-11D1-AAD2-00805FC1270E} - C:\WINDOWS\system32\NETSHELL.dll
Network Connections - {992CFFA0-F557-101A-88EC-00DD010CCC48} - C:\WINDOWS\system32\NETSHELL.dll
NTFS Security Page - {1F2E5C40-9550-11CE-99D2-00AA006E086C} - rshx32.dll
Offline Files Folder - {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} - C:\WINDOWS\System32\cscui.dll
Offline Files Folder Options - {10CFC467-4392-11d2-8DB4-00C04FA31A66} - C:\WINDOWS\System32\cscui.dll
Offline Files Menu - {750fdf0e-2a26-11d1-a3ea-080036587f03} - C:\WINDOWS\System32\cscui.dll
OLE Docfile Property Page - {3EA48300-8CF6-101B-84FB-666CCB9BCD32} - docprop.dll
PlusPack CPL Extension - {41E300E0-78B6-11ce-849B-444553540000} - C:\WINDOWS\System32\themeui.dll
Portable Media Devices - {640167b4-59b0-47a6-b335-a6b3c0695aea} - C:\WINDOWS\system32\Audiodev.dll
Portable Media Devices Menu - {cc86590a-b60a-48e6-996b-41d25ed39a1e} - C:\WINDOWS\system32\Audiodev.dll
PostAgent - {D8BD2030-6FC9-11D0-864F-00AA006809D9} - C:\WINDOWS\System32\webcheck.dll
Previous Versions - {9DB7A13C-F208-4981-8353-73CC61AE2783} - C:\WINDOWS\system32\twext.dll
Previous Versions Property Page - {596AB062-B4D2-4215-9F74-E9109B0A8153} - C:\WINDOWS\system32\twext.dll
Print Ordering via the Web - {add36aa8-751a-4579-a266-d66f5202ccbb} - C:\WINDOWS\System32\netplwiz.dll
Printers Security Page - {F37C5810-4D3F-11d0-B4BF-00AA00BBB723} - rshx32.dll
RecordNow! SendToExt - {DEE12703-6333-4D4E-8F34-738C4DCC2E04} - C:\Program Files\Sonic\RecordNow Deluxe\RecordNow! Deluxe\shlext.dll
Registry Tree Options Utility - {AF4F6510-F982-11d0-8595-00AA004CD6D8} - C:\WINDOWS\System32\browseui.dll
Remote Sessions CPL Extension - {F0152790-D56E-4445-850E-4F3117DB740C} - C:\WINDOWS\System32\remotepg.dll
Remote Storage Properties - {692E33B0-AF9D-11D0-B976-00A0C9190447} - C:\WINDOWS\system32\rsshell.dll
Run... - {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Scanners & Cameras - {3F953603-1008-4f6e-A73A-04AAC7A992F1} - wiashext.dll
Scanners & Cameras - {83bbcbf3-b28a-4919-a5aa-73027445d672} - wiashext.dll
Scanners & Cameras - {905667aa-acd6-11d2-8080-00805f6596d2} - wiashext.dll
Scanners & Cameras - {E211B736-43FD-11D1-9EFB-0000F8757FCD} - wiashext.dll
Scanners & Cameras - {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} - wiashext.dll
Scheduled Tasks - {D6277990-4C6A-11CF-8D87-00AA0060F5BF} - C:\WINDOWS\System32\mstask.dll
Search - {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Search Assistant OC - {9461b922-3c5a-11d2-bf8b-00c04fb93661} - C:\WINDOWS\system32\shdocvw.dll
Search Band - {30D02401-6A81-11d0-8274-00C04FD5AE38} - C:\WINDOWS\System32\browseui.dll
Sendmail service - {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} - C:\WINDOWS\System32\sendmail.dll
Sendmail service - {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} - C:\WINDOWS\System32\sendmail.dll
Set Program Access and Defaults - {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Shell Application Manager - {352EC2B7-8B9A-11D1-B8AE-006008059382} - C:\WINDOWS\System32\appwiz.cpl
Shell Automation Inproc Service - {0A89A860-D7B1-11CE-8350-444553540000} - C:\WINDOWS\system32\shdocvw.dll
Shell Band Site Menu - {ECD4FC4E-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
Shell DeskBar - {ECD4FC4C-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
Shell DeskBarApp - {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} - C:\WINDOWS\System32\browseui.dll
Shell DocObject Viewer - {E7E4BC40-E76A-11CE-A9BB-00AA004AE837} - C:\WINDOWS\system32\shdocvw.dll
Shell extensions for file compression - {764BF0E1-F219-11ce-972D-00AA00A14F56} -
Shell extensions for Microsoft Windows Network objects - {59be4990-f85c-11ce-aff7-00aa003ca9f6} - ntlanui2.dll
Shell extensions for sharing - {40dd6e20-7c17-11ce-a804-00aa003ca9f6} - ntshrui.dll
Shell extensions for sharing - {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} - ntshrui.dll
Shell extensions for Windows Script Host - {60254CA5-953B-11CF-8C96-00AA00B8708C} - C:\WINDOWS\system32\wshext.dll
Shell Icon Handler for Application References - {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} - C:\WINDOWS\system32\dfshim.dll
Shell Image Data Factory - {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} - C:\WINDOWS\System32\shimgvw.dll
Shell Image Property Handler - {eb9b1153-3b57-4e68-959a-a3266bc3d7fe} - C:\WINDOWS\System32\shimgvw.dll
Shell Image Verbs - {e84fda7c-1d6a-45f6-b725-cb260c236066} - C:\WINDOWS\System32\shimgvw.dll
Shell properties for a DS object - {9E51E0D0-6E0F-11d2-9601-00C04FA31A86} - C:\WINDOWS\System32\dsquery.dll
Shell Publishing Wizard Object - {6b33163c-76a5-4b6c-bf21-45de9cd503a1} - C:\WINDOWS\System32\netplwiz.dll
Shell Rebar BandSite - {ECD4FC4D-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
Shell Scrap DataHandler - {56117100-C0CD-101B-81E2-00AA004AE837} - shscrap.dll
Shell Search Band - {21569614-B795-46b1-85F4-E737A8DC09AD} - C:\WINDOWS\system32\browseui.dll
ShellLink for Application References - {e82a2d71-5b2f-43a0-97b8-81be15854de8} - C:\WINDOWS\system32\dfshim.dll
Subscription Folder - {F5175861-2688-11d0-9C5E-00AA00A45957} - C:\WINDOWS\System32\webcheck.dll
Subscription Mgr - {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} - C:\WINDOWS\System32\webcheck.dll
Summary Info Thumbnail handler (DOCFILES) - {9DBD2C50-62AD-11d0-B806-00C04FD706EC} - C:\WINDOWS\System32\shimgvw.dll
Taskbar and Start Menu - {0DF44EAA-FF21-4412-828E-260A8728E7F1} -
Tasks Folder Icon Handler - {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} - C:\WINDOWS\System32\mstask.dll
Tasks Folder Shell Extension - {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} - C:\WINDOWS\System32\mstask.dll
Temporary Internet Files - {7BD29E00-76C1-11CF-9DD0-00A0C9034933} - C:\WINDOWS\system32\shdocvw.dll
Temporary Internet Files - {7BD29E01-76C1-11CF-9DD0-00A0C9034933} - C:\WINDOWS\system32\shdocvw.dll
The Internet - {3DC7A020-0ACD-11CF-A9BB-00AA004AE837} - C:\WINDOWS\system32\shdocvw.dll
Track Popup Bar - {acf35015-526e-4230-9596-becbe19f0ac9} - C:\WINDOWS\System32\browseui.dll
TrayAgent - {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} - C:\WINDOWS\System32\webcheck.dll
TridentImageExtractor - {7376D660-C583-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\browseui.dll
User Accounts - {7A9D77BD-5403-11d2-8785-2E0420524153} -
User Assist - {DD313E04-FEFF-11d1-8ECD-0000F87A470C} - C:\WINDOWS\System32\browseui.dll
Video Media Properties Handler - {40C3D757-D6E4-4b49-BB41-0E5BBEA28817} - C:\WINDOWS\System32\shmedia.dll
Video Thumbnail Extractor - {c5a40261-cd64-4ccf-84cb-c394da41d590} - C:\WINDOWS\System32\shmedia.dll
VPCHostCopyHook - {8932AEFE-9DB6-4f43-AFB2-5682F55E773A} - C:\Program Files\Microsoft Virtual PC\VPCShExH.DLL
Wav Properties Handler - {E4B29F9D-D390-480b-92FD-7DDB47101D71} - C:\WINDOWS\System32\shmedia.dll
Web Folders - {BDEADF00-C265-11D0-BCED-00A0C90AB50F} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
Web Printer Shell Extension - {77597368-7b15-11d0-a0c2-080036af3f03} - printui.dll
Web Publishing Wizard - {CC6EEFFB-43F6-46c5-9619-51D571967F7D} - C:\WINDOWS\System32\netplwiz.dll
Web Search - {07798131-AF23-11d1-9111-00A0C98BA67D} - C:\WINDOWS\System32\browseui.dll
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll
WebCheck SyncMgr Handler - {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} - C:\WINDOWS\System32\webcheck.dll
WebCheckChannelAgent - {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} - C:\WINDOWS\System32\webcheck.dll
WebCheckWebCrawler - {08165EA0-E946-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll
Webroot Spy Sweeper Context Menu Integration - {7C9D5882-CB4A-4090-96C8-430BFE8B795B} - C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
Windows Desktop Search - {13E7F612-F261-4391-BEA2-39DF4F3FA311} - C:\Program Files\Windows Desktop Search\msnlExt.dll
Windows Media Player Add to Playlist Context Menu Handler - {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} - C:\WINDOWS\System32\wmpshell.dll
Windows Media Player Burn Audio CD Context Menu Handler - {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} - C:\WINDOWS\System32\wmpshell.dll
Windows Media Player Play as Playlist Context Menu Handler - {8DD448E6-C188-4aed-AF92-44956194EB1F} - C:\WINDOWS\System32\wmpshell.dll
Windows Search Shell Service - {da67b8ad-e81b-4c70-9b91b417b5e33527} -
WinZip - {E0D79304-84BE-11CE-9641-444553540000} - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
WinZip - {E0D79305-84BE-11CE-9641-444553540000} - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
WinZip - {E0D79306-84BE-11CE-9641-444553540000} - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
WinZip - {E0D79307-84BE-11CE-9641-444553540000} - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

--------------------

Registry 'Run' keys:

[User Run]
Communicator = "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
HijackThis startup scan = C:\Documents and Settings\pgratzinger\My Documents\Downloads\sysinternals\HijackThis.exe /startupscan
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
Spyware Doctor = "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

[System Run]
Apoint = "C:\Program Files\Apoint\Apoint.exe"
ATIPTA = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
BluetoothAuthenticationAgent = "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
DAEMON Tools-1033 = "C:\Program Files\D-Tools\daemon.exe" -lang 1033
dla = C:\WINDOWS\system32\dla\tfswctrl.exe
DVDLauncher = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
DWPersistentQueuedReporting = "C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE" -a
IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\point32.exe"
IntelWireless = "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
ISUSPM Startup = "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
ISUSScheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MaxtorOneTouch = C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
MXOBG = C:\WINDOWS\MXOALDR.EXE
OfficeScanNT Monitor = "C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe" -HideWindow

--------------------

Protocols:

[Pluggable MIME filters (9)]
application/octet-stream = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = mscoree.dll
application/x-complus = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = mscoree.dll
application/x-msdownload = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = mscoree.dll
Class Install Handler = {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} = C:\WINDOWS\system32\urlmon.dll
deflate = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\system32\urlmon.dll
gzip = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\system32\urlmon.dll
lzdhtml = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml = {733AC4CB-F1A4-11d0-B951-00A0C90312E1} = C:\WINDOWS\system32\SHELL32.dll
text/xml = {807563E5-5146-11D5-A672-00B0D022E945} = C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL

[Protocol handlers (24)]
about = {3050F406-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\System32\mshtml.dll
cdl = {3dd53d40-7b8b-11D0-b013-00aa0059ce02} = C:\WINDOWS\system32\urlmon.dll
dvd = {12D51199-0DB5-46FE-A120-47A3D7D937CC} = C:\WINDOWS\system32\msvidctl.dll
file = {79eac9e7-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
ftp = {79eac9e3-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
gopher = {79eac9e4-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
http = {79eac9e2-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
https = {79eac9e5-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
its = {9D148291-B9C8-11D0-A4CC-0000F80149F6} = C:\WINDOWS\System32\itss.dll
javascript = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\System32\mshtml.dll
lid = {5C135180-9973-46D9-ABF4-148267CBB8BF} = C:\WINDOWS\System32\msvidctl.dll
local = {79eac9e7-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
mailto = {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\System32\mshtml.dll
mhtml = {05300401-BCBC-11d0-85E3-00C04FD85AB4} = C:\WINDOWS\System32\inetcomm.dll
mk = {79eac9e6-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
ms-help = {314111c7-a502-11d2-bbca-00c04f8ec294} = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its = {9D148291-B9C8-11D0-A4CC-0000F80149F6} = C:\WINDOWS\System32\itss.dll
ms-itss = {0A9007C0-4076-11D3-8789-0000F8105754} = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap11 = {32505114-5902-49B2-880A-1F7738E5A384} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
res = {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\System32\mshtml.dll
sysimage = {76E67A63-06E9-11D2-A840-006008059382} = C:\WINDOWS\System32\mshtml.dll
tv = {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} = C:\WINDOWS\system32\msvidctl.dll
vbscript = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\System32\mshtml.dll
wia = {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} = C:\WINDOWS\System32\wiascr.dll

--------------------

WOW compatibility:

cmdline = C:\WINDOWS\system32\ntvdm.exe
wowcmdline = C:\WINDOWS\system32\ntvdm.exe -a C:\WINDOWS\system32\krnl386

[KnownDlls (16-bit) (40)]
avicap.dll
avifile.dll
comm.drv
commdlg.dll
compobj.dll
ctl3dv2.dll
ddeml.dll
keyboard.drv
lanman.drv
mapi.dll
mciavi.drv
mciseq.drv
mciwave.drv
mmsystem.dll
mouse.drv
msacm.dll
msvideo.dll
netapi.dll
ole2.dll
ole2disp.dll
ole2nls.dll
olecli.dll
olesvr.dll
pmspl.dll
progman.exe
rasapi16.dll
shell.dll
sound.drv
storage.dll
system.drv
timer.drv
toolhelp.dll
typelib.dll
vga.drv
wfwnet.drv
win87em.dll
winoldap.mod
winsock.dll
winspool.exe
wowdeb.exe

[KnownDlls (32-bit) (20)]
advapi32.dll
comdlg32.dll
gdi32.dll
imagehlp.dll
kernel32.dll
lz32.dll
ole32.dll
oleaut32.dll
olecli32.dll
olecnv32.dll
olesvr32.dll
olethk32.dll
rpcrt4.dll
shell32.dll
url.dll
urlmon.dll
user32.dll
version.dll
wininet.dll
wldap32.dll

--------------------

ShellServiceObjectDelayLoad:

[All users (4)]
CDBurn = {fbeb8a05-beee-4442-804e-409d6c4515e9} = C:\WINDOWS\system32\SHELL32.dll
PostBootReminder = {7849596a-48ea-486e-8937-a2a3009f31a9} = C:\WINDOWS\system32\SHELL32.dll
SysTray = {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\System32\webcheck.dll

--------------------

Winsock LSP:

[Protocols (25)]
MSAFD Tcpip [TCP/IP] - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD Tcpip [UDP/IP] - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
RSVP UDP Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\WINDOWS\system32\rsvpsp.dll
RSVP TCP Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\WINDOWS\system32\rsvpsp.dll
MSAFD RfComm [Bluetooth] - {9FC48064-7298-43E4-B7BD-181F2089792A} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{16563B7C-7144-40C0-B419-CE910BB05217}] SEQPACKET 9 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{16563B7C-7144-40C0-B419-CE910BB05217}] DATAGRAM 9 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{6C9042B1-601F-41F6-A67A-5ABA77EB73AB}] SEQPACKET 6 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{6C9042B1-601F-41F6-A67A-5ABA77EB73AB}] DATAGRAM 6 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{9A1BB1F8-18F4-46C2-8132-A389B22709A5}] SEQPACKET 3 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{9A1BB1F8-18F4-46C2-8132-A389B22709A5}] DATAGRAM 3 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2E9D63DE-CC37-4C67-A86C-AEDA5049E7D1}] SEQPACKET 0 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2E9D63DE-CC37-4C67-A86C-AEDA5049E7D1}] DATAGRAM 0 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{1A76E89C-6022-4046-8E32-AF06C78EA63E}] SEQPACKET 5 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{1A76E89C-6022-4046-8E32-AF06C78EA63E}] DATAGRAM 5 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{52723598-B622-4ECD-9673-0201080F0D78}] SEQPACKET 4 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{52723598-B622-4ECD-9673-0201080F0D78}] DATAGRAM 4 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D9AB64B5-6508-4A7D-9325-CBCCA2A6CE8D}] SEQPACKET 1 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D9AB64B5-6508-4A7D-9325-CBCCA2A6CE8D}] DATAGRAM 1 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{79702C98-414A-4E97-8EBD-89F4A085FB79}] SEQPACKET 2 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{79702C98-414A-4E97-8EBD-89F4A085FB79}] DATAGRAM 2 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA036A1C-400D-4304-A8F6-E594695FC8DB}] SEQPACKET 7 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA036A1C-400D-4304-A8F6-E594695FC8DB}] DATAGRAM 7 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{24D814EA-F342-4D85-B038-83022CDC224A}] SEQPACKET 8 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{24D814EA-F342-4D85-B038-83022CDC224A}] DATAGRAM 8 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll

[Namespace Providers (4)]
Tcpip - {22059D40-7E9E-11CF-AE5A-00AA00A7112B} - C:\WINDOWS\System32\mswsock.dll
NTDS - {3B2637EE-E580-11CF-A555-00C04FD8D4AC} - C:\WINDOWS\System32\winrnr.dll
Network Location Awareness (NLA) Namespace - {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} - C:\WINDOWS\System32\mswsock.dll
Bluetooth Namespace - {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D} - C:\WINDOWS\system32\wshbth.dll

--------------------

Hijack points:

[Reset web settings URLs]
SearchAssistant =
CustomizeSearch =
START_PAGE_URL =
SEARCH_PAGE_URL =
MS_START_PAGE_URL =

[Internet Explorer URLs]
* This user *
- Internet Explorer\Main (4)
Local Page = C:\WINDOWS\system32\blank.htm
Search Bar = http://www.google.com/ie
Search Page = http://www.google.com
Start Page = http://www.sfgate.com/weather/

- Internet Explorer\SearchURL (1)
(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR

* All users *
- Internet Explorer\Main (5)
Default_Page_Url = http://www.microsoft...p...&ar=msnhome
Default_Search_Url = http://www.microsoft...amp;ar=iesearch
Local Page = %SystemRoot%\system32\blank.htm
Search Page = http://www.microsoft...amp;ar=iesearch
Start Page = http://www.microsoft...p...ER}&ar=home

- Internet Explorer\Search (2)
CustomizeSearch = http://ie.search.msn...st/srchcust.htm
SearchAssistant = http://www.google.com/ie

- Internet Explorer\AboutURLs (6)
blank = res://mshtml.dll/blank.htm
DesktopItemNavigationFailure = res://shdoclc.dll/navcancl.htm
NavigationCanceled = res://shdoclc.dll/navcancl.htm
NavigationFailure = res://shdoclc.dll/navcancl.htm
OfflineInformation = res://shdoclc.dll/offcancl.htm
PostNotCached = res://mshtml.dll/repost.htm



[Default URL prefixes]
default = http://
ftp = ftp://
gopher = gopher://
home = http://
mosaic = http://
www = http://

[Hosts file location]
DatabasePath = C:\WINDOWS\System32\drivers\etc\hosts

--------------------

Protection & disabled items:

[Hosts file (1)]
* 127.0.0.1 *
localhost


[ActiveX killbits (146)]
&Address - {01E04581-4EEE-11d0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
&Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
(no name) - {083863F1-70DE-11d0-BD40-00A0C911CE86} - C:\WINDOWS\System32\devenum.dll
(no name) - {283807b8-2c60-11d0-a31d-00aa00b92c03} - C:\WINDOWS\system32\danim.dll
(no name) - {542FB453-5003-11CF-92A2-00AA00B8A733} - C:\WINDOWS\system32\danim.dll
(no name) - {5DFB2651-9668-11D0-B17B-00C04FC2A0CA} - C:\WINDOWS\system32\danim.dll
(no name) - {b4b3aecb-dfd6-11d1-9daa-00805f85cfe3} - C:\WINDOWS\system32\CLBCatQ.DLL
(no name) - {e846f0a0-d367-11d1-8286-00a0c9231c29} - C:\WINDOWS\System32\clbcatex.dll
9x8Resize - {BC0D69A8-0923-4EEE-9375-9239F5A38B92} - C:\Program Files\Movie Maker\wmm2filt.dll
ACM Class Manager - {33d9a761-90c8-11d0-bd43-00a0c911ce86} - C:\WINDOWS\System32\devenum.dll
ActiveXPlugin Object - {06DD38D3-D187-11CF-A80D-00C04FD74AD8} - C:\WINDOWS\System32\plugin.ocx
ADODB.Stream - {00000566-0000-0010-8000-00AA006D2EA4} - C:\Program Files\Common Files\System\ado\msado15.dll
AEPlugIn Class - {E8C31D11-6FD2-4659-AD75-155FA143F42B} - C:\Program Files\Movie Maker\wmm2ae.dll
Allocator Fix - {C0D076C5-E4C6-4561-8BF4-80DA8DB819D7} - C:\Program Files\Movie Maker\wmm2filt.dll
AsyncMHandler Class - {3DA2AA3E-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx
Bitmap - {4F3E50BD-A9D7-4721-B0E1-00CB42A0A747} - C:\Program Files\Movie Maker\wmm2filt.dll
Briefcase - {85bbd920-42a0-1069-a2e4-08002b30309d} - syncui.dll
CEnroll Class - {43F8F289-7A20-11D0-8F06-00C04FC295E1} - C:\WINDOWS\system32\xenroll.dll
cfw Class - {ecabafc0-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll
CLSID_ApprenticeICW - {8ee42293-c315-11d0-8d6f-00a0c9a06e1f} - C:\WINDOWS\System32\inetcfg.dll
CLSID_CCommAcctImport - {1aa06ba1-0e88-11d1-8391-00c04fbd7c09} - C:\WINDOWS\System32\msoeacct.dll
CLSID_CDIDeviceActionConfigPage - {18ab439e-fcf4-40d4-90da-f79baa3b0655} - C:\WINDOWS\System32\diactfrm.dll
CommunicationManager - {67dcc487-aa48-11d1-8f4f-00c04fb611c7} - C:\WINDOWS\System32\msdtctm.dll
DirectControl Class - {39A2C2A6-4778-11D2-9BDB-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx
DirectX Transform Wrapper Property Page - {1B544C24-FD0B-11CE-8C63-00AA0044B520} - C:\Program Files\Movie Maker\wmm2filt.dll
DiskManagement.Connection - {fd78d554-4c6e-11d0-970d-00a0c9191601} - C:\WINDOWS\System32\dmdskmgr.dll
Dutch_Dutch Stemmer - {860d28d0-8bf4-11ce-be59-00aa0051fe20} - infosoft.dll
English_UK Stemmer - {d99f7670-7f1a-11ce-be57-00aa0051fe20} - infosoft.dll
English_US Stemmer - {eeed4c20-7f1b-11ce-be57-00aa0051fe20} - infosoft.dll
Frame Eater - {6C68955E-F965-4249-8E18-F0977B1D2899} - C:\Program Files\Movie Maker\wmm2filt.dll
French_French Stemmer - {2a6eb050-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll
FTP Folder Web View Automation - {210DA8A2-7445-11D1-91F7-006097DF5BD4} - C:\WINDOWS\System32\msieftp.dll
German_German Stemmer - {510a4910-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll
H323MSP Class - {0F1BE7F8-45CA-11D2-831F-00A0244D2298} - C:\WINDOWS\System32\h323msp.dll
Helper Object for Java - {8e26bfc1-afd6-11cf-bffc-00aa003cfdfc} - C:\WINDOWS\system32\vmhelper.dll
HHCtrl Object - {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} - C:\WINDOWS\system32\hhctrl.ocx
HHCtrl Object - {ADB880A6-D8FF-11CF-9377-00AA003B7A11} - C:\WINDOWS\System32\hhctrl.ocx
IAVIStream & IAVIFile Proxy - {0002000D-0000-0000-C000-000000000046} - avifil32.dll
ICM Class Manager - {33d9a760-90c8-11d0-bd43-00a0c911ce86} - C:\WINDOWS\System32\devenum.dll
IndexServer Simple Command Creator - {c7b6c04a-cbb5-11d0-bb4c-00c04fc2f410} - C:\WINDOWS\System32\query.dll
InstallEngineCtl Object - {6E449683-C509-11CF-AAFA-00AA00B6015C} - C:\WINDOWS\System32\asctrls.ocx
IPConfMSP Class - {0F1BE7F7-45CA-11D2-831F-00A0244D2298} - C:\WINDOWS\System32\confmsp.dll
Italian_Italian Stemmer - {6d36ce10-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll
JVIEW Profiler - {03D9F3F2-B0E3-11D2-B081-006008039BF0} - C:\WINDOWS\system32\javaprxy.dll
LexRefStEsObject Class - {4CFB5280-800B-4367-848F-5A13EBF27F1D} - C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.DLL
LexRefStFrObject Class - {B3E0E785-BD78-4366-9560-B7DABE2723BE} - C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.DLL
LM Runtime Control - {183C259A-0480-11d1-87EA-00C04FC29D46} - C:\WINDOWS\System32\lmrt.dll
MarshalableTI Class - {466d66fa-9616-11d2-9342-0000f875ae17} - C:\WINDOWS\System32\msconf.dll
mbcontent Class - {52ca3bcf-3b9b-419e-a3d6-5d28c0b0b50c} - C:\WINDOWS\system32\browsewm.dll
Media Streaming Dynamic Terminal - {AED6483F-3304-11D2-86F1-006008B0E5D2} - C:\WINDOWS\System32\termmgr.dll
MessageMover Class - {ecabb0bf-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll
Microsoft Agent Control 1.5 - {F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5} - C:\WINDOWS\msagent\agentctl.dll
Microsoft Common Browser Architecture - {AF604EFE-8897-11D1-B944-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
Microsoft DocHost User Interface Handler - {7057e952-bd1b-11d1-8919-00c04fc2c836} - C:\WINDOWS\system32\shdocvw.dll
Microsoft HTA Document 6.0 - {3050F5C8-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
Microsoft Html Document for Popup Window - {3050F67D-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
Microsoft Html Popup Window - {3050f667-98b5-11cf-bb82-00aa00bdce0b} - C:\WINDOWS\System32\mshtml.dll
Microsoft HTML Window Security Proxy - {3050F391-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
Microsoft Index Server Scope Administration Object - {3bc4f3a7-652a-11d1-b4d4-00c04fc2db8d} - C:\WINDOWS\system32\ciodm.dll
Microsoft Movie Maker Age Filter - {ADEADEB8-E54B-11D1-9A72-0000F875EADE} - C:\Program Files\Movie Maker\wmm2fxa.dll
Microsoft MovieMaker Fade In Fade Out - {EC85D8F1-1C4E-46E4-A748-7AA04E7C0496} - C:\Program Files\Movie Maker\wmm2fxa.dll
Microsoft MPEG-4 Video Decompressor Property page - {598eba02-b49a-11d2-a1c1-00609778ea66} - C:\WINDOWS\System32\mpg4ds32.ax
Microsoft MS Audio Decompressor Control Property page - {8FE7E181-BB96-11D2-A1CB-00609778EA66} - C:\WINDOWS\System32\msadds32.ax
Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\System32\wmpdxm.dll
Microsoft WBEM Event Subsystem - {5d08b586-343a-11d0-ad46-00c04fd8fdff} - C:\WINDOWS\System32\wbem\wbemess.dll
MidiOut Class Manager - {4efe2452-168a-11d1-bc76-00c04fb9453b} - C:\WINDOWS\System32\devenum.dll
MMStream Class - {49C47CE5-9BA4-11D0-8212-00C04FC32C45} - C:\WINDOWS\System32\amstream.dll
Movie Maker Special Effect 1 Input - {B4DC8DD9-2CC1-4081-9B2B-20D7030234EF} - C:\Program Files\Movie Maker\wmm2fxa.dll
Movie Maker Special Effect 2 Inputs - {C63344D8-70D3-4032-9B32-7A3CAD5091A5} - C:\Program Files\Movie Maker\wmm2fxa.dll
Movie Maker Special Effect Inplace 1 Input - {353359C1-39E1-491b-9951-464FD8AB071C} - C:\Program Files\Movie Maker\wmm2fxa.dll
Movie Maker Video Adjustments - {5A20FD6F-F8FE-4A22-9EE7-307D72D09E6E} - C:\Program Files\Movie Maker\wmm2fxa.dll
MSP Class - {4DDB6D36-3BC1-11D2-86F2-006008B0E5D2} - C:\WINDOWS\System32\wavemsp.dll
MTSEvents Class - {ecabb0ab-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll
Multimedia File Property Sheet - {00022613-0000-0000-c000-000000000046} - mmsys.cpl
NDFXArtEffects - {E673DCF2-C316-4C6F-AA96-4E4DC6DC291E} - C:\Program Files\Movie Maker\wmm2fxb.dll
Network Connections - {7007acc7-3202-11d1-aad2-00805fc1270e} - C:\WINDOWS\system32\NETSHELL.dll
Network Connections - {992cffa0-f557-101a-88ec-00dd010ccc48} - C:\WINDOWS\system32\NETSHELL.dll
Network Connections Tray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} - C:\WINDOWS\system32\NETSHELL.dll
Outlook Express Address Book - {233A9694-667E-11D1-9DFB-006097D50408} - %ProgramFiles%\Outlook Express\msoe.dll
Outlook Progress Ctl - {0006F071-0000-0000-C000-000000000046} - C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
PostBootReminder object - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll
PSDispatch - {00020420-0000-0000-c000-000000000046} - oleaut32.dll
PSEnumVariant - {00020421-0000-0000-C000-000000000046} - oleaut32.dll
PSOAInterface - {00020424-0000-0000-c000-000000000046} - oleaut32.dll
PSSupportErrorInfo - {DF0B3D60-548F-101B-8E65-08002B2BD119} - oleaut32.dll
PSTypeComp - {00020425-0000-0000-C000-000000000046} - oleaut32.dll
PSTypeInfo - {00020422-0000-0000-C000-000000000046} - oleaut32.dll
PSTypeLib - {00020423-0000-0000-C000-000000000046} - oleaut32.dll
Queued Components Recorder - {ecabafc2-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll
Record Queue - {5B4B05EB-1F63-446B-AAD1-E10A34D650E0} - C:\Program Files\Movie Maker\wmm2filt.dll
Redirect - {42B07B28-2280-4937-B035-0293FB812781} - C:\WINDOWS\System32\dxtmsft.dll
RegWizCtrl - {50E5E3D1-C07E-11D0-B9FD-00A0249F6B00} - C:\WINDOWS\System32\regwizc.dll
SafeWia Class - {0DAD5531-BF31-43AC-A513-1F8926BBF5EC} - C:\WINDOWS\System32\wiascr.dll
Script Encoder Object - {32DA2B15-CFED-11D1-B747-00C04FC2B085} - C:\WINDOWS\system32\scrrun.dll
SdpConferenceBlob Class - {9B2719DD-B696-11D0-A489-00C04FD91AC0} - C:\WINDOWS\System32\sdpblb.dll
Search Assistant Control - {47c6c527-6204-4f91-849d-66e234dee015} - c:\windows\srchasst\srchui.dll
ShellFolder for CD Burning - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll
Shortcut - {00021401-0000-0000-c000-000000000046} - shell32.dll
ShotDetect - {CFFB1FC7-270D-4986-B299-FECF3F0E42DB} - C:\Program Files\Movie Maker\wmm2filt.dll
Spanish_Modern Stemmer - {b0516ff0-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll
Start Menu - {4622ad11-ff23-11d0-8d34-00a0c90f2719} - C:\WINDOWS\system32\SHELL32.dll
Stetch - {F44BB2D0-F070-463E-9433-B0CCF3CFD627} - C:\Program Files\Movie Maker\wmm2filt.dll
Swedish_Default Stemmer - {9478f640-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll
System Monitor Source Properties - {0CF32AA1-7571-11D0-93C4-00AA00A3DDEA} - C:\WINDOWS\System32\sysmon.ocx
SysTray - {35cec8a3-2be6-11d2-8773-92e220524153} - C:\WINDOWS\System32\stobject.dll
SysTrayInvoker - {730f6cdc-2c86-11d2-8773-92e220524153} - C:\WINDOWS\System32\stobject.dll
TipGW Init - {F117831B-C052-11d1-B1C0-00C04FC2F3EF} - C:\WINDOWS\System32\msdtctm.dll
Trident HTMLEditor - {3050f4f5-98b5-11cf-bb82-00aa00bdce0b} - C:\WINDOWS\System32\mshtmled.dll
VFW Capture Class Manager - {860bb310-5d01-11d0-bd3b-00a0c911ce86} - C:\WINDOWS\System32\devenum.dll
Video Effect (1 input) Class Manager - {cc7bfb42-f175-11d1-a392-00e0291f3959} - C:\WINDOWS\System32\qedit.dll
Video Effect (2 input) Class Manager - {cc7bfb43-f175-11d1-a392-00e0291f3959} - C:\WINDOWS\System32\qedit.dll
Video Mixing Renderer 9 - {51b4abf3-748f-4e3b-a276-c828330e926a} - C:\WINDOWS\system32\quartz.dll
Video Render Dynamic Terminal - {AED6483E-3304-11D2-86F1-006008B0E5D2} - C:\WINDOWS\System32\termmgr.dll
VideoPort Object - {ce292861-fc88-11d0-9e69-00c04fd7c15b} - C:\WINDOWS\System32\qdvd.dll
VMR Allocator Presenter 9 - {2d2e24cb-0cd5-458f-86ea-3e6fa22c8e64} - C:\WINDOWS\system32\quartz.dll
VMR ImageSync 9 - {e4979309-7a32-495e-8a92-7b014aad4961} - C:\WINDOWS\system32\quartz.dll
WaveIn Class Manager - {33D9A762-90C8-11d0-BD43-00A0C911CE86} - C:\WINDOWS\System32\devenum.dll
WaveOut and DSound Class Manager - {e0f158e1-cb04-11d0-bd4e-00a0c911ce86} - C:\WINDOWS\System32\devenum.dll
Wbem Scripting Object Path - {172BDDF8-CEEA-11D1-8B05-00600806D9B6} - C:\WINDOWS\System32\wbem\wbemdisp.dll
WDM Instance Provider - {d2d588b5-d081-11d0-99e0-00c04fc2f8ec} - C:\WINDOWS\System32\wbem\wmiprov.dll
WIA FileSystem USD - {d2923b86-15f1-46ff-a19a-de825f919576} - C:\WINDOWS\System32\fsusd.dll
WIA Video Preview Class - {457A23DF-6F2A-4684-91D0-317FB768D87C} - C:\WINDOWS\System32\camocx.dll
Windows Media Video Decompressor Property page - {9AADA567-04E0-11D4-9148-00C04F610D24} - C:\WINDOWS\System32\wmv8ds32.ax
WM Color Converter Filter - {CC45B0B0-72D8-4652-AE5F-5E3E266BE7ED} - C:\Program Files\Movie Maker\wmm2filt.dll
WM TV Out Smooth Picture Filter - {41D2B841-7692-4C83-AFD3-F60E845341AF} - C:\Program Files\Movie Maker\wmm2filt.dll
WM VIH2 Fix - {586FB486-5560-4FF3-96DF-1118C96AF456} - C:\Program Files\Movie Maker\wmm2filt.dll
WMI ADSI Extension - {f0975afe-5c7f-11d2-8b74-00104b2afb41} - C:\WINDOWS\System32\wbem\wbemads.dll
WMT Audio Analyzer - {1CB1623E-BBEC-4E8D-B2DF-DC08C6F4627C} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Black Frame Generator - {2EA10031-0033-450E-8072-E27D9E768142} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT DeInterlace Filter - {C8F209F8-480E-454C-94A4-5392D88EBA0F} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT DeInterlace Prop Page - {A2EDA89A-0966-4B91-9C18-AB69F098187F} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT DirectX Transform Wrapper - {AECF5D2E-7A18-4DD2-BDCD-29B6F615B448} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT DV Extract Filter - {E476CBFF-E229-4524-B6B7-228A3129D1C7} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT FormatConversion - {2D20D4BB-B47E-4FB7-83BD-E3C2EE250D26} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT FormatConversion Prop Page - {E188F7A3-A04E-413E-99D1-D79A45F70305} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Import Filter - {4D4C9FEF-ED80-47EA-A3FA-3215FDBB33AB} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Interlacer - {C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Log Filter - {92883667-E95C-443D-AC96-4CACA27BEB6E} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT MuxDeMux Filter - {01002B17-5D93-4551-81E4-831FEF780A53} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Sample Info Filter - {7F1232EE-44D7-4494-AB8B-CC61B10E21A5} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Screen capture Filter - {31087270-d348-432c-899e-2d2f38ff29a0} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Screen Capture Filter Task Page - {679E132F-561B-42F8-846C-A70DBDC62999} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Switch Filter - {EF105BC3-C064-45F1-AD53-6D8A8578D01B} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Virtual Renderer - {930FD02C-BBE7-4EB9-91CF-FC45CC91E3E6} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Virtual Source - {C44C65C7-FDF1-453D-89A5-BCC28F5D69F9} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Volume - {EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C} - C:\Program Files\Movie Maker\wmm2filt.dll

[Zones]
* This user *
- Trusted sites (1)
labcrm



[Stopped/disabled NT Services]
* Stopped (51) *
.NET Runtime Optimization Service v2.0.50727_X86 = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Application Layer Gateway Service = C:\WINDOWS\System32\alg.exe
Application Management = C:\WINDOWS\system32\svchost.exe -k netsvcs
ASP.NET State Service = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Background Intelligent Transfer Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
COM+ Event System = C:\WINDOWS\System32\svchost.exe -k netsvcs
COM+ System Application = C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Distributed Transaction Coordinator = C:\WINDOWS\system32\msdtc.exe
Fast User Switching Compatibility = C:\WINDOWS\System32\svchost.exe -k netsvcs
HTTP SSL = C:\WINDOWS\System32\svchost.exe -k HTTPFilter
IMAPI CD-Burning COM Service = C:\WINDOWS\System32\imapi.exe
InstallDriver Table Manager = "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
Logical Disk Manager Administrative Service = C:\WINDOWS\System32\dmadmin.exe /com
Microsoft Office Diagnostics Service = "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
MS Software Shadow Copy Provider = C:\WINDOWS\System32\dllhost.exe /Processid:{33C6EFEE-DB38-4788-9DB6-96750DAAE2C2}
NetMeeting Remote Desktop Sharing = C:\WINDOWS\System32\mnmsrvc.exe
Network Connections = C:\WINDOWS\System32\svchost.exe -k netsvcs
Network Location Awareness (NLA) = C:\WINDOWS\System32\svchost.exe -k netsvcs
Network Provisioning Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
NT LM Security Support Provider = C:\WINDOWS\System32\lsass.exe
Office Source Engine = "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Performance Logs and Alerts = C:\WINDOWS\system32\smlogsvc.exe
Portable Media Serial Number Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
QoS RSVP = C:\WINDOWS\System32\rsvp.exe
Remote Access Auto Connection Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs
Remote Access Connection Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs
Remote Desktop Help Session Manager = C:\WINDOWS\system32\sessmgr.exe
Remote Procedure Call (RPC) Locator = C:\WINDOWS\System32\locator.exe
Removable Storage = C:\WINDOWS\system32\svchost.exe -k netsvcs
Smart Card = C:\WINDOWS\System32\SCardSvr.exe
SQL Server (MSSQLSERVER) = "C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
SQL Server Agent (MSSQLSERVER) = "C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER
SQL Server Analysis Services (MSSQLSERVER) = "C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\Config"
SQL Server FullText Search (MSSQLSERVER) = "C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe" -s:MSSQL.2 -f:MSSQLSERVER
SQL Server Integration Services = "C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe"
SQL Server Reporting Services (MSSQLSERVER) = "C:\Program Files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe"
SQL Server VSS Writer = "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
SSDP Discovery Service = C:\WINDOWS\System32\svchost.exe -k LocalService
Telephony = C:\WINDOWS\System32\svchost.exe -k netsvcs
Telnet = C:\WINDOWS\System32\tlntsvr.exe
Terminal Services = C:\WINDOWS\System32\svchost -k DComLaunch
Uninterruptible Power Supply = C:\WINDOWS\System32\ups.exe
Universal Plug and Play Device Host = C:\WINDOWS\System32\svchost.exe -k LocalService
Virtual Machine Helper = "C:\Program Files\Microsoft Virtual Server\vmh.exe" -service
Virtual Server = "C:\Program Files\Microsoft Virtual Server\vssrvc.exe"
Volume Shadow Copy = C:\WINDOWS\System32\vssvc.exe
Windows Image Acquisition (WIA) = C:\WINDOWS\System32\svchost.exe -k imgsvc
Windows Installer = C:\WINDOWS\system32\msiexec.exe /V
Windows Management Instrumentation Driver Extensions = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Media Connect Service = C:\Program Files\Windows Media Connect 2\wmccds.exe
WMI Performance Adapter = C:\WINDOWS\System32\wbem\wmiapsrv.exe

* Stopped & disabled (9) *
Alerter = C:\WINDOWS\System32\svchost.exe -k LocalService
ClipBook = C:\WINDOWS\system32\clipsrv.exe
Messenger = C:\WINDOWS\System32\svchost.exe -k netsvcs
Network DDE = C:\WINDOWS\system32\netdde.exe
Network DDE DSDM = C:\WINDOWS\system32\netdde.exe
Routing and Remote Access = C:\WINDOWS\System32\svchost.exe -k netsvcs
SQL Server Active Directory Helper = "C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe"
SQL Server Browser = "C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
Visual Studio 2005 Remote Debugger = "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80


[Windows XP Security]
* Security Center *
- This user
FirstRun = dword: 1

- All users
AntiVirusDisableNotify = dword: 0
FirewallDisableNotify = dword: 0
UpdatesDisableNotify = dword: 0
AntiVirusOverride = dword: 0
FirewallOverride = dword: 0

* System Restore *
- All users
DisableSR = dword: 0
CreateFirstRunRp = dword: 1
DSMin = dword: 200
DSMax = dword: 400
RPSessionInterval = dword: 0
RPGlobalInterval = dword: 86400
RPLifeInterval = dword: 7776000
CompressionBurst = dword: 60
TimerInterval = dword: 120
DiskPercent = dword: 12
ThawInterval = dword: 900
RestoreDiskSpaceError = dword: 0



==================================================
= Other users on this computer: Default user =
==================================================
--------------------

Autostart folders:

[Startup]
desktop.ini
Microsoft Office OneNote 2003 Quick Launch.lnk

[User Startup]
desktop.ini

--------------------

IniMapping values:

User screensaver = logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145


--------------------

Internet Explorer menu extensions (1):

E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

--------------------

Registry 'Run' keys:

[User Run]
Communicator = "C:\Program Files\Microsoft Office Communicator\Communicator.exe"
Spyware Doctor = "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q


==================================================
= Other users on this computer: LOCAL SERVICE =
==================================================
--------------------

Autostart folders:

[User Startup]
desktop.ini

--------------------

IniMapping values:

User screensaver = C:\WINDOWS\System32\logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145


--------------------

Registry 'Run' keys:

[User Run]
Communicator = "C:\Program Files\Microsoft Office Communicator\Communicator.exe"


==================================================
= Other users on this computer: NETWORK SERVICE =
==================================================
--------------------

Autostart folders:

[User Startup]
desktop.ini

--------------------

IniMapping values:

User screensaver = C:\WINDOWS\System32\logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145


--------------------

Registry 'Run' keys:

[User Run]
Communicator = "C:\Program Files\Microsoft Office Communicator\Communicator.exe"


==================================================
= Other users on this computer: SYSTEM =
==================================================
--------------------

Autostart folders:

[Startup]
desktop.ini
Microsoft Office OneNote 2003 Quick Launch.lnk

[User Startup]
desktop.ini

--------------------

IniMapping values:

User screensaver = logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145


--------------------

Internet Explorer menu extensions (1):

E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

--------------------

Registry 'Run' keys:

[User Run]
Communicator = "C:\Program Files\Microsoft Office Communicator\Communicator.exe"
Spyware Doctor = "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q



==================================================
= Other hardware configurations: Last known good =
==================================================
--------------------

On-reboot actions:

BootExecute = autocheck autochk *

--------------------

Services:

[NT Services (53)]
Ati HotKey Poller = C:\WINDOWS\system32\Ati2evxx.exe
Automatic Updates = C:\WINDOWS\System32\svchost.exe -k netsvcs
Bluetooth Support Service = C:\WINDOWS\system32\svchost.exe -k bthsvcs
Computer Browser = C:\WINDOWS\System32\svchost.exe -k netsvcs
Cryptographic Services = C:\WINDOWS\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher = C:\WINDOWS\system32\svchost -k DcomLaunch
DHCP Client = C:\WINDOWS\System32\svchost.exe -k netsvcs
Distributed Link Tracking Client = C:\WINDOWS\system32\svchost.exe -k netsvcs
DNS Client = C:\WINDOWS\System32\svchost.exe -k NetworkService
Error Reporting Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
Event Log = C:\WINDOWS\system32\services.exe
EvtEng = C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
Help and Support = C:\WINDOWS\System32\svchost.exe -k netsvcs
HID Input Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
IIS Admin = C:\WINDOWS\system32\inetsrv\inetinfo.exe
Indexing Service = C:\WINDOWS\System32\cisvc.exe
IPSEC Services = C:\WINDOWS\System32\lsass.exe
Logical Disk Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs
Machine Debug Manager = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
Net Logon = C:\WINDOWS\System32\lsass.exe
OfficeScanNT Listener = C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
OfficeScanNT Personal Firewall = C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
OfficeScanNT RealTime Scan = C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
PC Tools Spyware Doctor = C:\Program Files\Spyware Doctor\sdhelp.exe
Plug and Play = C:\WINDOWS\system32\services.exe
Print Spooler = C:\WINDOWS\system32\spoolsv.exe
Protected Storage = C:\WINDOWS\system32\lsass.exe
RegSrvc = C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
Remote Procedure Call (RPC) = C:\WINDOWS\system32\svchost -k rpcss
Remote Registry = C:\WINDOWS\system32\svchost.exe -k LocalService
Secondary Logon = C:\WINDOWS\System32\svchost.exe -k netsvcs
Security Accounts Manager = C:\WINDOWS\system32\lsass.exe
Security Center = C:\WINDOWS\System32\svchost.exe -k netsvcs
Server = C:\WINDOWS\System32\svchost.exe -k netsvcs
Shell Hardware Detection = C:\WINDOWS\System32\svchost.exe -k netsvcs
Simple Mail Transfer Protocol (SMTP) = C:\WINDOWS\system32\inetsrv\inetinfo.exe
Spectrum24 Event Monitor = C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
System Event Notification = C:\WINDOWS\system32\svchost.exe -k netsvcs
System Restore Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
Task Scheduler = C:\WINDOWS\System32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper = C:\WINDOWS\System32\svchost.exe -k LocalService
Themes = C:\WINDOWS\System32\svchost.exe -k netsvcs
WebClient = C:\WINDOWS\System32\svchost.exe -k LocalService
Windows Audio = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Firewall/Internet Connection Sharing (ICS) = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Management Instrumentation = C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Search Service = C:\WINDOWS\system32\SearchIndexer.exe /Embedding
Windows Time = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows User Mode Driver Framework = C:\WINDOWS\system32\wdfmgr.exe
Wireless Zero Configuration = C:\WINDOWS\System32\svchost.exe -k netsvcs
WLANKEEPER = C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Workstation = C:\WINDOWS\System32\svchost.exe -k netsvcs
World Wide Web Publishing = C:\WINDOWS\system32\inetsrv\inetinfo.exe

[VxD Services (1)]
JAVASUP = JAVASUP.VXD

[SafeBoot services (Minimal boot)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
dmboot.sys
dmio.sys
dmload.sys
sermouse.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
PCI Configuration
PNP Filter
Primary disk
SCSI Class
System Bus Extender

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AppMgmt
CryptSvc
DcomLaunch
dmadmin
dmserver
EventLog
HelpSvc
Netlogon
PlugPlay
RpcSs
SRService
vds
WinMgmt

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}

* Volume shadow copy *
{533C5B84-EC70-11D2-9505-00C04F79DEAF}


[SafeBoot services (Minimal boot + network support)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
dmboot.sys
dmio.sys
dmload.sys
ip6fw.sys
ipnat.sys
rdpcdd.sys
rdpdd.sys
rdpwd.sys
sermouse.sys
tdpipe.sys
tdtcp.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
NDIS
NDIS Wrapper
NetBIOSGroup
NetDDEGroup
Network
NetworkProvider
PCI Configuration
PNP Filter
PNP_TDI
Primary disk
SCSI Class
Streams Drivers
System Bus Extender
TDI

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* Net *
{4D36E972-E325-11CE-BFC1-08002BE10318}

* NetClient *
{4D36E973-E325-11CE-BFC1-08002BE10318}

* NetService *
{4D36E974-E325-11CE-BFC1-08002BE10318}

* NetTrans *
{4D36E975-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AFD
AppMgmt
Browser
CryptSvc
DcomLaunch
Dhcp
dmadmin
dmserver
DnsCache
EventLog
HelpSvc
LanmanServer
LanmanWorkstation
LmHosts
Messenger
Ndisuio
NetBIOS
NetBT
Netlogon
NetMan
NtLmSsp
PlugPlay
rdsessmgr
RpcSs
sharedaccess
SRService
Tcpip
termservice
UploadMgr
WinMgmt
WZCSVC

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}


[SafeBoot: Alternate shell]
cmd.exe (not enabled)

--------------------

Driver filters:

[Class filters]
* Infrared devices *
- Upper filters
IRENUM.sys

* Storage volumes *
- Upper filters
VolSnap.sys

* Tape drives *
- Lower filters
drvmcdb.sys
PxHelp20.sys



[Device filters]
* Alps Touch Pad *
- Upper filters
ApfiltrService.sys

* Bluetooth Device (RFCOMM Protocol TDI) *
- Upper filters
BthEnum.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* Conexant D110 MDC V.92 Modem *
- Lower filters
HSFHWICH.sys
HSF_DPV.sys
winachsf.sys

* Direct Parallel *
- Lower filters
PtiLink.sys

* Microsoft USB Wheel Mouse Optical (IntelliPoint) *
- Upper filters
Point32.sys
  • 0

#15
peterg99
Posted 09 September 2006 - 09:05 PM

peterg99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
* Microsoft USB Wireless Mouse (IntelliPoint) *
- Upper filters
Point32.sys

* Microsoft USB Wireless Mouse (IntelliPoint) *
- Upper filters
Point32.sys

* Terminal Server Keyboard Driver *
- Upper filters
kbdclass.sys

* Terminal Server Mouse Driver *
- Upper filters
mouclass.sys

* WAN Miniport (IP) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPPOE) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPTP) *
- Lower filters
NdisTapi.sys



--------------------

Print monitors (8):

BJ Language Monitor - cnbjmon.dll
Local Port - localspl.dll
Microsoft Document Imaging Writer Monitor - mdimon.dll
Microsoft Office Live Meeting Document Writer Monitor - lmdimon.dll
PJL Language Monitor - pjlmon.dll
Standard TCP/IP Port - tcpmon.dll
Toshiba Bluetooth Monitor - tbtmon.dll
USB Monitor - usbmon.dll

--------------------

WinLogon autoruns:

UserInit = C:\WINDOWS\system32\userinit.exe,
VmApplet = rundll32 shell32,Control_RunDLL "sysdm.cpl"

[Notify (12)]
AtiExtEvent = Ati2evxx.dll
crypt32chain = crypt32.dll
cryptnet = cryptnet.dll
cscdll = cscdll.dll
IntelWireless = C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
ScCertProp = wlnotify.dll
Schedule = wlnotify.dll
sclgntfy = sclgntfy.dll
SensLogn = WlNotify.dll
termsrv = wlnotify.dll
WgaLogon = WgaLogon.dll
wlballoon = wlnotify.dll

[Group policy extensions (12)]
Wireless = gptext.dll
Folder Redirection = fdeploy.dll
Microsoft Disk Quota = dskquota.dll
QoS Packet Scheduler = gptext.dll
Scripts = gptext.dll
Internet Explorer Zonemapping = iedkcs32.dll
Windows Search Group Policy Extension = %SystemRoot%\System32\srchadmin.dll
Security = scecli.dll
Internet Explorer Branding = iedkcs32.dll
EFS recovery = scecli.dll
Software Installation = appmgmts.dll
IP Security = gptext.dll

--------------------

Policies:

[This user]
* Primary policies *
- Software\Policies\Microsoft\Cryptography\AutoEnrollment (1)
AEPolicy = dword: 7

- Software\Policies\Microsoft\Windows\Installer (1)
AlwaysInstallElevated = dword: 1

* Alternate policies *
- Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1)
NoDriveTypeAutoRun = dword: 145



[All users]
* Primary policies *
- Software\Policies\Microsoft\Messenger\Client (1)
DisablePawn = dword: 1

- Software\Policies\Microsoft\Windows\Installer (2)
EnableAdminTSRemote = dword: 1
AlwaysInstallElevated = dword: 1

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000} (7)
ClassName = ipsecFilter
description = Matches all ICMP packets between this computer and any other computer.
name = ipsecFilter{72385235-70fa-11d1-864c-14a300000000}
ipsecName = All ICMP Traffic
ipsecID = {72385235-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000} (7)
ClassName = ipsecFilter
description = Matches all IP packets from this computer to any other computer, except broadcast, multicast, Kerberos, RSVP and ISAKMP (IKE).
name = ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}
ipsecName = All IP Traffic
ipsecID = {7238523a-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}
ipsecID = {72385231-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}
ipsecID = {72385234-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}
ipsecID = {72385237-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}
ipsecID = {7238523d-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{3257e96d-2cee-4e3a-969c-ff12c55bf5ad} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{3257e96d-2cee-4e3a-969c-ff12c55bf5ad}
ipsecID = {3257e96d-2cee-4e3a-969c-ff12c55bf5ad}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Accepts unsecured communication, but requests clients to establish trust and security methods. Will communicate insecurely to untrusted clients if they do not respond to request.
name = ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}
ipsecName = Request Security (Optional)
ipsecID = {72385233-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {3f91a81a-7647-11d1-864d-d46a00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Permit unsecured IP packets to pass through.
name = ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
ipsecName = Permit
ipsecID = {7238523b-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {8a171dd2-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients.
name = ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}
ipsecName = Require Security
ipsecID = {7238523f-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {3f91a81a-7647-11d1-864d-d46a00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{f63f74b3-c37a-4da5-8210-945f6c9ce058} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{f63f74b3-c37a-4da5-8210-945f6c9ce058}
ipsecID = {f63f74b3-c37a-4da5-8210-945f6c9ce058}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{fc792a46-b5ee-49dd-9b4a-9b855a32ca3b} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{fc792a46-b5ee-49dd-9b4a-9b855a32ca3b}
ipsecID = {fc792a46-b5ee-49dd-9b4a-9b855a32ca3b}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{047c4095-df6e-4afb-b492-9c767be510b7} (6)
ClassName = ipsecNFA
name = ipsecNFA{047c4095-df6e-4afb-b492-9c767be510b7}
ipsecID = {047c4095-df6e-4afb-b492-9c767be510b7}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{fc792a46-b5ee-49dd-9b4a-9b855a32ca3b}
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{25dd658e-37e2-455d-aeae-35860d6d40d5} (8)
ClassName = ipsecNFA
name = ipsecNFA{25dd658e-37e2-455d-aeae-35860d6d40d5}
ipsecName = Request Security (Optional) Rule
description = For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request.
ipsecID = {25dd658e-37e2-455d-aeae-35860d6d40d5}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{3f969eb1-592f-441c-bf45-f818950bb5f7} (6)
ClassName = ipsecNFA
name = ipsecNFA{3f969eb1-592f-441c-bf45-f818950bb5f7}
ipsecID = {3f969eb1-592f-441c-bf45-f818950bb5f7}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{f63f74b3-c37a-4da5-8210-945f6c9ce058}
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{63501ea9-1c8a-4569-acb3-32ad7673d4e8} (8)
ClassName = ipsecNFA
name = ipsecNFA{63501ea9-1c8a-4569-acb3-32ad7673d4e8}
ipsecName = Permit unsecure ICMP packets to pass through.
description = Permit unsecure ICMP packets to pass through.
ipsecID = {63501ea9-1c8a-4569-acb3-32ad7673d4e8}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{ae7e6376-1452-4029-bc0c-8051ddc91a4b} (8)
ClassName = ipsecNFA
name = ipsecNFA{ae7e6376-1452-4029-bc0c-8051ddc91a4b}
ipsecName = Require Security
description = Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients.
ipsecID = {ae7e6376-1452-4029-bc0c-8051ddc91a4b}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{c49fd2de-5c7d-418b-8a10-7b9e43deb25b} (8)
ClassName = ipsecNFA
name = ipsecNFA{c49fd2de-5c7d-418b-8a10-7b9e43deb25b}
ipsecName = Permit unsecure ICMP packets to pass through.
description = Permit unsecure ICMP packets to pass through.
ipsecID = {c49fd2de-5c7d-418b-8a10-7b9e43deb25b}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{d291d34b-044c-4e1e-8ee4-9b1b78d3bd5c} (6)
ClassName = ipsecNFA
name = ipsecNFA{d291d34b-044c-4e1e-8ee4-9b1b78d3bd5c}
ipsecID = {d291d34b-044c-4e1e-8ee4-9b1b78d3bd5c}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{3257e96d-2cee-4e3a-969c-ff12c55bf5ad}
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request.
name = ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}
ipsecName = Server (Request Security)
ipsecID = {72385230-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = Communicate normally (unsecured). Use the default response rule to negotiate with servers that request security. Only the requested protocol and port traffic with that server is secured.
name = ipsecPolicy{72385236-70fa-11d1-864c-14a300000000}
ipsecName = Client (Respond Only)
ipsecID = {72385236-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = For all IP traffic, always require security using Kerberos trust. Do NOT allow unsecured communication with untrusted clients.
name = ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}
ipsecName = Secure Server (Require Security)
ipsecID = {7238523c-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115329387

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers (4)
TransparentEnabled = dword: 1
DefaultLevel = dword: 262144
AuthenticodeEnabled = dword: 0
PolicyScope = dword: 0

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} (4)
Description = Stop the download of this file
FriendlyName = Mdac11.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} (4)
Description = Stop the download of this file
FriendlyName = mdac20.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} (4)
Description = Stop the download of this file
FriendlyName = mdac20_a.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} (4)
Description = Stop the download of this file
FriendlyName = _msadc10.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} (4)
Description = Stop the download of this file
FriendlyName = msadc11.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} (2)
Description =
SaferFlags = dword: 0

- Software\Policies\Microsoft\Windows NT\Printers (1)
PhysicalLocationSupport = dword: 1

* Alternate policies *
- Software\Microsoft\Windows\CurrentVersion\policies\NonEnum (4)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = dword: 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = dword: 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = dword: 32
{B73A057F-DC1B-4067-9D8E-B69A07A7C368} = dword: 1

- Software\Microsoft\Windows\CurrentVersion\policies\system (5)
dontdisplaylastusername = dword: 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = dword: 1
undockwithoutlogon = dword: 1



--------------------

Browser Helper Objects (5):

Adobe PDF Reader Link Helper = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
DriveLetterAccess = {5CA3D70E-1895-11CF-8E15-001234567890} = C:\WINDOWS\system32\dla\tfswshx.dll
Google Toolbar Helper = {AA58ED58-01DD-4d91-8333-CF10577473F7} = c:\program files\google\googletoolbar1.dll
PCTools Browser Monitor = {B56A7D7D-6927-48C8-A975-17DF180C71AC} = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
PCTools Site Guard = {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

--------------------

ActiveX objects (13):

BASEIE40_W2K - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe
BRANDING.CAB - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
DOTNETFRAMEWORKS - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
IE4Shell_NT - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
IEACCESS - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
MailNews - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
NetMeeting - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
OEACCESS - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
Theme Component - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
WAB - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
Windows Marketplace Link - {4b218e3e-bc98-4770-93d3-2731b9329278} - C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 C:\WINDOWS\inf\ie.inf
WMPACCESS - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

--------------------

Internet Explorer toolbars:

[This user]
* ShellBrowser (2) *
&Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
&Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

* WebBrowser (3) *
&Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
&Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll
&Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll


--------------------

Internet Explorer buttons/tools (3):

Research - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
@xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
@C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

--------------------

Internet Explorer menu extensions:

[This user (2)]
Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

--------------------

Internet Explorer Bands (8):

Search Band - {30D02401-6A81-11d0-8274-00C04FD5AE38} - C:\WINDOWS\System32\browseui.dll
&Tip of the Day - {4D5C8C25-D075-11d0-B416-00C04FB90376} - C:\WINDOWS\system32\shdocvw.dll
&Discuss - {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} - shdocvw.dll
File Search Explorer Band - {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - C:\WINDOWS\system32\SHELL32.dll
Favorites Band - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
History Band - {EFA24E62-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
Explorer Band - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
&Research - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

--------------------

Downloaded Program Files (14):

Microsoft XML Parser for Java - Microsoft XML Parser for Java - (no file) - file://C:\WINDOWS\Java\classes\xmldso.cab
Office Genuine Advantage Validation Tool - {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - C:\WINDOWS\system32\OGACheckControl.DLL - http://go.microsoft....k/?linkid=58813
OfficeScan Corp Edition Web-Deployment SetupINICtrl Class - {08D75BB0-D2B5-11D1-88FC-0080C859833B} - C:\WINDOWS\Downloaded Program Files\OfficeScanSetupINI.dll - https://sjc-fp02/off...ll/setupini.cab
OfficeScan Corp Edition Web-Deployment SetupCtrl Class - {08D75BC1-D2B5-11D1-88FC-0080C859833B} - C:\WINDOWS\Downloaded Program Files\OfficeScanSetup.dll - https://sjc-fp02/off...stall/setup.cab
Meet247 - Live Meeting - {2591F13E-4ED2-4EB6-AC24-F9F543BA4B7B} - C:\WINDOWS\DOWNLO~1\OMCLML~1.OCX - https://www.meet247....mLauncher43.ocx
Office Update Installation Engine - {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - C:\WINDOWS\opuc.dll - http://office.micros...ntent/opuc3.cab
Malicious Software Removal Tool - {4B48D5DF-9021-45F7-A240-60304302A215} - C:\WINDOWS\Downloaded Program Files\WebCleaner.dll - http://download.micr.../WebCleaner.cab
OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class - {5EFE8CB1-D095-11D1-88FC-0080C859833B} - C:\WINDOWS\Downloaded Program Files\OfficeScanRemoveCtrl.dll - https://sjc-fp02/off.../RemoveCtrl.cab
MUWebControl Class - {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - C:\WINDOWS\system32\muweb.dll - http://update.micros...b?1139421660718
Microsoft Virtual Server VMRC Control - {7C896371-4B7F-4B34-95B1-24851F5DED24} - C:\WINDOWS\Downloaded Program Files\VMRCActiveXClient.dll - http://localhost/Vir...tiveXClient.cab
Shockwave Flash Object - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx - http://download.macr...ash/swflash.cab
GpcContainer Class - {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - C:\WINDOWS\Downloaded Program Files\ieatgpc.dll - https://emcsoftwareg...bex/ieatgpc.cab
McFreeScan Class - {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll - http://download.mcaf...820/mcfscan.cab
RSClientPrint Class - {FA91DF8D-53AB-455D-AB20-F2F023E498D3} - C:\WINDOWS\Downloaded Program Files\RSClientPrint.dll - http://localhost/Rep...OpType=PrintCab

--------------------

URL search hooks:

[This user (1)]
Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll

--------------------

Explorer clones:

C:\WINDOWS\explorer.exe

--------------------

Image File Execution Options (1):

Your Image File Name Here without a path = ntsd -d

--------------------

ContextMenuHandlers:

[* (6)]
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll
Open With = {09799AFB-AD67-11d1-ABCD-00C04FC30936} = C:\WINDOWS\system32\SHELL32.dll
Open With EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = C:\WINDOWS\system32\SHELL32.dll
Start Menu Pin = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = C:\WINDOWS\system32\SHELL32.dll
tosBtShllExt = {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} = C:\WINDOWS\system32\TosBtShell.dll
WinZip = {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[Drive (7)]
Disk Copy Extension = {59099400-57FF-11CE-BD94-0020AF85B590} = diskcopy.dll
DriveLetterAccess = {5CA3D70E-1895-11CF-8E15-001234567890} = C:\WINDOWS\system32\dla\tfswshx.dll
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll
Portable Media Devices Menu = {cc86590a-b60a-48e6-996b-41d25ed39a1e} = C:\WINDOWS\system32\Audiodev.dll
RecordNow! ContextMenuExt = {E91B2703-013E-4A99-AD33-2B6FB00AA356} = C:\Program Files\Sonic\RecordNow Deluxe\RecordNow! Deluxe\shlext.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
ShellFolder for CD Burning = {fbeb8a05-beee-4442-804e-409d6c4515e9} = C:\WINDOWS\system32\SHELL32.dll

[Folder (2)]
SpySweeper = {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
WinZip = {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[CompressedFolder (1)]
Compressed (zipped) Folder Context Menu = {b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} = C:\WINDOWS\System32\zipfldr.dll

[Directory (5)]
EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = C:\WINDOWS\system32\SHELL32.dll
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
tosBtShllExt = {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} = C:\WINDOWS\system32\TosBtShell.dll
WinZip = {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[Directory\Background (1)]
New = {D969A300-E7FF-11d0-A93B-00A0C90F2719} = C:\WINDOWS\system32\SHELL32.dll

[ChannelShortcut (1)]
Channel Menu Handler Object = {f3da0dc0-9cc8-11d0-a599-00c04fd64437} = C:\WINDOWS\system32\cdfview.dll

[InternetShortcut (1)]
Internet Shortcut = {FBF23B40-E3F0-101B-8488-00AA003E56F8} = shdocvw.dll

[AllFileSystemObjects (2)]
Send To = {7BA4C740-9E81-11CF-99D3-00AA004AE837} = C:\WINDOWS\system32\SHELL32.dll
SpySweeper = {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll

--------------------

ColumnHandlers (5):

(no name) - {0D2E74C4-3C34-11d2-A27E-00C04FC30871} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {24F14F01-7B1C-11d1-838f-0000F80461CF} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {24F14F02-7B1C-11d1-838f-0000F80461CF} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {66742402-F9B9-11D1-A202-0000F81FEDEE} - C:\WINDOWS\system32\SHELL32.dll
PDF Shell Extension - {F9DB5320-233E-11D1-9F84-707F02C10627} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

--------------------

ShellExecuteHooks (2):

URL Exec Hook = {56F9679E-7826-4C84-81F3-532071A8BCC5} = C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
URL Exec Hook = {AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

--------------------

Approved Shell Extensions:

[All users (205)]
%DESC_PublishDropTarget% - {60fd46de-f830-4894-a628-6fa81bc0190d} - C:\WINDOWS\System32\photowiz.dll
&Address - {01E04581-4EEE-11d0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
.CAB file viewer - {0CD7A5C0-9F37-11CE-AE65-08002B2E1262} - cabview.dll
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} - {506F4668-F13E-4AA1-BB04-B43203AB3CC0} - C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL
{D66DC78C-4F61-447F-942B-3FB6980118CF} - {D66DC78C-4F61-447F-942B-3FB6980118CF} - C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL
Accessible - {7e653215-fa25-46bd-a339-34a2790f3cb7} - C:\WINDOWS\System32\browseui.dll
ActiveX Cache Folder - {88C6C381-2E85-11D0-94DE-444553540000} - C:\WINDOWS\System32\occache.dll
Address Bar Parser - {E0E11A09-5CB8-4B6C-8332-E00720A168F2} - C:\WINDOWS\System32\browseui.dll
Address EditBox - {A08C11D2-A228-11d0-825B-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
Administrative Tools - {D20EA4E1-3957-11d2-A40B-0C5020524153} - C:\WINDOWS\system32\shdocvw.dll
Audio Media Properties Handler - {875CB1A1-0F29-45de-A1AE-CFB4950D0B78} - C:\WINDOWS\System32\shmedia.dll
Augmented Shell Folder - {91EA3F8B-C99B-11d0-9815-00C04FD91972} - C:\WINDOWS\System32\browseui.dll
Augmented Shell Folder 2 - {6413BA2C-B461-11d1-A18A-080036B11A03} - C:\WINDOWS\System32\browseui.dll
Auto Update Property Sheet Extension - {5F327514-6C5E-4d60-8F16-D07FA08A78ED} - C:\WINDOWS\system32\wuaucpl.cpl
Avi Properties Handler - {87D62D94-71B3-4b9a-9489-5FE6850DC73E} - C:\WINDOWS\System32\shmedia.dll
BandProxy - {F61FFEC1-754F-11d0-80CA-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
Bluetooth - {45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} - C:\WINDOWS\system32\TosBtExt.dll
Briefcase - {85BBD920-42A0-1069-A2E4-08002B30309D} - syncui.dll
CDF Extension Copy Hook - {67EA19A0-CCEF-11d0-8024-00C04FD75D13} - C:\WINDOWS\system32\shdocvw.dll
Channel File - {f39a0dc0-9cc8-11d0-a599-00c04fd64433} - C:\WINDOWS\system32\cdfview.dll
Channel Handler Object - {f3ba0dc0-9cc8-11d0-a599-00c04fd64435} - C:\WINDOWS\system32\cdfview.dll
Channel Menu - {f3da0dc0-9cc8-11d0-a599-00c04fd64437} - C:\WINDOWS\system32\cdfview.dll
Channel Properties - {f3ea0dc0-9cc8-11d0-a599-00c04fd64438} - C:\WINDOWS\system32\cdfview.dll
Channel Shortcut - {f3aa0dc0-9cc8-11d0-a599-00c04fd64434} - C:\WINDOWS\system32\cdfview.dll
Code Download Agent - {7D559C10-9FE9-11d0-93F7-00AA0059CE02} - C:\WINDOWS\System32\webcheck.dll
Compatibility Page - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} - SlayerXP.dll
Compressed (zipped) Folder - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} - C:\WINDOWS\System32\zipfldr.dll
Compressed (zipped) Folder Right Drag Handler - {BD472F60-27FA-11cf-B8B4-444553540000} - C:\WINDOWS\System32\zipfldr.dll
Compressed (zipped) Folder SendTo Target - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} - C:\WINDOWS\System32\zipfldr.dll
ConnectionAgent - {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} - C:\WINDOWS\System32\webcheck.dll
Crypto PKO Extension - {7444C717-39BF-11D1-8CD9-00C04FC29D45} - C:\WINDOWS\system32\cryptext.dll
Crypto Sign Extension - {7444C719-39BF-11D1-8CD9-00C04FC29D45} - C:\WINDOWS\system32\cryptext.dll
Custom MRU AutoCompleted List - {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} - C:\WINDOWS\System32\browseui.dll
Darwin App Publisher - {CFCCC7A0-A282-11D1-9082-006008059382} - C:\WINDOWS\System32\appwiz.cpl
DfsShell - {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} - C:\WINDOWS\System32\dfsshlex.dll
Directory Context Menu Verbs - {62AE1F9A-126A-11D0-A14B-0800361B1103} - C:\WINDOWS\System32\dsuiext.dll
Directory Object Find - {163FDC20-2ABC-11d0-88F0-00A024AB2DBB} - C:\WINDOWS\System32\dsquery.dll
Directory Property UI - {0D45D530-764B-11d0-A1CA-00AA00C16E65} - C:\WINDOWS\System32\dsuiext.dll
Directory Query UI - {8A23E65E-31C2-11d0-891C-00A024AB2DBB} - C:\WINDOWS\System32\dsquery.dll
Directory Start/Search Find - {F020E586-5264-11d1-A532-0000F8757D7E} - C:\WINDOWS\System32\dsquery.dll
Disk Copy Extension - {59099400-57FF-11CE-BD94-0020AF85B590} - diskcopy.dll
Disk Quota UI - {7988B573-EC89-11cf-9C00-00AA00A14F56} - dskquoui.dll
Display Adapter CPL Extension - {42071712-76d4-11d1-8b24-00a0c9068ff3} - deskadp.dll
Display Monitor CPL Extension - {42071713-76d4-11d1-8b24-00a0c9068ff3} - deskmon.dll
Display Panning CPL Extension - {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll
Display TroubleShoot CPL Extension - {f92e8c40-3d33-11d2-b1aa-080036a75b03} - deskperf.dll
Download Status - {22BF0C20-6DA7-11D0-B373-00A0C9034938} - C:\WINDOWS\System32\browseui.dll
DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
DS Security Page - {4E40F770-369C-11d0-8922-00A024AB2DBB} - dssec.dll
E-mail - {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Encryption Context Menu - {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} -
Explorer Band - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
Extensions Manager Folder - {692F0339-CBAA-47e6-B5B5-3B84DB604E87} - C:\WINDOWS\system32\extmgr.dll
Favorites Band - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
Fonts - {BD84B380-8CA2-1069-AB1D-08000948F534} - fontext.dll
Fonts - {D20EA4E1-3957-11d2-A40B-0C5020524152} - C:\WINDOWS\system32\shdocvw.dll
For &People... - {32714800-2E5F-11d0-8B85-00AA0044F941} - C:\Program Files\Outlook Express\wabfind.dll
FTP Folders Webview - {63da6ec0-2e98-11cf-8d82-444553540000} - C:\WINDOWS\System32\msieftp.dll
Fusion Cache - {1D2680C9-0E2A-469d-B787-065558BC7D43} - C:\WINDOWS\system32\mscoree.dll
GDI+ file thumbnail extractor - {3F30C968-480A-4C6C-862D-EFC0897BB84B} - C:\WINDOWS\System32\shimgvw.dll
Get a Passport Wizard - {58f1f272-9240-4f51-b6d4-fd63d1618591} - C:\WINDOWS\System32\netplwiz.dll
Global Folder Settings - {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} - C:\WINDOWS\System32\browseui.dll
Help and Support - {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Help and Support - {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
History - {FF393560-C2A7-11CF-BFF4-444553540000} - C:\WINDOWS\system32\shdocvw.dll
History Band - {EFA24E62-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
HTML Thumbnail Extractor - {EAB841A0-9550-11cf-8C16-00805F1408F3} - C:\WINDOWS\System32\shimgvw.dll
HyperTerminal Icon Ext - {88895560-9AA2-1069-930E-00AA0030EBC8} - C:\WINDOWS\System32\hticons.dll
ICC Profile - {DBCE2480-C732-101B-BE72-BA78E9AD5B27} - C:\WINDOWS\system32\icmui.dll
ICM Monitor Management - {5DB2625A-54DF-11D0-B6C4-0800091AA605} - C:\WINDOWS\System32\icmui.dll
ICM Printer Management - {675F097E-4C4D-11D0-B6C1-0800091AA605} - C:\WINDOWS\system32\icmui.dll
ICM Scanner Management - {176d6597-26d3-11d1-b350-080036a75b03} - icmui.dll
IE4 Suite Splash Screen - {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\system32\shdocvw.dll
IIS Shell Extension - {5a61f7a0-cde1-11cf-9113-00aa00425c62} - C:\WINDOWS\system32\inetsrv\w3ext.dll
In-pane search - {169A0691-8DF9-11d1-A1C4-00C04FD75D13} - C:\WINDOWS\System32\browseui.dll
Installed Apps Enumerator - {0B124F8F-91F0-11D1-B8B5-006008059382} - C:\WINDOWS\System32\appwiz.cpl
IntelliPoint Activities Control Panel Property Page - {653DCCC2-13DB-45B2-A389-427885776CFE} - "C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"
IntelliPoint Buttons Control Panel Property Page - {124597D8-850A-41AE-849C-017A4FA99CA2} - "C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"
IntelliPoint Wheel Control Panel Property Page - {AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} - "C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"
IntelliPoint Wireless Control Panel Property Page - {20082881-FC36-4E47-9A7A-644C95FF749F} - "C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"
Internet - {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Internet Name Space - {871C5380-42A0-1069-A2EA-08002B30309D} - C:\WINDOWS\system32\shdocvw.dll
InternetShortcut - {FBF23B40-E3F0-101B-8488-00AA003E56F8} - shdocvw.dll
ISFBand OC - {131A6951-7F78-11D0-A979-00C04FD705A2} - C:\WINDOWS\system32\shdocvw.dll
Maxtor Locked Drives - {7059DA7A-7E60-11d2-A355-00C04FB9D26E} - C:\WINDOWS\System32\MXONmSpace.dll
Media Band - {32683183-48a0-441b-a342-7c2a440a9478} -
Microsoft Agent Character Property Sheet Handler - {143A62C8-C33B-11D1-84FE-00C04FA34A14} - C:\WINDOWS\msagent\agentpsh.dll
Microsoft AutoComplete - {00BB2763-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\System32\browseui.dll
Microsoft Browser Architecture - {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} - C:\WINDOWS\system32\shdocvw.dll
Microsoft BrowserBand - {7BA4C742-9E81-11CF-99D3-00AA004AE837} - C:\WINDOWS\System32\browseui.dll
Microsoft Data Link - {2206CDB2-19C1-11D1-89E0-00C04FD7A829} - C:\Program Files\Common Files\System\Ole DB\oledb32.dll
Microsoft DocProp Inplace Calendar Control - {6A205B57-2567-4A2C-B881-F787FAB579A3} - C:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Inplace Droplist Combo Control - {0EEA25CC-4362-4A12-850B-86EE61B0D3EB} - C:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Inplace Edit Box Control - {A9CF0EAE-901A-4739-A481-E35B73E47F6D} - C:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Inplace ML Edit Box Control - {8EE97210-FD1F-4B19-91DA-67914005F020} - C:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Inplace Time Control - {28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} - C:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Shell Ext - {883373C3-BF89-11D1-BE35-080036B11A03} - C:\WINDOWS\System32\docprop2.dll
Microsoft History AutoComplete List - {00BB2764-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\System32\browseui.dll
Microsoft Internet Toolbar - {5E6AB780-7743-11CF-A12B-00AA004AE837} - C:\WINDOWS\System32\browseui.dll
Microsoft Multiple AutoComplete List Container - {00BB2765-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\System32\browseui.dll
Microsoft Office HTML Icon Handler - {42042206-2D85-11D3-8CFF-005004838597} - C:\Program Files\Microsoft Office\Office12\msohev.dll
Microsoft Office Metadata Handler - {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
Microsoft Office Outlook Custom Icon Handler - {0006F045-0000-0000-C000-000000000046} - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
Microsoft Office Outlook Desktop Icon Handler - {00020D75-0000-0000-C000-000000000046} - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
Microsoft Office Thumbnail Handler - {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
Microsoft Shell Folder AutoComplete List - {03C036F1-A186-11D0-824A-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
Microsoft Url History Service - {3C374A40-BAE4-11CF-BF7D-00AA006946EE} - C:\WINDOWS\system32\shdocvw.dll
Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll
Microsoft Visual SourceSafe - {B73A057F-DC1B-4067-9D8E-B69A07A7C368} - C:\Program Files\Microsoft Visual SourceSafe\tdnamespaceextension.dll
Midi Properties Handler - {A6FD9E45-6E44-43f9-8644-08598F5A74D9} - C:\WINDOWS\System32\shmedia.dll
MMC Icon Handler - {7A80E4A8-8005-11D2-BCF8-00C04F72C717} - C:\WINDOWS\System32\mmcshext.dll
MRU AutoComplete List - {6756A641-DE71-11d0-831B-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
Multimedia File Property Sheet - {00022613-0000-0000-C000-000000000046} - mmsys.cpl
MyDocs Copy Hook - {ECF03A33-103D-11d2-854D-006008059367} - C:\WINDOWS\System32\mydocs.dll
MyDocs Drop Target - {ECF03A32-103D-11d2-854D-006008059367} - C:\WINDOWS\System32\mydocs.dll
MyDocs Properties - {4a7ded0a-ad25-11d0-98a8-0800361b1103} - C:\WINDOWS\System32\mydocs.dll
Network Connections - {7007ACC7-3202-11D1-AAD2-00805FC1270E} - C:\WINDOWS\system32\NETSHELL.dll
Network Connections - {992CFFA0-F557-101A-88EC-00DD010CCC48} - C:\WINDOWS\system32\NETSHELL.dll
NTFS Security Page - {1F2E5C40-9550-11CE-99D2-00AA006E086C} - rshx32.dll
Offline Files Folder - {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} - C:\WINDOWS\System32\cscui.dll
Offline Files Folder Options - {10CFC467-4392-11d2-8DB4-00C04FA31A66} - C:\WINDOWS\System32\cscui.dll
Offline Files Menu - {750fdf0e-2a26-11d1-a3ea-080036587f03} - C:\WINDOWS\System32\cscui.dll
OLE Docfile Property Page - {3EA48300-8CF6-101B-84FB-666CCB9BCD32} - docprop.dll
PlusPack CPL Extension - {41E300E0-78B6-11ce-849B-444553540000} - C:\WINDOWS\System32\themeui.dll
Portable Media Devices - {640167b4-59b0-47a6-b335-a6b3c0695aea} - C:\WINDOWS\system32\Audiodev.dll
Portable Media Devices Menu - {cc86590a-b60a-48e6-996b-41d25ed39a1e} - C:\WINDOWS\system32\Audiodev.dll
PostAgent - {D8BD2030-6FC9-11D0-864F-00AA006809D9} - C:\WINDOWS\System32\webcheck.dll
Previous Versions - {9DB7A13C-F208-4981-8353-73CC61AE2783} - C:\WINDOWS\system32\twext.dll
Previous Versions Property Page - {596AB062-B4D2-4215-9F74-E9109B0A8153} - C:\WINDOWS\system32\twext.dll
Print Ordering via the Web - {add36aa8-751a-4579-a266-d66f5202ccbb} - C:\WINDOWS\System32\netplwiz.dll
Printers Security Page - {F37C5810-4D3F-11d0-B4BF-00AA00BBB723} - rshx32.dll
RecordNow! SendToExt - {DEE12703-6333-4D4E-8F34-738C4DCC2E04} - C:\Program Files\Sonic\RecordNow Deluxe\RecordNow! Deluxe\shlext.dll
Registry Tree Options Utility - {AF4F6510-F982-11d0-8595-00AA004CD6D8} - C:\WINDOWS\System32\browseui.dll
Remote Sessions CPL Extension - {F0152790-D56E-4445-850E-4F3117DB740C} - C:\WINDOWS\System32\remotepg.dll
Remote Storage Properties - {692E33B0-AF9D-11D0-B976-00A0C9190447} - C:\WINDOWS\system32\rsshell.dll
Run... - {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Scanners & Cameras - {3F953603-1008-4f6e-A73A-04AAC7A992F1} - wiashext.dll
Scanners & Cameras - {83bbcbf3-b28a-4919-a5aa-73027445d672} - wiashext.dll
Scanners & Cameras - {905667aa-acd6-11d2-8080-00805f6596d2} - wiashext.dll
Scanners & Cameras - {E211B736-43FD-11D1-9EFB-0000F8757FCD} - wiashext.dll
Scanners & Cameras - {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} - wiashext.dll
Scheduled Tasks - {D6277990-4C6A-11CF-8D87-00AA0060F5BF} - C:\WINDOWS\System32\mstask.dll
Search - {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Search Assistant OC - {9461b922-3c5a-11d2-bf8b-00c04fb93661} - C:\WINDOWS\system32\shdocvw.dll
Search Band - {30D02401-6A81-11d0-8274-00C04FD5AE38} - C:\WINDOWS\System32\browseui.dll
Sendmail service - {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} - C:\WINDOWS\System32\sendmail.dll
Sendmail service - {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} - C:\WINDOWS\System32\sendmail.dll
Set Program Access and Defaults - {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Shell Application Manager - {352EC2B7-8B9A-11D1-B8AE-006008059382} - C:\WINDOWS\System32\appwiz.cpl
Shell Automation Inproc Service - {0A89A860-D7B1-11CE-8350-444553540000} - C:\WINDOWS\system32\shdocvw.dll
Shell Band Site Menu - {ECD4FC4E-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
Shell DeskBar - {ECD4FC4C-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
Shell DeskBarApp - {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} - C:\WINDOWS\System32\browseui.dll
Shell DocObject Viewer - {E7E4BC40-E76A-11CE-A9BB-00AA004AE837} - C:\WINDOWS\system32\shdocvw.dll
Shell extensions for file compression - {764BF0E1-F219-11ce-972D-00AA00A14F56} -
Shell extensions for Microsoft Windows Network objects - {59be4990-f85c-11ce-aff7-00aa003ca9f6} - ntlanui2.dll
Shell extensions for sharing - {40dd6e20-7c17-11ce-a804-00aa003ca9f6} - ntshrui.dll
Shell extensions for sharing - {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} - ntshrui.dll
Shell extensions for Windows Script Host - {60254CA5-953B-11CF-8C96-00AA00B8708C} - C:\WINDOWS\system32\wshext.dll
Shell Icon Handler for Application References - {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} - C:\WINDOWS\system32\dfshim.dll
Shell Image Data Factory - {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} - C:\WINDOWS\System32\shimgvw.dll
Shell Image Property Handler - {eb9b1153-3b57-4e68-959a-a3266bc3d7fe} - C:\WINDOWS\System32\shimgvw.dll
Shell Image Verbs - {e84fda7c-1d6a-45f6-b725-cb260c236066} - C:\WINDOWS\System32\shimgvw.dll
Shell properties for a DS object - {9E51E0D0-6E0F-11d2-9601-00C04FA31A86} - C:\WINDOWS\System32\dsquery.dll
Shell Publishing Wizard Object - {6b33163c-76a5-4b6c-bf21-45de9cd503a1} - C:\WINDOWS\System32\netplwiz.dll
Shell Rebar BandSite - {ECD4FC4D-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
Shell Scrap DataHandler - {56117100-C0CD-101B-81E2-00AA004AE837} - shscrap.dll
Shell Search Band - {21569614-B795-46b1-85F4-E737A8DC09AD} - C:\WINDOWS\system32\browseui.dll
ShellLink for Application References - {e82a2d71-5b2f-43a0-97b8-81be15854de8} - C:\WINDOWS\system32\dfshim.dll
Subscription Folder - {F5175861-2688-11d0-9C5E-00AA00A45957} - C:\WINDOWS\System32\webcheck.dll
Subscription Mgr - {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} - C:\WINDOWS\System32\webcheck.dll
Summary Info Thumbnail handler (DOCFILES) - {9DBD2C50-62AD-11d0-B806-00C04FD706EC} - C:\WINDOWS\System32\shimgvw.dll
Taskbar and Start Menu - {0DF44EAA-FF21-4412-828E-260A8728E7F1} -
Tasks Folder Icon Handler - {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} - C:\WINDOWS\System32\mstask.dll
Tasks Folder Shell Extension - {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} - C:\WINDOWS\System32\mstask.dll
Temporary Internet Files - {7BD29E00-76C1-11CF-9DD0-00A0C9034933} - C:\WINDOWS\system32\shdocvw.dll
Temporary Internet Files - {7BD29E01-76C1-11CF-9DD0-00A0C9034933} - C:\WINDOWS\system32\shdocvw.dll
The Internet - {3DC7A020-0ACD-11CF-A9BB-00AA004AE837} - C:\WINDOWS\system32\shdocvw.dll
Track Popup Bar - {acf35015-526e-4230-9596-becbe19f0ac9} - C:\WINDOWS\System32\browseui.dll
TrayAgent - {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} - C:\WINDOWS\System32\webcheck.dll
TridentImageExtractor - {7376D660-C583-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\browseui.dll
User Accounts - {7A9D77BD-5403-11d2-8785-2E0420524153} -
User Assist - {DD313E04-FEFF-11d1-8ECD-0000F87A470C} - C:\WINDOWS\System32\browseui.dll
Video Media Properties Handler - {40C3D757-D6E4-4b49-BB41-0E5BBEA28817} - C:\WINDOWS\System32\shmedia.dll
Video Thumbnail Extractor - {c5a40261-cd64-4ccf-84cb-c394da41d590} - C:\WINDOWS\System32\shmedia.dll
VPCHostCopyHook - {8932AEFE-9DB6-4f43-AFB2-5682F55E773A} - C:\Program Files\Microsoft Virtual PC\VPCShExH.DLL
Wav Properties Handler - {E4B29F9D-D390-480b-92FD-7DDB47101D71} - C:\WINDOWS\System32\shmedia.dll
Web Folders - {BDEADF00-C265-11D0-BCED-00A0C90AB50F} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
Web Printer Shell Extension - {77597368-7b15-11d0-a0c2-080036af3f03} - printui.dll
Web Publishing Wizard - {CC6EEFFB-43F6-46c5-9619-51D571967F7D} - C:\WINDOWS\System32\netplwiz.dll
Web Search - {07798131-AF23-11d1-9111-00A0C98BA67D} - C:\WINDOWS\System32\browseui.dll
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll
WebCheck SyncMgr Handler - {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} - C:\WINDOWS\System32\webcheck.dll
WebCheckChannelAgent - {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} - C:\WINDOWS\System32\webcheck.dll
WebCheckWebCrawler - {08165EA0-E946-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll
Webroot Spy Sweeper Context Menu Integration - {7C9D5882-CB4A-4090-96C8-430BFE8B795B} - C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
Windows Desktop Search - {13E7F612-F261-4391-BEA2-39DF4F3FA311} - C:\Program Files\Windows Desktop Search\msnlExt.dll
Windows Media Player Add to Playlist Context Menu Handler - {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} - C:\WINDOWS\System32\wmpshell.dll
Windows Media Player Burn Audio CD Context Menu Handler - {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} - C:\WINDOWS\System32\wmpshell.dll
Windows Media Player Play as Playlist Context Menu Handler - {8DD448E6-C188-4aed-AF92-44956194EB1F} - C:\WINDOWS\System32\wmpshell.dll
Windows Search Shell Service - {da67b8ad-e81b-4c70-9b91b417b5e33527} -
WinZip - {E0D79304-84BE-11CE-9641-444553540000} - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
WinZip - {E0D79305-84BE-11CE-9641-444553540000} - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
WinZip - {E0D79306-84BE-11CE-9641-444553540000} - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
WinZip - {E0D79307-84BE-11CE-9641-444553540000} - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

--------------------

Registry 'Run' keys:

[User Run]
Communicator = "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
HijackThis startup scan = C:\Documents and Settings\pgratzinger\My Documents\Downloads\sysinternals\HijackThis.exe /startupscan
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
Spyware Doctor = "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

[System Run]
Apoint = "C:\Program Files\Apoint\Apoint.exe"
ATIPTA = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
BluetoothAuthenticationAgent = "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
DAEMON Tools-1033 = "C:\Program Files\D-Tools\daemon.exe" -lang 1033
dla = C:\WINDOWS\system32\dla\tfswctrl.exe
DVDLauncher = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
DWPersistentQueuedReporting = "C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE" -a
IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\point32.exe"
IntelWireless = "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
ISUSPM Startup = "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
ISUSScheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MaxtorOneTouch = C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
MXOBG = C:\WINDOWS\MXOALDR.EXE
OfficeScanNT Monitor = "C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe" -HideWindow

--------------------

Protocols:

[Pluggable MIME filters (9)]
application/octet-stream = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = mscoree.dll
application/x-complus = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = mscoree.dll
application/x-msdownload = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = mscoree.dll
Class Install Handler = {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} = C:\WINDOWS\system32\urlmon.dll
deflate = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\system32\urlmon.dll
gzip = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\system32\urlmon.dll
lzdhtml = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml = {733AC4CB-F1A4-11d0-B951-00A0C90312E1} = C:\WINDOWS\system32\SHELL32.dll
text/xml = {807563E5-5146-11D5-A672-00B0D022E945} = C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL

[Protocol handlers (24)]
about = {3050F406-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\System32\mshtml.dll
cdl = {3dd53d40-7b8b-11D0-b013-00aa0059ce02} = C:\WINDOWS\system32\urlmon.dll
dvd = {12D51199-0DB5-46FE-A120-47A3D7D937CC} = C:\WINDOWS\system32\msvidctl.dll
file = {79eac9e7-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
ftp = {79eac9e3-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
gopher = {79eac9e4-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
http = {79eac9e2-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
https = {79eac9e5-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
its = {9D148291-B9C8-11D0-A4CC-0000F80149F6} = C:\WINDOWS\System32\itss.dll
javascript = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\System32\mshtml.dll
lid = {5C135180-9973-46D9-ABF4-148267CBB8BF} = C:\WINDOWS\System32\msvidctl.dll
local = {79eac9e7-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
mailto = {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\System32\mshtml.dll
mhtml = {05300401-BCBC-11d0-85E3-00C04FD85AB4} = C:\WINDOWS\System32\inetcomm.dll
mk = {79eac9e6-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
ms-help = {314111c7-a502-11d2-bbca-00c04f8ec294} = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its = {9D148291-B9C8-11D0-A4CC-0000F80149F6} = C:\WINDOWS\System32\itss.dll
ms-itss = {0A9007C0-4076-11D3-8789-0000F8105754} = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap11 = {32505114-5902-49B2-880A-1F7738E5A384} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
res = {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\System32\mshtml.dll
sysimage = {76E67A63-06E9-11D2-A840-006008059382} = C:\WINDOWS\System32\mshtml.dll
tv = {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} = C:\WINDOWS\system32\msvidctl.dll
vbscript = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\System32\mshtml.dll
wia = {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} = C:\WINDOWS\System32\wiascr.dll

--------------------

WOW compatibility:

cmdline = C:\WINDOWS\system32\ntvdm.exe
wowcmdline = C:\WINDOWS\system32\ntvdm.exe -a C:\WINDOWS\system32\krnl386

[KnownDlls (16-bit) (40)]
avicap.dll
avifile.dll
comm.drv
commdlg.dll
compobj.dll
ctl3dv2.dll
ddeml.dll
keyboard.drv
lanman.drv
mapi.dll
mciavi.drv
mciseq.drv
mciwave.drv
mmsystem.dll
mouse.drv
msacm.dll
msvideo.dll
netapi.dll
ole2.dll
ole2disp.dll
ole2nls.dll
olecli.dll
olesvr.dll
pmspl.dll
progman.exe
rasapi16.dll
shell.dll
sound.drv
storage.dll
system.drv
timer.drv
toolhelp.dll
typelib.dll
vga.drv
wfwnet.drv
win87em.dll
winoldap.mod
winsock.dll
winspool.exe
wowdeb.exe

[KnownDlls (32-bit) (20)]
advapi32.dll
comdlg32.dll
gdi32.dll
imagehlp.dll
kernel32.dll
lz32.dll
ole32.dll
oleaut32.dll
olecli32.dll
olecnv32.dll
olesvr32.dll
olethk32.dll
rpcrt4.dll
shell32.dll
url.dll
urlmon.dll
user32.dll
version.dll
wininet.dll
wldap32.dll

--------------------

ShellServiceObjectDelayLoad:

[All users (4)]
CDBurn = {fbeb8a05-beee-4442-804e-409d6c4515e9} = C:\WINDOWS\system32\SHELL32.dll
PostBootReminder = {7849596a-48ea-486e-8937-a2a3009f31a9} = C:\WINDOWS\system32\SHELL32.dll
SysTray = {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\System32\webcheck.dll

--------------------

Winsock LSP:

[Protocols (25)]
MSAFD Tcpip [TCP/IP] - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD Tcpip [UDP/IP] - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
RSVP UDP Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\WINDOWS\system32\rsvpsp.dll
RSVP TCP Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\WINDOWS\system32\rsvpsp.dll
MSAFD RfComm [Bluetooth] - {9FC48064-7298-43E4-B7BD-181F2089792A} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{16563B7C-7144-40C0-B419-CE910BB05217}] SEQPACKET 9 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{16563B7C-7144-40C0-B419-CE910BB05217}] DATAGRAM 9 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS&
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP