Yeah I still get a little lag but not as much as before. For the realtime protection was for the ewido program, do i turn it on?
Here are those logs:
"Silent Runners.vbs", revision 40.1,
http://www.silentrunners.org/Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTSysVol" = "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r" ["Creative Technology Ltd"]
"POINTER" = "point32.exe" [MS]
"ATIPTA" = "C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" ["ATI Technologies, Inc."]
"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime" [null data]
"SpySweeper" = ""C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray" ["Webroot Software, Inc."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\victor ceniceros\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\LOGON.SCR" [MS]
Startup items in "victor ceniceros" & "All Users" startup folders:
------------------------------------------------------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"ATI CATALYST System Tray" -> shortcut to: "C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe SystemTray" [null data]
"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = "Adobe PDF" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "blank" [file not found]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = "Adobe PDF" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "blank" [file not found]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\ = "Adobe PDF" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "blank" [file not found]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]
{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.EXE" ["Creative Technology Ltd"]
EPSON Printer Status Agent2, EPSONStatusAgent2, "C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe" ["SEIKO EPSON CORPORATION"]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
IAA Event Monitor, IAANTMon, "C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe" ["Intel Corporation"]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
Webroot Spy Sweeper Engine, svcWRSSSDK, "C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe" ["Webroot Software, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 35 seconds, including 11 seconds for message boxes)
Here is the other one:
StartDreck (build 2.1.7 public stable) - 2005-10-03 @ 15:40:04 (GMT -07:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as victor ceniceros at VMI270311
»Registry
»Run Keys
»Current User
»Run
»RunOnce
»Default User
»Run
*AVG7_Run=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
»RunOnce
»Local Machine
»Run
*CTSysVol=C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
*POINTER=point32.exe
*ATIPTA=C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
*ATICCC="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
*SpySweeper="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
*AVG7_CC=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\system32\mshta.exe "%1" %*
+.htm
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.html
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278}
*StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
+Fax/{8b15971b-5355-4c82-8c07-7e181ea07608}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
»Browser Helper Objects (LM)
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=C:\PROGRA~1\SPYBOT~1\SDHelper.dll
»Internet Explorer
»Current User
*Local Page=C:\WINDOWS\system32\blank.htm
*Search Bar=
*Search Page=http://ie.search.msn.com
*Start Page=http://www.yahoo.com/
+SearchUrl
*provider=yaho
»Default User
*Default_Page_URL=http://www.dell4me.com/myway
*First Home Page=http://www.dell4me.com/myway
*Start Page=http://www.dell4me.com/myway
»Local Machine
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=%SystemRoot%\system32\blank.htm
*Search Bar=
*Search Page=http://ie.search.msn.com
*Start Page=http://www.yahoo.com
*CustomizeSearch=http://ie.search.msn.com
*SearchAssistant=http://ie.search.msn.com
»ShellServiceObjectDelayLoad (LM)
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\system32\webcheck.dll
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINDOWS\system32\stobject.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=userinit.exe
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\victor ceniceros\Start Menu\Programs\Startup\DESKTOP.INI
»Default User
»Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`timeout=30
`default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
*C:\msdos.sys
*C:\config.sys
*C:\WINDOWS\system32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
*C:\WINDOWS\wininit.ini
`[Rename]
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`C:\WINDOWS\system32\dsktrf.dll=C:\DOCUME~1\VICTOR~1\LOCALS~1\Temp\WIN3F.tmp
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
*C:\WINDOWS\system32\drivers\etc\hosts
`127.0.0.1 localhost
»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\system32\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\WINDOWS\system32\CHCP.COM
*C:\WINDOWS\SYSTEM32\CHCP.COM
+C:\WINDOWS\system32\COMMAND.COM
*C:\WINDOWS\SYSTEM32\COMMAND.COM
+C:\WINDOWS\system32\DISKCOMP.COM
*C:\WINDOWS\SYSTEM32\DISKCOMP.COM
+C:\WINDOWS\system32\DISKCOPY.COM
*C:\WINDOWS\SYSTEM32\DISKCOPY.COM
+C:\WINDOWS\system32\EDIT.COM
*C:\WINDOWS\SYSTEM32\EDIT.COM
+C:\WINDOWS\system32\FORMAT.COM
*C:\WINDOWS\SYSTEM32\FORMAT.COM
+C:\WINDOWS\system32\GRAFTABL.COM
*C:\WINDOWS\SYSTEM32\GRAFTABL.COM
+C:\WINDOWS\system32\GRAPHICS.COM
*C:\WINDOWS\SYSTEM32\GRAPHICS.COM
+C:\WINDOWS\system32\KB16.COM
*C:\WINDOWS\SYSTEM32\KB16.COM
+C:\WINDOWS\system32\LOADFIX.COM
*C:\WINDOWS\SYSTEM32\LOADFIX.COM
+C:\WINDOWS\system32\MODE.COM
*C:\WINDOWS\SYSTEM32\MODE.COM
+C:\WINDOWS\system32\MORE.COM
*C:\WINDOWS\SYSTEM32\MORE.COM
+C:\WINDOWS\system32\TREE.COM
*C:\WINDOWS\SYSTEM32\TREE.COM
+C:\WINDOWS\system32\WIN.COM
*C:\WINDOWS\SYSTEM32\WIN.COM
+C:\WINDOWS\system32\ACCWIZ.EXE
*C:\WINDOWS\SYSTEM32\ACCWIZ.EXE
+C:\WINDOWS\system32\ACTMOVIE.EXE
*C:\WINDOWS\SYSTEM32\ACTMOVIE.EXE
+C:\WINDOWS\system32\AHUI.EXE
*C:\WINDOWS\SYSTEM32\AHUI.EXE
+C:\WINDOWS\system32\ALG.EXE
*C:\WINDOWS\SYSTEM32\ALG.EXE
+C:\WINDOWS\system32\APPEND.EXE
*C:\WINDOWS\SYSTEM32\APPEND.EXE
+C:\WINDOWS\system32\ARP.EXE
*C:\WINDOWS\SYSTEM32\ARP.EXE
+C:\WINDOWS\system32\asuninst.exe
*C:\WINDOWS\SYSTEM32\asuninst.exe
+C:\WINDOWS\system32\aswBoot.exe
*C:\WINDOWS\SYSTEM32\aswBoot.exe
+C:\WINDOWS\system32\AT.EXE
*C:\WINDOWS\SYSTEM32\AT.EXE
+C:\WINDOWS\system32\ati2evxx.exe
*C:\WINDOWS\SYSTEM32\ati2evxx.exe
+C:\WINDOWS\system32\Ati2mdxx.exe
*C:\WINDOWS\SYSTEM32\Ati2mdxx.exe
+C:\WINDOWS\system32\ati2sgag.exe
*C:\WINDOWS\SYSTEM32\ati2sgag.exe
+C:\WINDOWS\system32\ATMADM.EXE
*C:\WINDOWS\SYSTEM32\ATMADM.EXE
+C:\WINDOWS\system32\ATTRIB.EXE
*C:\WINDOWS\SYSTEM32\ATTRIB.EXE
+C:\WINDOWS\system32\AUDITUSR.EXE
*C:\WINDOWS\SYSTEM32\AUDITUSR.EXE
+C:\WINDOWS\system32\AUTOCHK.EXE
*C:\WINDOWS\SYSTEM32\AUTOCHK.EXE
+C:\WINDOWS\system32\AUTOCONV.EXE
*C:\WINDOWS\SYSTEM32\AUTOCONV.EXE
+C:\WINDOWS\system32\AUTOFMT.EXE
*C:\WINDOWS\SYSTEM32\AUTOFMT.EXE
+C:\WINDOWS\system32\AUTOLFN.EXE
*C:\WINDOWS\SYSTEM32\AUTOLFN.EXE
+C:\WINDOWS\system32\BLASTCLN.EXE
*C:\WINDOWS\SYSTEM32\BLASTCLN.EXE
+C:\WINDOWS\system32\BOOTOK.EXE
*C:\WINDOWS\SYSTEM32\BOOTOK.EXE
+C:\WINDOWS\system32\BOOTVRFY.EXE
*C:\WINDOWS\SYSTEM32\BOOTVRFY.EXE
+C:\WINDOWS\system32\CACLS.EXE
*C:\WINDOWS\SYSTEM32\CACLS.EXE
+C:\WINDOWS\system32\CALC.EXE
*C:\WINDOWS\SYSTEM32\CALC.EXE
+C:\WINDOWS\system32\CHARMAP.EXE
*C:\WINDOWS\SYSTEM32\CHARMAP.EXE
+C:\WINDOWS\system32\CHKDSK.EXE
*C:\WINDOWS\SYSTEM32\CHKDSK.EXE
+C:\WINDOWS\system32\CHKNTFS.EXE
*C:\WINDOWS\SYSTEM32\CHKNTFS.EXE
+C:\WINDOWS\system32\CIDAEMON.EXE
*C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
+C:\WINDOWS\system32\CISVC.EXE
*C:\WINDOWS\SYSTEM32\CISVC.EXE
+C:\WINDOWS\system32\CKCNV.EXE
*C:\WINDOWS\SYSTEM32\CKCNV.EXE
+C:\WINDOWS\system32\CLEANMGR.EXE
*C:\WINDOWS\SYSTEM32\CLEANMGR.EXE
+C:\WINDOWS\system32\CLICONFG.EXE
*C:\WINDOWS\SYSTEM32\CLICONFG.EXE
+C:\WINDOWS\system32\CLIPBRD.EXE
*C:\WINDOWS\SYSTEM32\CLIPBRD.EXE
+C:\WINDOWS\system32\CLIPSRV.EXE
*C:\WINDOWS\SYSTEM32\CLIPSRV.EXE
+C:\WINDOWS\system32\CMD.EXE
*C:\WINDOWS\SYSTEM32\CMD.EXE
+C:\WINDOWS\system32\CMDL32.EXE
*C:\WINDOWS\SYSTEM32\CMDL32.EXE
+C:\WINDOWS\system32\CMMON32.EXE
*C:\WINDOWS\SYSTEM32\CMMON32.EXE
+C:\WINDOWS\system32\CMSTP.EXE
*C:\WINDOWS\SYSTEM32\CMSTP.EXE
+C:\WINDOWS\system32\COMP.EXE
*C:\WINDOWS\SYSTEM32\COMP.EXE
+C:\WINDOWS\system32\COMPACT.EXE
*C:\WINDOWS\SYSTEM32\COMPACT.EXE
+C:\WINDOWS\system32\CONIME.EXE
*C:\WINDOWS\SYSTEM32\CONIME.EXE
+C:\WINDOWS\system32\CONTROL.EXE
*C:\WINDOWS\SYSTEM32\CONTROL.EXE
+C:\WINDOWS\system32\CONVERT.EXE
*C:\WINDOWS\SYSTEM32\CONVERT.EXE
+C:\WINDOWS\system32\CSCRIPT.EXE
*C:\WINDOWS\SYSTEM32\CSCRIPT.EXE
+C:\WINDOWS\system32\CSRSS.EXE
*C:\WINDOWS\SYSTEM32\CSRSS.EXE
+C:\WINDOWS\system32\CTFMON.EXE
*C:\WINDOWS\SYSTEM32\CTFMON.EXE
+C:\WINDOWS\system32\CTHELPER.EXE
*C:\WINDOWS\SYSTEM32\CTHELPER.EXE
+C:\WINDOWS\system32\CTSVCCDA.EXE
*C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
+C:\WINDOWS\system32\CTSVCCTL.EXE
*C:\WINDOWS\SYSTEM32\CTSVCCTL.EXE
+C:\WINDOWS\system32\DCOMCNFG.EXE
*C:\WINDOWS\SYSTEM32\DCOMCNFG.EXE
+C:\WINDOWS\system32\DDESHARE.EXE
*C:\WINDOWS\SYSTEM32\DDESHARE.EXE
+C:\WINDOWS\system32\DEBUG.EXE
*C:\WINDOWS\SYSTEM32\DEBUG.EXE
+C:\WINDOWS\system32\DEFRAG.EXE
*C:\WINDOWS\SYSTEM32\DEFRAG.EXE
+C:\WINDOWS\system32\DFRGFAT.EXE
*C:\WINDOWS\SYSTEM32\DFRGFAT.EXE
+C:\WINDOWS\system32\DFRGNTFS.EXE
*C:\WINDOWS\SYSTEM32\DFRGNTFS.EXE
+C:\WINDOWS\system32\DIANTZ.EXE
*C:\WINDOWS\SYSTEM32\DIANTZ.EXE
+C:\WINDOWS\system32\DISKPART.EXE
*C:\WINDOWS\SYSTEM32\DISKPART.EXE
+C:\WINDOWS\system32\DISKPERF.EXE
*C:\WINDOWS\SYSTEM32\DISKPERF.EXE
+C:\WINDOWS\system32\DLLHOST.EXE
*C:\WINDOWS\SYSTEM32\DLLHOST.EXE
+C:\WINDOWS\system32\DLLHST3G.EXE
*C:\WINDOWS\SYSTEM32\DLLHST3G.EXE
+C:\WINDOWS\system32\DMADMIN.EXE
*C:\WINDOWS\SYSTEM32\DMADMIN.EXE
+C:\WINDOWS\system32\DMREMOTE.EXE
*C:\WINDOWS\SYSTEM32\DMREMOTE.EXE
+C:\WINDOWS\system32\DOSKEY.EXE
*C:\WINDOWS\SYSTEM32\DOSKEY.EXE
+C:\WINDOWS\system32\DOSX.EXE
*C:\WINDOWS\SYSTEM32\DOSX.EXE
+C:\WINDOWS\system32\DPLAYSVR.EXE
*C:\WINDOWS\SYSTEM32\DPLAYSVR.EXE
+C:\WINDOWS\system32\DPNSVR.EXE
*C:\WINDOWS\SYSTEM32\DPNSVR.EXE
+C:\WINDOWS\system32\DPVSETUP.EXE
*C:\WINDOWS\SYSTEM32\DPVSETUP.EXE
+C:\WINDOWS\system32\DRWATSON.EXE
*C:\WINDOWS\SYSTEM32\DRWATSON.EXE
+C:\WINDOWS\system32\DRWTSN32.EXE
*C:\WINDOWS\SYSTEM32\DRWTSN32.EXE
+C:\WINDOWS\system32\DUMPREP.EXE
*C:\WINDOWS\SYSTEM32\DUMPREP.EXE
+C:\WINDOWS\system32\DVDPLAY.EXE
*C:\WINDOWS\SYSTEM32\DVDPLAY.EXE
+C:\WINDOWS\system32\DVDUPGRD.EXE
*C:\WINDOWS\SYSTEM32\DVDUPGRD.EXE
+C:\WINDOWS\system32\DWWIN.EXE
*C:\WINDOWS\SYSTEM32\DWWIN.EXE
+C:\WINDOWS\system32\DXDIAG.EXE
*C:\WINDOWS\SYSTEM32\DXDIAG.EXE
+C:\WINDOWS\system32\EAL.EXE
*C:\WINDOWS\SYSTEM32\EAL.EXE
+C:\WINDOWS\system32\EDLIN.EXE
*C:\WINDOWS\SYSTEM32\EDLIN.EXE
+C:\WINDOWS\system32\ESENTUTL.EXE
*C:\WINDOWS\SYSTEM32\ESENTUTL.EXE
+C:\WINDOWS\system32\EUDCEDIT.EXE
*C:\WINDOWS\SYSTEM32\EUDCEDIT.EXE
+C:\WINDOWS\system32\EVENTVWR.EXE
*C:\WINDOWS\SYSTEM32\EVENTVWR.EXE
+C:\WINDOWS\system32\EXE2BIN.EXE
*C:\WINDOWS\SYSTEM32\EXE2BIN.EXE
+C:\WINDOWS\system32\EXPAND.EXE
*C:\WINDOWS\SYSTEM32\EXPAND.EXE
+C:\WINDOWS\system32\EXTRAC32.EXE
*C:\WINDOWS\SYSTEM32\EXTRAC32.EXE
+C:\WINDOWS\system32\FASTOPEN.EXE
*C:\WINDOWS\SYSTEM32\FASTOPEN.EXE
+C:\WINDOWS\system32\FC.EXE
*C:\WINDOWS\SYSTEM32\FC.EXE
+C:\WINDOWS\system32\FIND.EXE
*C:\WINDOWS\SYSTEM32\FIND.EXE
+C:\WINDOWS\system32\FINDSTR.EXE
*C:\WINDOWS\SYSTEM32\FINDSTR.EXE
+C:\WINDOWS\system32\FINGER.EXE
*C:\WINDOWS\SYSTEM32\FINGER.EXE
+C:\WINDOWS\system32\FIXMAPI.EXE
*C:\WINDOWS\SYSTEM32\FIXMAPI.EXE
+C:\WINDOWS\system32\fltMc.exe
*C:\WINDOWS\SYSTEM32\fltMc.exe
+C:\WINDOWS\system32\FONTVIEW.EXE
*C:\WINDOWS\SYSTEM32\FONTVIEW.EXE
+C:\WINDOWS\system32\FORCEDOS.EXE
*C:\WINDOWS\SYSTEM32\FORCEDOS.EXE
+C:\WINDOWS\system32\FREECELL.EXE
*C:\WINDOWS\SYSTEM32\FREECELL.EXE
+C:\WINDOWS\system32\FSQUIRT.EXE
*C:\WINDOWS\SYSTEM32\FSQUIRT.EXE
+C:\WINDOWS\system32\FSUTIL.EXE
*C:\WINDOWS\SYSTEM32\FSUTIL.EXE
+C:\WINDOWS\system32\FTP.EXE
*C:\WINDOWS\SYSTEM32\FTP.EXE
+C:\WINDOWS\system32\FXSCLNT.EXE
*C:\WINDOWS\SYSTEM32\FXSCLNT.EXE
+C:\WINDOWS\system32\FXSCOVER.EXE
*C:\WINDOWS\SYSTEM32\FXSCOVER.EXE
+C:\WINDOWS\system32\FXSSEND.EXE
*C:\WINDOWS\SYSTEM32\FXSSEND.EXE
+C:\WINDOWS\system32\FXSSVC.EXE
*C:\WINDOWS\SYSTEM32\FXSSVC.EXE
+C:\WINDOWS\system32\GDI.EXE
*C:\WINDOWS\SYSTEM32\GDI.EXE
+C:\WINDOWS\system32\GRPCONV.EXE
*C:\WINDOWS\SYSTEM32\GRPCONV.EXE
+C:\WINDOWS\system32\HELP.EXE
*C:\WINDOWS\SYSTEM32\HELP.EXE
+C:\WINDOWS\system32\HOSTNAME.EXE
*C:\WINDOWS\SYSTEM32\HOSTNAME.EXE
+C:\WINDOWS\system32\IE4UINIT.EXE
*C:\WINDOWS\SYSTEM32\IE4UINIT.EXE
+C:\WINDOWS\system32\IEXPRESS.EXE
*C:\WINDOWS\SYSTEM32\IEXPRESS.EXE
+C:\WINDOWS\system32\IMAPI.EXE
*C:\WINDOWS\SYSTEM32\IMAPI.EXE
+C:\WINDOWS\system32\IPCONFIG.EXE
*C:\WINDOWS\SYSTEM32\IPCONFIG.EXE
+C:\WINDOWS\system32\IPSEC6.EXE
*C:\WINDOWS\SYSTEM32\IPSEC6.EXE
+C:\WINDOWS\system32\IPV6.EXE
*C:\WINDOWS\SYSTEM32\IPV6.EXE
+C:\WINDOWS\system32\IPXROUTE.EXE
*C:\WINDOWS\SYSTEM32\IPXROUTE.EXE
+C:\WINDOWS\system32\java.exe
*C:\WINDOWS\SYSTEM32\java.exe
+C:\WINDOWS\system32\javaw.exe
*C:\WINDOWS\SYSTEM32\javaw.exe
+C:\WINDOWS\system32\javaws.exe
*C:\WINDOWS\SYSTEM32\javaws.exe
+C:\WINDOWS\system32\KILLAPPS.EXE
*C:\WINDOWS\SYSTEM32\KILLAPPS.EXE
+C:\WINDOWS\system32\KRNL386.EXE
*C:\WINDOWS\SYSTEM32\KRNL386.EXE
+C:\WINDOWS\system32\LABEL.EXE
*C:\WINDOWS\SYSTEM32\LABEL.EXE
+C:\WINDOWS\system32\LEXBCES.EXE
*C:\WINDOWS\SYSTEM32\LEXBCES.EXE
+C:\WINDOWS\system32\LEXPPS.EXE
*C:\WINDOWS\SYSTEM32\LEXPPS.EXE
+C:\WINDOWS\system32\LIGHTS.EXE
*C:\WINDOWS\SYSTEM32\LIGHTS.EXE
+C:\WINDOWS\system32\LNKSTUB.EXE
*C:\WINDOWS\SYSTEM32\LNKSTUB.EXE
+C:\WINDOWS\system32\LOCATOR.EXE
*C:\WINDOWS\SYSTEM32\LOCATOR.EXE
+C:\WINDOWS\system32\LODCTR.EXE
*C:\WINDOWS\SYSTEM32\LODCTR.EXE
+C:\WINDOWS\system32\logagent.exe
*C:\WINDOWS\SYSTEM32\logagent.exe
+C:\WINDOWS\system32\LOGMAN.EXE
*C:\WINDOWS\SYSTEM32\LOGMAN.EXE
+C:\WINDOWS\system32\LOGOFF.EXE
*C:\WINDOWS\SYSTEM32\LOGOFF.EXE
+C:\WINDOWS\system32\LOGONUI.EXE
*C:\WINDOWS\SYSTEM32\LOGONUI.EXE
+C:\WINDOWS\system32\LPQ.EXE
*C:\WINDOWS\SYSTEM32\LPQ.EXE
+C:\WINDOWS\system32\LPR.EXE
*C:\WINDOWS\SYSTEM32\LPR.EXE
+C:\WINDOWS\system32\LSASS.EXE
*C:\WINDOWS\SYSTEM32\LSASS.EXE
+C:\WINDOWS\system32\MAGNIFY.EXE
*C:\WINDOWS\SYSTEM32\MAGNIFY.EXE
+C:\WINDOWS\system32\MAKECAB.EXE
*C:\WINDOWS\SYSTEM32\MAKECAB.EXE
+C:\WINDOWS\system32\MEM.EXE
*C:\WINDOWS\SYSTEM32\MEM.EXE
+C:\WINDOWS\system32\MIGPWD.EXE
*C:\WINDOWS\SYSTEM32\MIGPWD.EXE
+C:\WINDOWS\system32\MMC.EXE
*C:\WINDOWS\SYSTEM32\MMC.EXE
+C:\WINDOWS\system32\MNMSRVC.EXE
*C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
+C:\WINDOWS\system32\MOBSYNC.EXE
*C:\WINDOWS\SYSTEM32\MOBSYNC.EXE
+C:\WINDOWS\system32\MOUNTVOL.EXE
*C:\WINDOWS\SYSTEM32\MOUNTVOL.EXE
+C:\WINDOWS\system32\MPLAY32.EXE
*C:\WINDOWS\SYSTEM32\MPLAY32.EXE
+C:\WINDOWS\system32\MPNOTIFY.EXE
*C:\WINDOWS\SYSTEM32\MPNOTIFY.EXE
+C:\WINDOWS\system32\MRINFO.EXE
*C:\WINDOWS\SYSTEM32\MRINFO.EXE
+C:\WINDOWS\system32\MRT.exe
*C:\WINDOWS\SYSTEM32\MRT.exe
+C:\WINDOWS\system32\MSCDEXNT.EXE
*C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
+C:\WINDOWS\system32\MSDTC.EXE
*C:\WINDOWS\SYSTEM32\MSDTC.EXE
+C:\WINDOWS\system32\MSG.EXE
*C:\WINDOWS\SYSTEM32\MSG.EXE
+C:\WINDOWS\system32\MSHEARTS.EXE
*C:\WINDOWS\SYSTEM32\MSHEARTS.EXE
+C:\WINDOWS\system32\MSHTA.EXE
*C:\WINDOWS\SYSTEM32\MSHTA.EXE
+C:\WINDOWS\system32\msiexec.exe
*C:\WINDOWS\SYSTEM32\msiexec.exe
+C:\WINDOWS\system32\MSPAINT.EXE
*C:\WINDOWS\SYSTEM32\MSPAINT.EXE
+C:\WINDOWS\system32\MSSWCHX.EXE
*C:\WINDOWS\SYSTEM32\MSSWCHX.EXE
+C:\WINDOWS\system32\MSTINIT.EXE
*C:\WINDOWS\SYSTEM32\MSTINIT.EXE
+C:\WINDOWS\system32\MSTSC.EXE
*C:\WINDOWS\SYSTEM32\MSTSC.EXE
+C:\WINDOWS\system32\NARRATOR.EXE
*C:\WINDOWS\SYSTEM32\NARRATOR.EXE
+C:\WINDOWS\system32\NBTSTAT.EXE
*C:\WINDOWS\SYSTEM32\NBTSTAT.EXE
+C:\WINDOWS\system32\NDDEAPIR.EXE
*C:\WINDOWS\SYSTEM32\NDDEAPIR.EXE
+C:\WINDOWS\system32\NET.EXE
*C:\WINDOWS\SYSTEM32\NET.EXE
+C:\WINDOWS\system32\NET1.EXE
*C:\WINDOWS\SYSTEM32\NET1.EXE
+C:\WINDOWS\system32\NETDDE.EXE
*C:\WINDOWS\SYSTEM32\NETDDE.EXE
+C:\WINDOWS\system32\NETSETUP.EXE
*C:\WINDOWS\SYSTEM32\NETSETUP.EXE
+C:\WINDOWS\system32\NETSH.EXE
*C:\WINDOWS\SYSTEM32\NETSH.EXE
+C:\WINDOWS\system32\NETSTAT.EXE
*C:\WINDOWS\SYSTEM32\NETSTAT.EXE
+C:\WINDOWS\system32\NLSFUNC.EXE
*C:\WINDOWS\SYSTEM32\NLSFUNC.EXE
+C:\WINDOWS\system32\NOTEPAD.EXE
*C:\WINDOWS\NOTEPAD.EXE
*C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
+C:\WINDOWS\system32\NSLOOKUP.EXE
*C:\WINDOWS\SYSTEM32\NSLOOKUP.EXE
+C:\WINDOWS\system32\ntkrnlpa.exe
*C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
+C:\WINDOWS\system32\ntoskrnl.exe
*C:\WINDOWS\SYSTEM32\ntoskrnl.exe
+C:\WINDOWS\system32\NTSD.EXE
*C:\WINDOWS\SYSTEM32\NTSD.EXE
+C:\WINDOWS\system32\NTVDM.EXE
*C:\WINDOWS\SYSTEM32\NTVDM.EXE
+C:\WINDOWS\system32\ODBCAD32.EXE
*C:\WINDOWS\SYSTEM32\ODBCAD32.EXE
+C:\WINDOWS\system32\ODBCCONF.EXE
*C:\WINDOWS\SYSTEM32\ODBCCONF.EXE
+C:\WINDOWS\system32\OSK.EXE
*C:\WINDOWS\SYSTEM32\OSK.EXE
+C:\WINDOWS\system32\OSUNINST.EXE
*C:\WINDOWS\SYSTEM32\OSUNINST.EXE
+C:\WINDOWS\system32\PACKAGER.EXE
*C:\WINDOWS\SYSTEM32\PACKAGER.EXE
+C:\WINDOWS\system32\PATHPING.EXE
*C:\WINDOWS\SYSTEM32\PATHPING.EXE
+C:\WINDOWS\system32\pcpbios.exe
*C:\WINDOWS\SYSTEM32\pcpbios.exe
+C:\WINDOWS\system32\PENTNT.EXE
*C:\WINDOWS\SYSTEM32\PENTNT.EXE
+C:\WINDOWS\system32\PERFMON.EXE
*C:\WINDOWS\SYSTEM32\PERFMON.EXE
+C:\WINDOWS\system32\PING.EXE
*C:\WINDOWS\SYSTEM32\PING.EXE
+C:\WINDOWS\system32\PING6.EXE
*C:\WINDOWS\SYSTEM32\PING6.EXE
+C:\WINDOWS\system32\POWERCFG.EXE
*C:\WINDOWS\SYSTEM32\POWERCFG.EXE
+C:\WINDOWS\system32\PRINT.EXE
*C:\WINDOWS\SYSTEM32\PRINT.EXE
+C:\WINDOWS\system32\PROGMAN.EXE
*C:\WINDOWS\SYSTEM32\PROGMAN.EXE
+C:\WINDOWS\system32\PROQUOTA.EXE
*C:\WINDOWS\SYSTEM32\PROQUOTA.EXE
+C:\WINDOWS\system32\PROXYCFG.EXE
*C:\WINDOWS\SYSTEM32\PROXYCFG.EXE
+C:\WINDOWS\system32\QAPPSRV.EXE
*C:\WINDOWS\SYSTEM32\QAPPSRV.EXE
+C:\WINDOWS\system32\QPROCESS.EXE
*C:\WINDOWS\SYSTEM32\QPROCESS.EXE
+C:\WINDOWS\system32\QWINSTA.EXE
*C:\WINDOWS\SYSTEM32\QWINSTA.EXE
+C:\WINDOWS\system32\RASAUTOU.EXE
*C:\WINDOWS\SYSTEM32\RASAUTOU.EXE
+C:\WINDOWS\system32\RASDIAL.EXE
*C:\WINDOWS\SYSTEM32\RASDIAL.EXE
+C:\WINDOWS\system32\RASPHONE.EXE
*C:\WINDOWS\SYSTEM32\RASPHONE.EXE
+C:\WINDOWS\system32\RCIMLBY.EXE
*C:\WINDOWS\SYSTEM32\RCIMLBY.EXE
+C:\WINDOWS\system32\RCP.EXE
*C:\WINDOWS\SYSTEM32\RCP.EXE
+C:\WINDOWS\system32\RDPCLIP.EXE
*C:\WINDOWS\SYSTEM32\RDPCLIP.EXE
+C:\WINDOWS\system32\RDSADDIN.EXE
*C:\WINDOWS\SYSTEM32\RDSADDIN.EXE
+C:\WINDOWS\system32\RDSHOST.EXE
*C:\WINDOWS\SYSTEM32\RDSHOST.EXE
+C:\WINDOWS\system32\RECOVER.EXE
*C:\WINDOWS\SYSTEM32\RECOVER.EXE
+C:\WINDOWS\system32\REDIR.EXE
*C:\WINDOWS\SYSTEM32\REDIR.EXE
+C:\WINDOWS\system32\REG.EXE
*C:\WINDOWS\SYSTEM32\REG.EXE
+C:\WINDOWS\system32\REGEDT32.EXE
*C:\WINDOWS\SYSTEM32\REGEDT32.EXE
+C:\WINDOWS\system32\REGINI.EXE
*C:\WINDOWS\SYSTEM32\REGINI.EXE
+C:\WINDOWS\system32\REGPLIB.EXE
*C:\WINDOWS\SYSTEM32\REGPLIB.EXE
+C:\WINDOWS\system32\REGSVR32.EXE
*C:\WINDOWS\SYSTEM32\REGSVR32.EXE
+C:\WINDOWS\system32\REGWIZ.EXE
*C:\WINDOWS\SYSTEM32\REGWIZ.EXE
+C:\WINDOWS\system32\REPLACE.EXE
*C:\WINDOWS\SYSTEM32\REPLACE.EXE
+C:\WINDOWS\system32\RESET.EXE
*C:\WINDOWS\SYSTEM32\RESET.EXE
+C:\WINDOWS\system32\REXEC.EXE
*C:\WINDOWS\SYSTEM32\REXEC.EXE
+C:\WINDOWS\system32\ROUTE.EXE
*C:\WINDOWS\SYSTEM32\ROUTE.EXE
+C:\WINDOWS\system32\ROUTEMON.EXE
*C:\WINDOWS\SYSTEM32\ROUTEMON.EXE
+C:\WINDOWS\system32\RSH.EXE
*C:\WINDOWS\SYSTEM32\RSH.EXE
+C:\WINDOWS\system32\RSM.EXE
*C:\WINDOWS\SYSTEM32\RSM.EXE
+C:\WINDOWS\system32\RSMSINK.EXE
*C:\WINDOWS\SYSTEM32\RSMSINK.EXE
+C:\WINDOWS\system32\RSMUI.EXE
*C:\WINDOWS\SYSTEM32\RSMUI.EXE
+C:\WINDOWS\system32\RSVP.EXE
*C:\WINDOWS\SYSTEM32\RSVP.EXE
+C:\WINDOWS\system32\RTCSHARE.EXE
*C:\WINDOWS\SYSTEM32\RTCSHARE.EXE
+C:\WINDOWS\system32\RUNAS.EXE
*C:\WINDOWS\SYSTEM32\RUNAS.EXE
+C:\WINDOWS\system32\RUNDLL32.EXE
*C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
+C:\WINDOWS\system32\RUNONCE.EXE
*C:\WINDOWS\SYSTEM32\RUNONCE.EXE
+C:\WINDOWS\system32\RWINSTA.EXE
*C:\WINDOWS\SYSTEM32\RWINSTA.EXE
+C:\WINDOWS\system32\SAVEDUMP.EXE
*C:\WINDOWS\SYSTEM32\SAVEDUMP.EXE
+C:\WINDOWS\system32\SC.EXE
*C:\WINDOWS\SYSTEM32\SC.EXE
+C:\WINDOWS\system32\SCARDSVR.EXE
*C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
+C:\WINDOWS\system32\SDBINST.EXE
*C:\WINDOWS\SYSTEM32\SDBINST.EXE
+C:\WINDOWS\system32\SERVICES.EXE
*C:\WINDOWS\SYSTEM32\SERVICES.EXE
+C:\WINDOWS\system32\SESSMGR.EXE
*C:\WINDOWS\SYSTEM32\SESSMGR.EXE
+C:\WINDOWS\system32\SETHC.EXE
*C:\WINDOWS\SYSTEM32\SETHC.EXE
+C:\WINDOWS\system32\SETUP.EXE
*C:\WINDOWS\SYSTEM32\SETUP.EXE
+C:\WINDOWS\system32\SETVER.EXE
*C:\WINDOWS\SYSTEM32\SETVER.EXE
+C:\WINDOWS\system32\SFC.EXE
*C:\WINDOWS\SYSTEM32\SFC.EXE
+C:\WINDOWS\system32\SHADOW.EXE
*C:\WINDOWS\SYSTEM32\SHADOW.EXE
+C:\WINDOWS\system32\SHARE.EXE
*C:\WINDOWS\SYSTEM32\SHARE.EXE
+C:\WINDOWS\system32\SHMGRATE.EXE
*C:\WINDOWS\SYSTEM32\SHMGRATE.EXE
+C:\WINDOWS\system32\SHRPUBW.EXE
*C:\WINDOWS\SYSTEM32\SHRPUBW.EXE
+C:\WINDOWS\system32\SHUTDOWN.EXE
*C:\WINDOWS\SYSTEM32\SHUTDOWN.EXE
+C:\WINDOWS\system32\SIGVERIF.EXE
*C:\WINDOWS\SYSTEM32\SIGVERIF.EXE
+C:\WINDOWS\system32\SKEYS.EXE
*C:\WINDOWS\SYSTEM32\SKEYS.EXE
+C:\WINDOWS\system32\SMBINST.EXE
*C:\WINDOWS\SYSTEM32\SMBINST.EXE
+C:\WINDOWS\system32\SMLOGSVC.EXE
*C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
+C:\WINDOWS\system32\SMSS.EXE
*C:\WINDOWS\SYSTEM32\SMSS.EXE
+C:\WINDOWS\system32\SNDREC32.EXE
*C:\WINDOWS\SYSTEM32\SNDREC32.EXE
+C:\WINDOWS\system32\SNDVOL32.EXE
*C:\WINDOWS\SYSTEM32\SNDVOL32.EXE
+C:\WINDOWS\system32\SOL.EXE
*C:\WINDOWS\SYSTEM32\SOL.EXE
+C:\WINDOWS\system32\SORT.EXE
*C:\WINDOWS\SYSTEM32\SORT.EXE
+C:\WINDOWS\system32\SPIDER.EXE
*C:\WINDOWS\SYSTEM32\SPIDER.EXE
+C:\WINDOWS\system32\SPNPINST.EXE
*C:\WINDOWS\SYSTEM32\SPNPINST.EXE
+C:\WINDOWS\system32\spoolsv.exe
*C:\WINDOWS\SYSTEM32\spoolsv.exe
+C:\WINDOWS\system32\SPRESTRT.EXE
*C:\WINDOWS\SYSTEM32\SPRESTRT.EXE
+C:\WINDOWS\system32\spupdsvc.exe
*C:\WINDOWS\SYSTEM32\spupdsvc.exe
+C:\WINDOWS\system32\STIMON.EXE
*C:\WINDOWS\SYSTEM32\STIMON.EXE
+C:\WINDOWS\system32\SUBST.EXE
*C:\WINDOWS\SYSTEM32\SUBST.EXE
+C:\WINDOWS\system32\SVCHOST.EXE
*C:\WINDOWS\SYSTEM32\SVCHOST.EXE
+C:\WINDOWS\system32\SYNCAPP.EXE
*C:\WINDOWS\SYSTEM32\SYNCAPP.EXE
+C:\WINDOWS\system32\SYSEDIT.EXE
*C:\WINDOWS\SYSTEM32\SYSEDIT.EXE
+C:\WINDOWS\system32\SYSKEY.EXE
*C:\WINDOWS\SYSTEM32\SYSKEY.EXE
+C:\WINDOWS\system32\SYSOCMGR.EXE
*C:\WINDOWS\SYSTEM32\SYSOCMGR.EXE
+C:\WINDOWS\system32\SYSTRAY.EXE
*C:\WINDOWS\SYSTEM32\SYSTRAY.EXE
+C:\WINDOWS\system32\TASKMAN.EXE
*C:\WINDOWS\TASKMAN.EXE
*C:\WINDOWS\SYSTEM32\TASKMAN.EXE
+C:\WINDOWS\system32\TASKMGR.EXE
*C:\WINDOWS\SYSTEM32\TASKMGR.EXE
+C:\WINDOWS\system32\TCMSETUP.EXE
*C:\WINDOWS\SYSTEM32\TCMSETUP.EXE
+C:\WINDOWS\system32\TCPSVCS.EXE
*C:\WINDOWS\SYSTEM32\TCPSVCS.EXE
+C:\WINDOWS\system32\telnet.exe
*C:\WINDOWS\SYSTEM32\telnet.exe
+C:\WINDOWS\system32\TFTP.EXE
*C:\WINDOWS\SYSTEM32\TFTP.EXE
+C:\WINDOWS\system32\tourstart.exe
*C:\WINDOWS\SYSTEM32\tourstart.exe
+C:\WINDOWS\system32\TRACERT.EXE
*C:\WINDOWS\SYSTEM32\TRACERT.EXE
+C:\WINDOWS\system32\TRACERT6.EXE
*C:\WINDOWS\SYSTEM32\TRACERT6.EXE
+C:\WINDOWS\system32\TSCON.EXE
*C:\WINDOWS\SYSTEM32\TSCON.EXE
+C:\WINDOWS\system32\TSCUPGRD.EXE
*C:\WINDOWS\SYSTEM32\TSCUPGRD.EXE
+C:\WINDOWS\system32\TSDISCON.EXE
*C:\WINDOWS\SYSTEM32\TSDISCON.EXE
+C:\WINDOWS\system32\TSKILL.EXE
*C:\WINDOWS\SYSTEM32\TSKILL.EXE
+C:\WINDOWS\system32\TSSHUTDN.EXE
*C:\WINDOWS\SYSTEM32\TSSHUTDN.EXE
+C:\WINDOWS\system32\UNLODCTR.EXE
*C:\WINDOWS\SYSTEM32\UNLODCTR.EXE
+C:\WINDOWS\system32\UPNPCONT.EXE
*C:\WINDOWS\SYSTEM32\UPNPCONT.EXE
+C:\WINDOWS\system32\UPS.EXE
*C:\WINDOWS\SYSTEM32\UPS.EXE
+C:\WINDOWS\system32\USER.EXE
*C:\WINDOWS\SYSTEM32\USER.EXE
+C:\WINDOWS\system32\USERINIT.EXE
*C:\WINDOWS\SYSTEM32\USERINIT.EXE
+C:\WINDOWS\system32\USRMLNKA.EXE
*C:\WINDOWS\SYSTEM32\USRMLNKA.EXE
+C:\WINDOWS\system32\USRPRBDA.EXE
*C:\WINDOWS\SYSTEM32\USRPRBDA.EXE
+C:\WINDOWS\system32\USRSHUTA.EXE
*C:\WINDOWS\SYSTEM32\USRSHUTA.EXE
+C:\WINDOWS\system32\UTILMAN.EXE
*C:\WINDOWS\SYSTEM32\UTILMAN.EXE
+C:\WINDOWS\system32\uwdf.exe
*C:\WINDOWS\SYSTEM32\uwdf.exe
+C:\WINDOWS\system32\VERIFIER.EXE
*C:\WINDOWS\SYSTEM32\VERIFIER.EXE
+C:\WINDOWS\system32\VSSADMIN.EXE
*C:\WINDOWS\SYSTEM32\VSSADMIN.EXE
+C:\WINDOWS\system32\VSSVC.EXE
*C:\WINDOWS\SYSTEM32\VSSVC.EXE
+C:\WINDOWS\system32\W32TM.EXE
*C:\WINDOWS\SYSTEM32\W32TM.EXE
+C:\WINDOWS\system32\wdfmgr.exe
*C:\WINDOWS\SYSTEM32\wdfmgr.exe
+C:\WINDOWS\system32\WEXTRACT.EXE
*C:\WINDOWS\SYSTEM32\WEXTRACT.EXE
+C:\WINDOWS\system32\WIAACMGR.EXE
*C:\WINDOWS\SYSTEM32\WIAACMGR.EXE
+C:\WINDOWS\system32\WINCHAT.EXE
*C:\WINDOWS\SYSTEM32\WINCHAT.EXE
+C:\WINDOWS\system32\WINHLP32.EXE
*C:\WINDOWS\WINHLP32.EXE
*C:\WINDOWS\SYSTEM32\WINHLP32.EXE
+C:\WINDOWS\system32\WINLOGON.EXE
*C:\WINDOWS\SYSTEM32\WINLOGON.EXE
+C:\WINDOWS\system32\WINMINE.EXE
*C:\WINDOWS\SYSTEM32\WINMINE.EXE
+C:\WINDOWS\system32\WINMSD.EXE
*C:\WINDOWS\SYSTEM32\WINMSD.EXE
+C:\WINDOWS\system32\WINSPOOL.EXE
*C:\WINDOWS\SYSTEM32\WINSPOOL.EXE
+C:\WINDOWS\system32\WINVER.EXE
*C:\WINDOWS\SYSTEM32\WINVER.EXE
+C:\WINDOWS\system32\WISPTIS.EXE
*C:\WINDOWS\SYSTEM32\WISPTIS.EXE
+C:\WINDOWS\system32\WOWDEB.EXE
*C:\WINDOWS\SYSTEM32\WOWDEB.EXE
+C:\WINDOWS\system32\WOWEXEC.EXE
*C:\WINDOWS\SYSTEM32\WOWEXEC.EXE
+C:\WINDOWS\system32\WPABALN.EXE
*C:\WINDOWS\SYSTEM32\WPABALN.EXE
+C:\WINDOWS\system32\WPNPINST.EXE
*C:\WINDOWS\SYSTEM32\WPNPINST.EXE
+C:\WINDOWS\system32\WRITE.EXE
*C:\WINDOWS\SYSTEM32\WRITE.EXE
+C:\WINDOWS\system32\WSCNTFY.EXE
*C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
+C:\WINDOWS\system32\WSCRIPT.EXE
*C:\WINDOWS\SYSTEM32\WSCRIPT.EXE
+C:\WINDOWS\system32\wuauclt.exe
*C:\WINDOWS\SYSTEM32\wuauclt.exe
+C:\WINDOWS\system32\wuauclt1.exe
*C:\WINDOWS\SYSTEM32\wuauclt1.exe
+C:\WINDOWS\system32\WUPDMGR.EXE
*C:\WINDOWS\SYSTEM32\WUPDMGR.EXE
+C:\WINDOWS\system32\XCOPY.EXE
*C:\WINDOWS\SYSTEM32\XCOPY.EXE
+C:\WINDOWS\system32\USRLOGON.CMD
*C:\WINDOWS\SYSTEM32\USRLOGON.CMD
+C:\WINDOWS\system32\PUBPRN.VBS
*C:\WINDOWS\SYSTEM32\PUBPRN.VBS
»System/Drivers
»VMM32Files (LM)
»%System%\VMM32
»%System%\IOSUBSYS
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User