Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Not sure what this messahe means on strat-up?

Started by turnall , Dec 19 2013 11:19 AM

  • Please log in to reply

#1
turnall
Posted 19 December 2013 - 11:19 AM

turnall

    Member

  • Member
  • PipPip
  • 83 posts
Every time I start up my computer, I keep getting this pop-up window. I have no idea what this means or what I should do with it. Anyone know?

Posted Image
  • 0

Advertisements

#2
Ztruker
Posted 19 December 2013 - 01:13 PM

Ztruker

    Member 5k

  • Technician
  • 7,091 posts
Open Control Panel then Programs and Features. Locate Conduit and uninstall it. Conduit is foistware (garbage) that gets installed when you install a program you want. That should resolve the problem.
  • 0

#3
turnall
Posted 20 December 2013 - 11:11 AM

turnall

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Hhmmm... I don't se that program in the program list. I sorted by name to put them in alphabetical order and nothing in the C's by that name?
  • 0

#4
Ztruker
Posted 20 December 2013 - 04:22 PM

Ztruker

    Member 5k

  • Technician
  • 7,091 posts
See the 6th post in this thread by Robert Boyd: How to remove Search Cobnduit
  • 0

#5
turnall
Posted 21 December 2013 - 12:40 PM

turnall

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
OK so I used the adwcleaner- good thing Scotty was on patrol because it picked up on conduit trying to install something that would hide it from the search results! Anyway, it came up with a lot to remove, including probably a dozen or more things that had conduit in the name. But then after going through all of that, that same pop-up still comes up. It also somehow changed my internet homepage to google in the process, which I didn't understand, and messed up my wireless connection, but I got that fixed. But I guess I got a bunch fo the conduit stuff removed, but still get that pop-up? Any further ideas? If it's not causing any problems, I guess I can ignore it, but if it's reflective of something that needs to be addressed, I want to be sure I do so. Thanks so much!
  • 0

#6
Ztruker
Posted 21 December 2013 - 02:31 PM

Ztruker

    Member 5k

  • Technician
  • 7,091 posts
See if "search protect" is in Programs and Features. If so remove it.
  • 0

#7
Ztruker
Posted 21 December 2013 - 02:32 PM

Ztruker

    Member 5k

  • Technician
  • 7,091 posts
Let's see what starts when you boot your computer.

Download and run Startup List (does not need to be installed, just run it).
When done, click File then Save as and save Startuplist.txt to your Desktop or somewhere you can find it.
Start a reply here and paste the contents of Startuplist.txt into it.
  • 0

#8
turnall
Posted 22 December 2013 - 04:51 PM

turnall

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Didn't see "search protect". Here's the list from the startup program. I don't know if this has anything to do with it, but the last few days, I've also noticed that my IE seems to be going really slow, like I'll move from one tab to another tab and it takes forever before I can actually DO anything on that next page, it's like it's frozen for a short while...

StartupList report, 12/22/2013, 2:49:24 PM
StartupList version 2.02.0
Started from: C:\Users\angbo_000\AppData\Local\Temp\Temp1_startuplist.zip\StartupList.EXE
Detected: Windows Vista (WinNT 6.02.9200)
Logged on as 'angbo_000' to 'OFFICEPC'
* Using default options (see end of log for possible options)
==================================================

Running processes (13):

[c:\PROGRA~2\mcafee\SITEAD~1\saui.exe (33)]
c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll
C:\Program Files (x86)\BillP Studios\WinPatrol\PATROLPRO.DLL
C:\Windows\SYSTEM32\ADVAPI32.dll
C:\Windows\SYSTEM32\bcryptPrimitives.dll
C:\Windows\SYSTEM32\clbcatq.dll
C:\Windows\SYSTEM32\combase.dll
C:\Windows\SYSTEM32\CRYPT32.dll
C:\Windows\SYSTEM32\CRYPTBASE.dll
C:\Windows\SYSTEM32\CRYPTSP.dll
C:\Windows\SYSTEM32\GDI32.dll
C:\Windows\SYSTEM32\iertutil.dll
C:\Windows\system32\IMM32.DLL
C:\Windows\SYSTEM32\KERNEL32.DLL
C:\Windows\SYSTEM32\KERNELBASE.dll
C:\Windows\SYSTEM32\MSASN1.dll
C:\Windows\SYSTEM32\MSCTF.dll
C:\Windows\SYSTEM32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\SYSTEM32\ole32.dll
C:\Windows\SYSTEM32\OLEAUT32.dll
C:\Windows\SYSTEM32\profapi.dll
C:\Windows\SYSTEM32\RPCRT4.dll
C:\Windows\system32\rsaenh.dll
C:\Windows\SYSTEM32\sechost.dll
C:\Windows\SYSTEM32\SHCORE.dll
C:\Windows\SYSTEM32\SHELL32.dll
C:\Windows\SYSTEM32\SHLWAPI.dll
C:\Windows\SYSTEM32\SspiCli.dll
C:\Windows\SYSTEM32\sxs.dll
C:\Windows\SYSTEM32\urlmon.dll
C:\Windows\SYSTEM32\USER32.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\SYSTEM32\WININET.dll

[C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe (52)]
c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll
C:\Program Files (x86)\BillP Studios\WinPatrol\PATROLPRO.DLL
C:\Windows\SYSTEM32\ADVAPI32.dll
C:\Windows\SYSTEM32\bcryptPrimitives.dll
C:\Windows\SYSTEM32\CFGMGR32.dll
C:\Windows\SYSTEM32\clbcatq.dll
C:\Windows\SYSTEM32\combase.dll
C:\Windows\SYSTEM32\comdlg32.dll
C:\Windows\SYSTEM32\CRYPT32.dll
C:\Windows\SYSTEM32\CRYPTBASE.dll
C:\Windows\SYSTEM32\CRYPTSP.dll
C:\Windows\SYSTEM32\DEVOBJ.dll
C:\Windows\SYSTEM32\dwmapi.dll
C:\Windows\SYSTEM32\dxva2.dll
C:\Windows\SYSTEM32\GDI32.dll
C:\Windows\SYSTEM32\HID.DLL
C:\Windows\system32\IMM32.DLL
C:\Windows\SYSTEM32\KERNEL32.DLL
C:\Windows\SYSTEM32\KERNELBASE.dll
C:\Windows\SYSTEM32\MSASN1.dll
C:\Windows\SYSTEM32\MSCTF.dll
C:\Windows\SYSTEM32\msvcrt.dll
C:\Windows\SYSTEM32\NSI.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\SYSTEM32\ole32.dll
C:\Windows\SYSTEM32\OLEACC.dll
C:\Windows\SYSTEM32\OLEAUT32.dll
C:\Windows\SYSTEM32\oledlg.dll
C:\Windows\SYSTEM32\profapi.dll
C:\Windows\system32\propsys.dll
C:\Windows\SYSTEM32\PSAPI.DLL
C:\Windows\SYSTEM32\RPCRT4.dll
C:\Windows\system32\rsaenh.dll
C:\Windows\SYSTEM32\sechost.dll
C:\Windows\SYSTEM32\SETUPAPI.dll
C:\Windows\SYSTEM32\SHCORE.DLL
C:\Windows\SYSTEM32\SHELL32.dll
C:\Windows\SYSTEM32\SHLWAPI.dll
C:\Windows\SYSTEM32\SspiCli.dll
C:\Windows\SYSTEM32\USER32.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\system32\wbem\fastprox.dll
C:\Windows\system32\wbem\wbemprox.dll
C:\Windows\system32\wbem\wbemsvc.dll
C:\Windows\SYSTEM32\wbemcomn.dll
C:\Windows\SYSTEM32\WINMM.dll
C:\Windows\SYSTEM32\WINMMBASE.dll
C:\Windows\SYSTEM32\WINSPOOL.DRV
C:\Windows\SYSTEM32\WINTRUST.dll
C:\Windows\SYSTEM32\WS2_32.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5\COMCTL32.dll
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_ba1cf6b7e09f1918\gdiplus.dll

[C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (63)]
c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll
C:\Program Files (x86)\BillP Studios\WinPatrol\PATROLPRO.DLL
C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
C:\Windows\SYSTEM32\ADVAPI32.dll
C:\Windows\SYSTEM32\apphelp.dll
C:\Windows\SYSTEM32\AUDIOSES.DLL
C:\Windows\SYSTEM32\AVRT.dll
C:\Windows\SYSTEM32\bcryptPrimitives.dll
C:\Windows\SYSTEM32\cfgmgr32.dll
C:\Windows\SYSTEM32\clbcatq.dll
C:\Windows\SYSTEM32\combase.dll
C:\Windows\SYSTEM32\COMDLG32.dll
C:\Windows\SYSTEM32\CRYPTBASE.dll
C:\Windows\SYSTEM32\DEVOBJ.dll
C:\Windows\SYSTEM32\dhcpcsvc.DLL
C:\Windows\SYSTEM32\dhcpcsvc6.DLL
C:\Windows\SYSTEM32\DNSAPI.dll
C:\Windows\SYSTEM32\dwmapi.dll
C:\Windows\System32\fwpuclnt.dll
C:\Windows\SYSTEM32\GDI32.dll
C:\Windows\SYSTEM32\iertutil.dll
C:\Windows\system32\IMM32.DLL
C:\Windows\SYSTEM32\IPHLPAPI.DLL
C:\Windows\SYSTEM32\KERNEL32.DLL
C:\Windows\SYSTEM32\KERNELBASE.dll
C:\Windows\SYSTEM32\ksuser.dll
C:\Windows\SYSTEM32\LINKINFO.dll
C:\Windows\SYSTEM32\midimap.dll
C:\Windows\SYSTEM32\MMDevAPI.DLL
C:\Windows\SYSTEM32\MSACM32.dll
C:\Windows\SYSTEM32\msacm32.drv
C:\Windows\SYSTEM32\MSCTF.dll
C:\Windows\SYSTEM32\msvcrt.dll
C:\Windows\system32\mswsock.dll
C:\Windows\SYSTEM32\NSI.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\SYSTEM32\ntmarta.dll
C:\Windows\SYSTEM32\ole32.dll
C:\Windows\SYSTEM32\OLEAUT32.dll
C:\Windows\SYSTEM32\powrprof.dll
C:\Windows\SYSTEM32\profapi.dll
C:\Windows\SYSTEM32\PROPSYS.dll
C:\Windows\SYSTEM32\PSAPI.DLL
C:\Windows\System32\rasadhlp.dll
C:\Windows\SYSTEM32\RPCRT4.dll
C:\Windows\SYSTEM32\sechost.dll
C:\Windows\SYSTEM32\Secur32.dll
C:\Windows\SYSTEM32\SHCORE.DLL
C:\Windows\SYSTEM32\SHELL32.dll
C:\Windows\SYSTEM32\SHLWAPI.dll
C:\Windows\SYSTEM32\SspiCli.dll
C:\Windows\SYSTEM32\urlmon.dll
C:\Windows\SYSTEM32\USER32.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\SYSTEM32\VERSION.dll
C:\Windows\SYSTEM32\wdmaud.drv
C:\Windows\SYSTEM32\winhttp.dll
C:\Windows\SYSTEM32\WININET.dll
C:\Windows\SYSTEM32\WINMM.dll
C:\Windows\SYSTEM32\WINMMBASE.dll
C:\Windows\SYSTEM32\WINNSI.DLL
C:\Windows\SYSTEM32\WS2_32.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5\COMCTL32.dll

[C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (41)]
c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll
C:\Program Files (x86)\BillP Studios\WinPatrol\PATROLPRO.DLL
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\WPDDM.dll
C:\Windows\SYSTEM32\ADVAPI32.dll
C:\Windows\SYSTEM32\bcryptPrimitives.dll
C:\Windows\SYSTEM32\CFGMGR32.dll
C:\Windows\SYSTEM32\clbcatq.dll
C:\Windows\SYSTEM32\combase.dll
C:\Windows\SYSTEM32\CRYPT32.dll
C:\Windows\SYSTEM32\CRYPTBASE.dll
C:\Windows\SYSTEM32\DEVOBJ.dll
C:\Windows\SYSTEM32\dwmapi.dll
C:\Windows\SYSTEM32\GDI32.dll
C:\Windows\system32\IMM32.DLL
C:\Windows\SYSTEM32\KERNEL32.DLL
C:\Windows\SYSTEM32\KERNELBASE.dll
C:\Windows\SYSTEM32\MSASN1.dll
C:\Windows\SYSTEM32\MSCTF.dll
C:\Windows\SYSTEM32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\SYSTEM32\ole32.dll
C:\Windows\SYSTEM32\OLEAUT32.dll
C:\Windows\SYSTEM32\PortableDeviceApi.dll
C:\Windows\SYSTEM32\PortableDeviceTypes.dll
C:\Windows\SYSTEM32\PROPSYS.dll
C:\Windows\SYSTEM32\RPCRT4.dll
C:\Windows\SYSTEM32\sechost.dll
C:\Windows\SYSTEM32\SETUPAPI.dll
C:\Windows\SYSTEM32\SHCORE.dll
C:\Windows\SYSTEM32\SHELL32.dll
C:\Windows\SYSTEM32\SHLWAPI.dll
C:\Windows\SYSTEM32\SspiCli.dll
C:\Windows\SYSTEM32\USER32.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\SYSTEM32\WINTRUST.dll
C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6910_none_d089c358442de345\MSVCP80.dll
C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6910_none_d089c358442de345\MSVCR80.dll
C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5\COMCTL32.dll
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_ba1cf6b7e09f1918\gdiplus.dll

[C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (71)]
C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\FIOALL32.dll
C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\Ism.dll
C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SASM.dll
C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll
C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL
C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\Tcm.dll
c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll
C:\Program Files (x86)\BillP Studios\WinPatrol\PATROLPRO.DLL
C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
C:\Program Files (x86)\Epson Software\Event Manager\ESPSUTL.dll
C:\Windows\SYSTEM32\ADVAPI32.dll
C:\Windows\SYSTEM32\apphelp.dll
C:\Windows\SYSTEM32\bcryptPrimitives.dll
C:\Windows\SYSTEM32\cfgmgr32.dll
C:\Windows\SYSTEM32\clbcatq.dll
C:\Windows\SYSTEM32\combase.dll
C:\Windows\SYSTEM32\CRYPT32.dll
C:\Windows\SYSTEM32\CRYPTBASE.dll
C:\Windows\SYSTEM32\CRYPTSP.dll
C:\Windows\SYSTEM32\DEVOBJ.dll
C:\Windows\SYSTEM32\DNSAPI.dll
C:\Windows\System32\fwpuclnt.dll
C:\Windows\SYSTEM32\GDI32.dll
C:\Windows\system32\IMM32.DLL
C:\Windows\SYSTEM32\iphlpapi.dll
C:\Windows\SYSTEM32\KERNEL32.DLL
C:\Windows\SYSTEM32\KERNELBASE.dll
C:\Windows\SYSTEM32\MFC42.DLL
C:\Windows\SYSTEM32\MSASN1.dll
C:\Windows\SYSTEM32\mscms.dll
C:\Windows\SYSTEM32\MSCTF.dll
C:\Windows\SYSTEM32\MSVCRT.dll
C:\Windows\System32\mswsock.dll
C:\Windows\system32\napinsp.dll
C:\Windows\system32\NLAapi.dll
C:\Windows\SYSTEM32\NSI.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\SYSTEM32\ODBC32.dll
C:\Windows\SYSTEM32\ole32.dll
C:\Windows\SYSTEM32\OLEAUT32.dll
C:\Windows\system32\pnrpnsp.dll
C:\Windows\SYSTEM32\profapi.dll
C:\Windows\system32\propsys.dll
C:\Windows\System32\rasadhlp.dll
C:\Windows\SYSTEM32\RPCRT4.dll
C:\Windows\system32\rsaenh.dll
C:\Windows\SYSTEM32\sechost.dll
C:\Windows\SYSTEM32\SETUPAPI.dll
C:\Windows\SYSTEM32\SHCORE.dll
C:\Windows\SYSTEM32\SHELL32.dll
C:\Windows\SYSTEM32\SHFOLDER.dll
C:\Windows\SYSTEM32\SHLWAPI.dll
C:\Windows\SYSTEM32\SspiCli.dll
C:\Windows\SYSTEM32\sti.dll
C:\Windows\SYSTEM32\USER32.dll
C:\Windows\SYSTEM32\USERENV.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\SYSTEM32\VERSION.dll
C:\Windows\system32\wiadss.dll
C:\Windows\SYSTEM32\wiatrace.dll
C:\Windows\SYSTEM32\WINMM.dll
C:\Windows\SYSTEM32\WINMMBASE.dll
C:\Windows\SYSTEM32\WINNSI.DLL
C:\Windows\System32\winrnr.dll
C:\Windows\SYSTEM32\WINSTA.dll
C:\Windows\SYSTEM32\WINTRUST.dll
C:\Windows\SYSTEM32\WS2_32.dll
C:\Windows\system32\wshbth.dll
C:\Windows\SYSTEM32\wtsapi32.dll
C:\Windows\TWAIN_32.DLL
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5\comctl32.dll

[C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (118)]
c:\PROGRA~2\mcafee\SITEAD~1\mcbrwctl.dll
c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll
c:\PROGRA~2\mcafee\SITEAD~1\saPlugin.dll
C:\Program Files (x86)\BillP Studios\WinPatrol\PATROLPRO.DLL
C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll
C:\Program Files (x86)\Internet Explorer\ieproxy.dll
C:\Program Files (x86)\Internet Explorer\IEShims.dll
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
C:\Users\angbo_000\AppData\LocalLow\Connect_DLC_5\ldrtbConn.dll
C:\Windows\SYSTEM32\actxprxy.dll
C:\Windows\SYSTEM32\ADVAPI32.dll
C:\Windows\system32\apphelp.dll
C:\Windows\SYSTEM32\AUDIOSES.DLL
C:\Windows\SYSTEM32\bcrypt.dll
C:\Windows\SYSTEM32\bcryptPrimitives.dll
C:\Windows\SYSTEM32\cfgmgr32.dll
C:\Windows\SYSTEM32\clbcatq.dll
C:\Windows\SYSTEM32\combase.dll
C:\Windows\SYSTEM32\comdlg32.dll
C:\Windows\SYSTEM32\CRYPT32.dll
C:\Windows\SYSTEM32\CRYPTBASE.dll
C:\Windows\SYSTEM32\cryptnet.dll
C:\Windows\SYSTEM32\CRYPTSP.dll
C:\Windows\SYSTEM32\d2d1.dll
C:\Windows\SYSTEM32\D3D10Warp.dll
C:\Windows\SYSTEM32\d3d11.dll
C:\Windows\SYSTEM32\dcomp.dll
C:\Windows\SYSTEM32\DEVOBJ.dll
C:\Windows\SYSTEM32\DNSAPI.dll
C:\Windows\SYSTEM32\DPAPI.dll
C:\Windows\SYSTEM32\DSOUND.dll
C:\Windows\SYSTEM32\dwmapi.dll
C:\Windows\SYSTEM32\DWrite.dll
C:\Windows\SYSTEM32\dxgi.dll
C:\Windows\System32\fwpuclnt.dll
C:\Windows\SYSTEM32\GDI32.dll
C:\Windows\SYSTEM32\gpapi.dll
C:\Windows\SYSTEM32\icm32.dll
C:\Windows\SYSTEM32\ieapfltr.dll
C:\Windows\SYSTEM32\IEFRAME.dll
C:\Windows\SYSTEM32\iertutil.dll
C:\Windows\SYSTEM32\IEUI.dll
C:\Windows\SYSTEM32\igd10umd32.dll
C:\Windows\system32\IMM32.DLL
C:\Windows\SYSTEM32\IPHLPAPI.DLL
C:\Windows\SYSTEM32\jscript9.dll
C:\Windows\SYSTEM32\KERNEL32.DLL
C:\Windows\SYSTEM32\KERNELBASE.dll
C:\Windows\SYSTEM32\MLANG.dll
C:\Windows\System32\MMDevApi.dll
C:\Windows\SYSTEM32\MPR.dll
C:\Windows\SYSTEM32\MSASN1.dll
C:\Windows\SYSTEM32\mscms.dll
C:\Windows\SYSTEM32\MSCTF.dll
C:\Windows\SYSTEM32\MSHTML.dll
C:\Windows\SYSTEM32\MSIMG32.dll
C:\Windows\system32\msimtf.dll
C:\Windows\SYSTEM32\msls31.dll
C:\Windows\SYSTEM32\MSRATING.dll
C:\Windows\SYSTEM32\msvcrt.dll
C:\Windows\system32\mswsock.dll
C:\Windows\System32\msxml3.dll
C:\Windows\System32\msxml6.dll
C:\Windows\SYSTEM32\ncrypt.dll
C:\Windows\system32\ncryptsslp.dll
C:\Windows\SYSTEM32\NETAPI32.dll
C:\Windows\SYSTEM32\netutils.dll
C:\Windows\SYSTEM32\ninput.dll
C:\Windows\SYSTEM32\normaliz.dll
C:\Windows\SYSTEM32\NSI.dll
C:\Windows\SYSTEM32\NTASN1.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\SYSTEM32\ntmarta.dll
C:\Windows\SYSTEM32\ole32.dll
C:\Windows\SYSTEM32\OLEACC.dll
C:\Windows\SYSTEM32\OLEAUT32.dll
C:\Windows\SYSTEM32\powrprof.dll
C:\Windows\SYSTEM32\profapi.dll
C:\Windows\SYSTEM32\PROPSYS.dll
C:\Windows\SYSTEM32\PSAPI.DLL
C:\Windows\System32\rasadhlp.dll
C:\Windows\SYSTEM32\RPCRT4.dll
C:\Windows\system32\rsaenh.dll
C:\Windows\SYSTEM32\schannel.dll
C:\Windows\SYSTEM32\sechost.dll
C:\Windows\SYSTEM32\Secur32.dll
C:\Windows\SYSTEM32\shcore.dll
C:\Windows\SYSTEM32\SHELL32.dll
C:\Windows\SYSTEM32\SHLWAPI.dll
C:\Windows\SYSTEM32\srvcli.dll
C:\Windows\SYSTEM32\SspiCli.dll
C:\Windows\SYSTEM32\sxs.dll
C:\Windows\SYSTEM32\T2EMBED.DLL
C:\Windows\System32\UIAnimation.dll
C:\Windows\SYSTEM32\uiautomationcore.dll
C:\Windows\SYSTEM32\urlmon.dll
C:\Windows\SYSTEM32\user32.dll
C:\Windows\SYSTEM32\USERENV.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\SYSTEM32\VERSION.dll
C:\Windows\SYSTEM32\WindowsCodecs.dll
C:\Windows\system32\windowscodecsext.dll
C:\Windows\SYSTEM32\winhttp.dll
C:\Windows\SYSTEM32\WININET.dll
C:\Windows\SYSTEM32\WINMM.dll
C:\Windows\SYSTEM32\WINMMBASE.dll
C:\Windows\SYSTEM32\WINNSI.DLL
C:\Windows\SYSTEM32\WinSCard.dll
C:\Windows\SYSTEM32\WINTRUST.dll
C:\Windows\SYSTEM32\wkscli.dll
C:\Windows\SYSTEM32\WLDAP32.dll
C:\Windows\SYSTEM32\WS2_32.dll
C:\Windows\SYSTEM32\WSOCK32.dll
C:\Windows\SYSTEM32\WTSAPI32.dll
C:\Windows\SYSTEM32\XmlLite.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9200.16658_none_bf1359a245f1cd12\comctl32.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5\comctl32.dll

[C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (142)]
c:\PROGRA~2\mcafee\SITEAD~1\mcbrwctl.dll
c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll
c:\PROGRA~2\mcafee\SITEAD~1\saPlugin.dll
C:\Program Files (x86)\BillP Studios\WinPatrol\PATROLPRO.DLL
C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll
C:\Program Files (x86)\Internet Explorer\ieproxy.dll
C:\Program Files (x86)\Internet Explorer\IEShims.dll
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
C:\Users\angbo_000\AppData\LocalLow\Connect_DLC_5\ldrtbConn.dll
C:\Windows\SYSTEM32\actxprxy.dll
C:\Windows\SYSTEM32\ADVAPI32.dll
C:\Windows\system32\apphelp.dll
C:\Windows\SYSTEM32\ATL.DLL
C:\Windows\SYSTEM32\AUDIOSES.DLL
C:\Windows\SYSTEM32\AVRT.dll
C:\Windows\SYSTEM32\bcrypt.dll
C:\Windows\SYSTEM32\bcryptPrimitives.dll
C:\Windows\SYSTEM32\cfgmgr32.dll
C:\Windows\SYSTEM32\clbcatq.dll
C:\Windows\SYSTEM32\combase.dll
C:\Windows\SYSTEM32\comdlg32.dll
C:\Windows\SYSTEM32\CRYPT32.dll
C:\Windows\SYSTEM32\CRYPTBASE.dll
C:\Windows\SYSTEM32\cryptnet.dll
C:\Windows\SYSTEM32\CRYPTSP.dll
C:\Windows\SYSTEM32\d2d1.dll
C:\Windows\SYSTEM32\D3D10Warp.dll
C:\Windows\SYSTEM32\d3d11.dll
C:\Windows\SYSTEM32\DCIMAN32.dll
C:\Windows\SYSTEM32\dcomp.dll
C:\Windows\SYSTEM32\DDRAW.dll
C:\Windows\SYSTEM32\ddrawex.dll
C:\Windows\SYSTEM32\DEVOBJ.dll
C:\Windows\SYSTEM32\dhcpcsvc.DLL
C:\Windows\SYSTEM32\dhcpcsvc6.DLL
C:\Windows\SYSTEM32\DINPUT8.dll
C:\Windows\SYSTEM32\DNSAPI.dll
C:\Windows\SYSTEM32\DPAPI.dll
C:\Windows\SYSTEM32\DSOUND.dll
C:\Windows\SYSTEM32\dwmapi.dll
C:\Windows\SYSTEM32\DWrite.dll
C:\Windows\SYSTEM32\dxgi.dll
C:\Windows\SYSTEM32\Dxtmsft.dll
C:\Windows\SYSTEM32\Dxtrans.dll
C:\Windows\System32\fwpuclnt.dll
C:\Windows\SYSTEM32\GDI32.dll
C:\Windows\SYSTEM32\gpapi.dll
C:\Windows\SYSTEM32\icm32.dll
C:\Windows\SYSTEM32\ieapfltr.dll
C:\Windows\SYSTEM32\IEFRAME.dll
C:\Windows\SYSTEM32\iertutil.dll
C:\Windows\SYSTEM32\IEUI.dll
C:\Windows\SYSTEM32\igd10umd32.dll
C:\Windows\SYSTEM32\ImgUtil.dll
C:\Windows\system32\IMM32.DLL
C:\Windows\SYSTEM32\IPHLPAPI.DLL
C:\Windows\SYSTEM32\jscript9.dll
C:\Windows\SYSTEM32\KERNEL32.DLL
C:\Windows\SYSTEM32\KERNELBASE.dll
C:\Windows\SYSTEM32\ksuser.dll
C:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx
C:\Windows\SYSTEM32\mfcore.dll
C:\Windows\SYSTEM32\MFMediaEngine.dll
C:\Windows\SYSTEM32\MFPlat.DLL
C:\Windows\SYSTEM32\MLANG.dll
C:\Windows\System32\MMDevAPI.DLL
C:\Windows\SYSTEM32\MPR.dll
C:\Windows\SYSTEM32\MSASN1.dll
C:\Windows\SYSTEM32\mscms.dll
C:\Windows\SYSTEM32\MSCTF.dll
C:\Windows\SYSTEM32\MSHTML.dll
C:\Windows\SYSTEM32\MSIMG32.dll
C:\Windows\system32\msimtf.dll
C:\Windows\SYSTEM32\msls31.dll
C:\Windows\SYSTEM32\MSRATING.dll
C:\Windows\SYSTEM32\msvcrt.dll
C:\Windows\system32\mswsock.dll
C:\Windows\System32\msxml3.dll
C:\Windows\System32\msxml6.dll
C:\Windows\SYSTEM32\ncrypt.dll
C:\Windows\system32\ncryptsslp.dll
C:\Windows\SYSTEM32\NETAPI32.dll
C:\Windows\SYSTEM32\netutils.dll
C:\Windows\SYSTEM32\ninput.dll
C:\Windows\system32\NLAapi.dll
C:\Windows\SYSTEM32\normaliz.dll
C:\Windows\SYSTEM32\NSI.dll
C:\Windows\SYSTEM32\NTASN1.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\SYSTEM32\ntmarta.dll
C:\Windows\SYSTEM32\ole32.dll
C:\Windows\SYSTEM32\OLEACC.dll
C:\Windows\SYSTEM32\OLEAUT32.dll
C:\Windows\SYSTEM32\powrprof.dll
C:\Windows\SYSTEM32\profapi.dll
C:\Windows\SYSTEM32\PROPSYS.dll
C:\Windows\SYSTEM32\PSAPI.DLL
C:\Windows\System32\rasadhlp.dll
C:\Windows\SYSTEM32\RPCRT4.dll
C:\Windows\system32\rsaenh.dll
C:\Windows\SYSTEM32\schannel.dll
C:\Windows\SYSTEM32\sechost.dll
C:\Windows\SYSTEM32\Secur32.dll
C:\Windows\SYSTEM32\shcore.dll
C:\Windows\SYSTEM32\SHELL32.dll
C:\Windows\SYSTEM32\SHLWAPI.dll
C:\Windows\SYSTEM32\srvcli.dll
C:\Windows\SYSTEM32\SspiCli.dll
C:\Windows\SYSTEM32\sxs.dll
C:\Windows\SYSTEM32\T2EMBED.DLL
C:\Windows\SYSTEM32\twinapi.dll
C:\Windows\System32\UIAnimation.dll
C:\Windows\SYSTEM32\UIAutomationCore.DLL
C:\Windows\SYSTEM32\urlmon.dll
C:\Windows\SYSTEM32\user32.dll
C:\Windows\SYSTEM32\USERENV.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\SYSTEM32\VERSION.dll
C:\Windows\SYSTEM32\webio.dll
C:\Windows\System32\wevtapi.dll
C:\Windows\System32\Windows.Media.MediaControl.dll
C:\Windows\SYSTEM32\WindowsCodecs.dll
C:\Windows\system32\windowscodecsext.dll
C:\Windows\SYSTEM32\winhttp.dll
C:\Windows\SYSTEM32\WININET.dll
C:\Windows\SYSTEM32\WINMM.dll
C:\Windows\SYSTEM32\WINMMBASE.dll
C:\Windows\SYSTEM32\WINNSI.DLL
C:\Windows\SYSTEM32\WinSCard.dll
C:\Windows\SYSTEM32\WINTRUST.dll
C:\Windows\System32\WinTypes.dll
C:\Windows\SYSTEM32\wkscli.dll
C:\Windows\SYSTEM32\WLDAP32.dll
C:\Windows\System32\Wpc.dll
C:\Windows\SYSTEM32\WS2_32.dll
C:\Windows\SYSTEM32\WSOCK32.dll
C:\Windows\SYSTEM32\WTSAPI32.dll
C:\Windows\SYSTEM32\XmlLite.dll
C:\Windows\system32\zipfldr.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9200.16658_none_bf1359a245f1cd12\comctl32.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5\comctl32.dll

[C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (152)]
c:\PROGRA~2\mcafee\SITEAD~1\mcbrwctl.dll
c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll
c:\PROGRA~2\mcafee\SITEAD~1\saPlugin.dll
C:\Program Files (x86)\BillP Studios\WinPatrol\PATROLPRO.DLL
C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll
C:\Program Files (x86)\Internet Explorer\ieproxy.dll
C:\Program Files (x86)\Internet Explorer\IEShims.dll
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
C:\Users\angbo_000\AppData\LocalLow\Connect_DLC_5\ldrtbConn.dll
C:\Windows\SYSTEM32\actxprxy.dll
C:\Windows\SYSTEM32\ADVAPI32.dll
C:\Windows\system32\apphelp.dll
C:\Windows\SYSTEM32\ATL.DLL
C:\Windows\SYSTEM32\AUDIOSES.DLL
C:\Windows\SYSTEM32\AVRT.dll
C:\Windows\SYSTEM32\Bcp47Langs.dll
C:\Windows\SYSTEM32\bcrypt.dll
C:\Windows\SYSTEM32\bcryptPrimitives.dll
C:\Windows\SYSTEM32\cfgmgr32.dll
C:\Windows\SYSTEM32\clbcatq.dll
C:\Windows\SYSTEM32\combase.dll
C:\Windows\SYSTEM32\comdlg32.dll
C:\Windows\SYSTEM32\CRYPT32.dll
C:\Windows\SYSTEM32\CRYPTBASE.dll
C:\Windows\SYSTEM32\cryptnet.dll
C:\Windows\SYSTEM32\CRYPTSP.dll
C:\Windows\SYSTEM32\d2d1.dll
C:\Windows\SYSTEM32\D3D10Warp.dll
C:\Windows\SYSTEM32\d3d11.dll
C:\Windows\SYSTEM32\DCIMAN32.dll
C:\Windows\SYSTEM32\dcomp.dll
C:\Windows\SYSTEM32\DDRAW.dll
C:\Windows\SYSTEM32\ddrawex.dll
C:\Windows\SYSTEM32\DEVOBJ.dll
C:\Windows\SYSTEM32\dhcpcsvc.DLL
C:\Windows\SYSTEM32\dhcpcsvc6.DLL
C:\Windows\SYSTEM32\DINPUT8.dll
C:\Windows\SYSTEM32\dispex.dll
C:\Windows\SYSTEM32\DNSAPI.dll
C:\Windows\SYSTEM32\DPAPI.dll
C:\Windows\SYSTEM32\DSOUND.dll
C:\Windows\SYSTEM32\dwmapi.dll
C:\Windows\SYSTEM32\DWrite.dll
C:\Windows\SYSTEM32\dxgi.dll
C:\Windows\SYSTEM32\Dxtmsft.dll
C:\Windows\SYSTEM32\Dxtrans.dll
C:\Windows\System32\fwpuclnt.dll
C:\Windows\SYSTEM32\GDI32.dll
C:\Windows\SYSTEM32\gpapi.dll
C:\Windows\SYSTEM32\icm32.dll
C:\Windows\SYSTEM32\ieapfltr.dll
C:\Windows\SYSTEM32\IEFRAME.dll
C:\Windows\SYSTEM32\iertutil.dll
C:\Windows\SYSTEM32\IEUI.dll
C:\Windows\SYSTEM32\igd10umd32.dll
C:\Windows\SYSTEM32\ImgUtil.dll
C:\Windows\system32\IMM32.DLL
C:\Windows\SYSTEM32\IPHLPAPI.DLL
C:\Windows\SYSTEM32\jscript.dll
C:\Windows\SYSTEM32\jscript9.dll
C:\Windows\SYSTEM32\KERNEL32.DLL
C:\Windows\SYSTEM32\KERNELBASE.dll
C:\Windows\SYSTEM32\ksuser.dll
C:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx
C:\Windows\SYSTEM32\mfcore.dll
C:\Windows\SYSTEM32\MFMediaEngine.dll
C:\Windows\SYSTEM32\MFPlat.DLL
C:\Windows\SYSTEM32\MLANG.dll
C:\Windows\System32\MMDevApi.dll
C:\Windows\SYSTEM32\MPR.dll
C:\Windows\SYSTEM32\MSASN1.dll
C:\Windows\SYSTEM32\mscms.dll
C:\Windows\SYSTEM32\MSCTF.dll
C:\Windows\SYSTEM32\MSHTML.dll
C:\Windows\SYSTEM32\msi.dll
C:\Windows\SYSTEM32\msiltcfg.dll
C:\Windows\SYSTEM32\MSIMG32.dll
C:\Windows\system32\msimtf.dll
C:\Windows\SYSTEM32\msls31.dll
C:\Windows\SYSTEM32\MSRATING.dll
C:\Windows\SYSTEM32\MsSpellCheckingFacility.dll
C:\Windows\SYSTEM32\msvcrt.dll
C:\Windows\system32\mswsock.dll
C:\Windows\System32\msxml3.dll
C:\Windows\System32\msxml6.dll
C:\Windows\SYSTEM32\ncrypt.dll
C:\Windows\system32\ncryptsslp.dll
C:\Windows\SYSTEM32\NETAPI32.dll
C:\Windows\SYSTEM32\netbios.dll
C:\Windows\SYSTEM32\netutils.dll
C:\Windows\SYSTEM32\ninput.dll
C:\Windows\system32\NLAapi.dll
C:\Windows\SYSTEM32\normaliz.dll
C:\Windows\SYSTEM32\NSI.dll
C:\Windows\SYSTEM32\NTASN1.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\SYSTEM32\ntmarta.dll
C:\Windows\SYSTEM32\ole32.dll
C:\Windows\SYSTEM32\OLEACC.dll
C:\Windows\SYSTEM32\OLEAUT32.dll
C:\Windows\System32\OpcServices.DLL
C:\Windows\SYSTEM32\powrprof.dll
C:\Windows\SYSTEM32\prntvpt.dll
C:\Windows\SYSTEM32\profapi.dll
C:\Windows\SYSTEM32\PROPSYS.dll
C:\Windows\SYSTEM32\PSAPI.DLL
C:\Windows\System32\rasadhlp.dll
C:\Windows\SYSTEM32\RPCRT4.dll
C:\Windows\system32\rsaenh.dll
C:\Windows\SYSTEM32\schannel.dll
C:\Windows\SYSTEM32\sechost.dll
C:\Windows\SYSTEM32\Secur32.dll
C:\Windows\SYSTEM32\shcore.dll
C:\Windows\SYSTEM32\SHELL32.dll
C:\Windows\SYSTEM32\SHLWAPI.dll
C:\Windows\SYSTEM32\srvcli.dll
C:\Windows\SYSTEM32\SspiCli.dll
C:\Windows\SYSTEM32\sxs.dll
C:\Windows\SYSTEM32\T2EMBED.DLL
C:\Windows\SYSTEM32\twinapi.dll
C:\Windows\System32\UIAnimation.dll
C:\Windows\SYSTEM32\uiautomationcore.dll
C:\Windows\SYSTEM32\urlmon.dll
C:\Windows\SYSTEM32\user32.dll
C:\Windows\SYSTEM32\USERENV.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\SYSTEM32\VERSION.dll
C:\Windows\SYSTEM32\webio.dll
C:\Windows\System32\Windows.Media.MediaControl.dll
C:\Windows\SYSTEM32\WindowsCodecs.dll
C:\Windows\system32\windowscodecsext.dll
C:\Windows\SYSTEM32\winhttp.dll
C:\Windows\SYSTEM32\WININET.dll
C:\Windows\SYSTEM32\WINMM.dll
C:\Windows\SYSTEM32\WINMMBASE.dll
C:\Windows\SYSTEM32\WINNSI.DLL
C:\Windows\SYSTEM32\WinSCard.dll
C:\Windows\SYSTEM32\WINSPOOL.DRV
C:\Windows\SYSTEM32\WINTRUST.dll
C:\Windows\System32\WinTypes.dll
C:\Windows\SYSTEM32\wkscli.dll
C:\Windows\SYSTEM32\WLDAP32.dll
C:\Windows\SYSTEM32\WS2_32.dll
C:\Windows\SYSTEM32\WSOCK32.dll
C:\Windows\SYSTEM32\WTSAPI32.dll
C:\Windows\SYSTEM32\XmlLite.dll
C:\Windows\System32\XpsGdiConverter.dll
C:\Windows\System32\XpsPrint.dll
C:\Windows\System32\xpsservices.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9200.16658_none_bf1359a245f1cd12\comctl32.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5\comctl32.dll

[C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (42)]
c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamtoast.dll
C:\Windows\SYSTEM32\actxprxy.dll
C:\Windows\SYSTEM32\ADVAPI32.dll
C:\Windows\SYSTEM32\bcryptPrimitives.dll
C:\Windows\SYSTEM32\clbcatq.dll
C:\Windows\SYSTEM32\combase.dll
C:\Windows\SYSTEM32\CRYPT32.dll
C:\Windows\SYSTEM32\CRYPTBASE.dll
C:\Windows\SYSTEM32\CRYPTSP.dll
C:\Windows\SYSTEM32\dwmapi.dll
C:\Windows\SYSTEM32\GDI32.dll
C:\Windows\system32\IMM32.DLL
C:\Windows\SYSTEM32\IPHLPAPI.DLL
C:\Windows\SYSTEM32\KERNEL32.DLL
C:\Windows\SYSTEM32\KERNELBASE.dll
C:\Windows\SYSTEM32\MSASN1.dll
C:\Windows\SYSTEM32\MSCTF.dll
C:\Windows\SYSTEM32\msvcrt.dll
C:\Windows\System32\msxml6.dll
C:\Windows\SYSTEM32\NSI.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\SYSTEM32\ole32.dll
C:\Windows\SYSTEM32\OLEAUT32.dll
C:\Windows\SYSTEM32\profapi.dll
C:\Windows\SYSTEM32\RPCRT4.dll
C:\Windows\system32\rsaenh.dll
C:\Windows\SYSTEM32\sechost.dll
C:\Windows\SYSTEM32\SHCORE.dll
C:\Windows\SYSTEM32\SHELL32.dll
C:\Windows\SYSTEM32\SHLWAPI.dll
C:\Windows\SYSTEM32\SspiCli.dll
C:\Windows\SYSTEM32\USER32.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\SYSTEM32\VERSION.dll
C:\Windows\SYSTEM32\WINNSI.DLL
C:\Windows\System32\wpnapps.dll
C:\Windows\SYSTEM32\WS2_32.dll
C:\Windows\SYSTEM32\WTSAPI32.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5\COMCTL32.dll

[C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (33)]
c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll
C:\Windows\SYSTEM32\ADVAPI32.dll
C:\Windows\SYSTEM32\bcryptPrimitives.dll
C:\Windows\SYSTEM32\clbcatq.dll
C:\Windows\SYSTEM32\combase.dll
C:\Windows\SYSTEM32\CRYPTBASE.dll
C:\Windows\SYSTEM32\dwmapi.dll
C:\Windows\SYSTEM32\GDI32.dll
C:\Windows\SYSTEM32\iertutil.dll
C:\Windows\system32\IMM32.DLL
C:\Windows\SYSTEM32\KERNEL32.DLL
C:\Windows\SYSTEM32\KERNELBASE.dll
C:\Windows\SYSTEM32\MSCTF.dll
C:\Windows\SYSTEM32\msvcrt.dll
C:\Windows\system32\mswsock.dll
C:\Windows\SYSTEM32\NSI.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\SYSTEM32\ole32.dll
C:\Windows\SYSTEM32\OLEAUT32.dll
C:\Windows\SYSTEM32\PSAPI.DLL
C:\Windows\SYSTEM32\RPCRT4.dll
C:\Windows\SYSTEM32\sechost.dll
C:\Windows\SYSTEM32\Secur32.dll
C:\Windows\SYSTEM32\SHCORE.dll
C:\Windows\SYSTEM32\SHELL32.dll
C:\Windows\SYSTEM32\SHLWAPI.dll
C:\Windows\SYSTEM32\SspiCli.dll
C:\Windows\SYSTEM32\urlmon.dll
C:\Windows\SYSTEM32\USER32.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\SYSTEM32\WININET.dll
C:\Windows\SYSTEM32\WS2_32.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5\COMCTL32.dll

[C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (66)]
c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll
C:\Program Files (x86)\BillP Studios\WinPatrol\PATROLPRO.DLL
C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm.DLL
C:\Windows\SYSTEM32\actxprxy.dll
C:\Windows\SYSTEM32\ADVAPI32.dll
C:\Windows\SYSTEM32\bcryptPrimitives.dll
C:\Windows\SYSTEM32\cfgmgr32.dll
C:\Windows\SYSTEM32\clbcatq.dll
C:\Windows\SYSTEM32\combase.dll
C:\Windows\SYSTEM32\CRYPT32.dll
C:\Windows\SYSTEM32\CRYPTBASE.dll
C:\Windows\SYSTEM32\CRYPTSP.dll
C:\Windows\SYSTEM32\DEVOBJ.dll
C:\Windows\SYSTEM32\dhcpcsvc.DLL
C:\Windows\SYSTEM32\dhcpcsvc6.DLL
C:\Windows\SYSTEM32\DNSAPI.dll
C:\Windows\SYSTEM32\dwmapi.dll
C:\Windows\System32\fwpuclnt.dll
C:\Windows\SYSTEM32\GDI32.dll
C:\Windows\SYSTEM32\iertutil.dll
C:\Windows\system32\IMM32.DLL
C:\Windows\SYSTEM32\iphlpapi.dll
C:\Windows\SYSTEM32\KERNEL32.DLL
C:\Windows\SYSTEM32\KERNELBASE.dll
C:\Windows\SYSTEM32\MPR.dll
C:\Windows\SYSTEM32\MSASN1.dll
C:\Windows\SYSTEM32\MSCTF.dll
C:\Windows\SYSTEM32\MSIMG32.dll
C:\Windows\SYSTEM32\msvcrt.dll
C:\Windows\System32\mswsock.dll
C:\Windows\SYSTEM32\NETAPI32.dll
C:\Windows\SYSTEM32\netutils.dll
C:\Windows\SYSTEM32\NSI.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\SYSTEM32\ntmarta.dll
C:\Windows\SYSTEM32\ole32.dll
C:\Windows\SYSTEM32\OLEACC.dll
C:\Windows\SYSTEM32\OLEAUT32.dll
C:\Windows\SYSTEM32\profapi.dll
C:\Windows\System32\rasadhlp.dll
C:\Windows\SYSTEM32\RPCRT4.dll
C:\Windows\system32\rsaenh.dll
C:\Windows\SYSTEM32\sechost.dll
C:\Windows\SYSTEM32\Secur32.dll
C:\Windows\SYSTEM32\SHCORE.dll
C:\Windows\SYSTEM32\SHELL32.dll
C:\Windows\SYSTEM32\SHLWAPI.dll
C:\Windows\SYSTEM32\srvcli.dll
C:\Windows\SYSTEM32\SspiCli.dll
C:\Windows\SYSTEM32\sxs.dll
C:\Windows\SYSTEM32\urlmon.dll
C:\Windows\SYSTEM32\USER32.dll
C:\Windows\SYSTEM32\USERENV.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\SYSTEM32\VERSION.dll
C:\Windows\SYSTEM32\WindowsCodecs.dll
C:\Windows\SYSTEM32\winhttp.dll
C:\Windows\SYSTEM32\WININET.dll
C:\Windows\SYSTEM32\WINNSI.DLL
C:\Windows\SYSTEM32\WinSCard.dll
C:\Windows\SYSTEM32\WINSTA.dll
C:\Windows\SYSTEM32\wkscli.dll
C:\Windows\SYSTEM32\WS2_32.dll
C:\Windows\SYSTEM32\WSOCK32.dll
C:\Windows\SYSTEM32\WTSAPI32.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5\COMCTL32.dll

[C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (33)]
c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll
C:\Windows\SYSTEM32\ADVAPI32.dll
C:\Windows\SYSTEM32\bcryptPrimitives.dll
C:\Windows\SYSTEM32\CFGMGR32.dll
C:\Windows\SYSTEM32\clbcatq.dll
C:\Windows\SYSTEM32\combase.dll
C:\Windows\SYSTEM32\CRYPTBASE.dll
C:\Windows\SYSTEM32\CRYPTSP.dll
C:\Windows\SYSTEM32\DEVOBJ.dll
C:\Windows\SYSTEM32\dwmapi.dll
C:\Windows\SYSTEM32\GDI32.dll
C:\Windows\system32\IMM32.DLL
C:\Windows\SYSTEM32\KERNEL32.DLL
C:\Windows\SYSTEM32\KERNELBASE.dll
C:\Windows\SYSTEM32\MSCTF.dll
C:\Windows\SYSTEM32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\SYSTEM32\ole32.dll
C:\Windows\SYSTEM32\OLEAUT32.dll
C:\Windows\system32\propsys.dll
C:\Windows\SYSTEM32\RPCRT4.dll
C:\Windows\system32\rsaenh.dll
C:\Windows\SYSTEM32\sechost.dll
C:\Windows\SYSTEM32\SETUPAPI.dll
C:\Windows\SYSTEM32\SHCORE.dll
C:\Windows\SYSTEM32\SHELL32.dll
C:\Windows\SYSTEM32\SHLWAPI.dll
C:\Windows\SYSTEM32\SspiCli.dll
C:\Windows\SYSTEM32\sxs.dll
C:\Windows\SYSTEM32\USER32.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\SYSTEM32\VERSION.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5\COMCTL32.dll

[C:\Users\angbo_000\AppData\Local\Temp\Temp1_startuplist.zip\StartupList.exe (49)]
c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll
C:\Program Files (x86)\BillP Studios\WinPatrol\PATROLPRO.DLL
C:\Windows\SYSTEM32\ADVAPI32.dll
C:\Windows\system32\apphelp.dll
C:\Windows\system32\asycfilt.dll
C:\Windows\SYSTEM32\bcryptPrimitives.dll
C:\Windows\SYSTEM32\clbcatq.dll
C:\Windows\SYSTEM32\combase.dll
C:\Windows\SYSTEM32\comdlg32.dll
C:\Windows\SYSTEM32\CRYPTBASE.dll
C:\Windows\SYSTEM32\CRYPTSP.dll
C:\Windows\SYSTEM32\dwmapi.dll
C:\Windows\SYSTEM32\GDI32.dll
C:\Windows\system32\IMM32.DLL
C:\Windows\SYSTEM32\KERNEL32.DLL
C:\Windows\SYSTEM32\KERNELBASE.dll
C:\Windows\SYSTEM32\MSCOMCTL.OCX
C:\Windows\SYSTEM32\MSCTF.dll
C:\Windows\SYSTEM32\msi.dll
C:\Windows\SYSTEM32\msiltcfg.dll
C:\Windows\SYSTEM32\MSVBVM60.DLL
C:\Windows\SYSTEM32\msvcrt.dll
C:\Windows\SYSTEM32\NSI.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\SYSTEM32\ole32.dll
C:\Windows\SYSTEM32\OLEAUT32.dll
C:\Windows\SYSTEM32\PSAPI.DLL
C:\Windows\SYSTEM32\RPCRT4.dll
C:\Windows\system32\rsaenh.dll
C:\Windows\SYSTEM32\sechost.dll
C:\Windows\SYSTEM32\SFC.DLL
C:\Windows\SYSTEM32\sfc_os.DLL
C:\Windows\SYSTEM32\SHCORE.dll
C:\Windows\SYSTEM32\SHELL32.dll
C:\Windows\SYSTEM32\SHLWAPI.dll
C:\Windows\SYSTEM32\SspiCli.dll
C:\Windows\SYSTEM32\SXS.DLL
C:\Windows\SYSTEM32\USER32.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\SYSTEM32\VERSION.dll
C:\Windows\system32\wbem\fastprox.dll
C:\Windows\system32\wbem\wbemdisp.dll
C:\Windows\system32\wbem\wbemprox.dll
C:\Windows\system32\wbem\wbemsvc.dll
C:\Windows\system32\wbem\wmiutils.dll
C:\Windows\SYSTEM32\wbemcomn.dll
C:\Windows\SYSTEM32\WS2_32.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9200.16658_none_bf1359a245f1cd12\COMCTL32.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5\comctl32.DLL

--------------------

Autostart folders:

[Startup (1)]
desktop.ini

[User Startup (1)]
desktop.ini

[Common Startup (2)]
desktop.ini
McAfee Security Scan Plus.lnk

[User Common Startup (2)]
desktop.ini
McAfee Security Scan Plus.lnk

--------------------

IniMapping values:

System NT shell = explorer.exe

--------------------

On-reboot actions:

[Wininit.ini]
[Rename]
NUL=C:\Windows\system32\Macromed\Flash\Flash.ocx

BootExecute = autocheck autochk *

--------------------

Shell commands:

.bat - Windows Batch File - "%1" %*
.cmd - Windows Command Script - "%1" %*
.com - MS-DOS Application - "%1" %*
.exe - Application - "%1" %*
.hta - HTML Application - C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*
.js - JavaScript File - C:\Windows\System32\WScript.exe "%1" %*
.jse - JScript Encoded File - C:\Windows\System32\WScript.exe "%1" %*
.pif - Shortcut to MS-DOS Program - "%1" %*
.scr - Screen saver - "%1" /S
.txt - Text Document - C:\Windows\system32\NOTEPAD.EXE %1
.vbe - VBScript Encoded File - "C:\Windows\System32\WScript.exe" "%1" %*
.vbs - VBScript Script File - "C:\Windows\System32\WScript.exe" "%1" %*
.wsf - Windows Script File - "C:\Windows\System32\WScript.exe" "%1" %*
.wsh - Windows Script Host Settings File - "C:\Windows\System32\WScript.exe" "%1" %*

--------------------

Services:

[NT Services (77)]
@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 = "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
@%SystemRoot%\system32\AudioEndpointBuilder.dll,-204 = C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\system32\audiosrv.dll,-200 = C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
@%SystemRoot%\system32\bfe.dll,-1001 = C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
@%SystemRoot%\system32\cryptsvc.dll,-1001 = C:\Windows\system32\svchost.exe -k NetworkService
@%SystemRoot%\system32\das.dll,-100 = C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\system32\dhcpcore.dll,-100 = C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
@%SystemRoot%\System32\dnsapi.dll,-101 = C:\Windows\system32\svchost.exe -k NetworkService
@%systemroot%\system32\dps.dll,-500 = C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
@%systemroot%\system32\fhsvc.dll,-101 = C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\system32\FirewallAPI.dll,-23090 = C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
@%systemroot%\system32\FntCache.dll,-100 = C:\Windows\system32\svchost.exe -k LocalService
@%SystemRoot%\system32\ikeext.dll,-501 = C:\Windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\system32\iphlpsvc.dll,-500 = C:\Windows\System32\svchost.exe -k NetSvcs
@%SystemRoot%\system32\lmhsvc.dll,-101 = C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
@%systemroot%\system32\mmcss.dll,-100 = C:\Windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\System32\nlasvc.dll,-1 = C:\Windows\System32\svchost.exe -k NetworkService
@%SystemRoot%\system32\nsisvc.dll,-200 = C:\Windows\system32\svchost.exe -k LocalService
@%SystemRoot%\system32\pcasvc.dll,-1 = C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
@%systemroot%\system32\profsvc.dll,-300 = C:\Windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\system32\qmgr.dll,-1000 = C:\Windows\System32\svchost.exe -k netsvcs
@%SystemRoot%\system32\samsrv.dll,-1 = C:\Windows\system32\lsass.exe
@%SystemRoot%\system32\schedsvc.dll,-100 = C:\Windows\system32\svchost.exe -k netsvcs
@%systemroot%\system32\SearchIndexer.exe,-103 = C:\Windows\system32\SearchIndexer.exe /Embedding
@%SystemRoot%\system32\Sens.dll,-200 = C:\Windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\System32\shsvcs.dll,-12288 = C:\Windows\System32\svchost.exe -k netsvcs
@%systemroot%\system32\spoolsv.exe,-1 = C:\Windows\System32\spoolsv.exe
@%SystemRoot%\system32\sppsvc.exe,-101 = C:\Windows\system32\sppsvc.exe
@%systemroot%\system32\srvsvc.dll,-100 = C:\Windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\system32\sysmain.dll,-1000 = C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\System32\themeservice.dll,-8192 = C:\Windows\System32\svchost.exe -k netsvcs
@%SystemRoot%\system32\trkwks.dll,-1 = C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\system32\umpo.dll,-100 = C:\Windows\system32\svchost.exe -k DcomLaunch
@%Systemroot%\system32\wbem\wmisvc.dll,-205 = C:\Windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\System32\wcmsvc.dll,-4097 = C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
@%SystemRoot%\system32\wevtsvc.dll,-200 = C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
@%SystemRoot%\system32\wiaservc.dll,-9 = C:\Windows\system32\svchost.exe -k imgsvc
@%systemroot%\system32\wkssvc.dll,-100 = C:\Windows\System32\svchost.exe -k NetworkService
@%SystemRoot%\System32\wlansvc.dll,-257 = C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\System32\wscsvc.dll,-200 = C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
@%windir%\system32\bisrv.dll,-100 = C:\Windows\system32\svchost.exe -k DcomLaunch
@%windir%\system32\lsm.dll,-1001 = C:\Windows\system32\svchost.exe -k DcomLaunch
@%windir%\system32\RpcEpMap.dll,-1001 = C:\Windows\system32\svchost.exe -k RPCSS
@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 = "C:\Program Files (x86)\Nero\Update\NASvc.exe"
@combase.dll,-5010 = C:\Windows\system32\svchost.exe -k rpcss
@combase.dll,-5012 = C:\Windows\system32\svchost.exe -k DcomLaunch
@comres.dll,-2450 = C:\Windows\system32\svchost.exe -k LocalService
@gpapi.dll,-112 = C:\Windows\system32\svchost.exe -k netsvcs
Adobe Acrobat Update Service = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
AtherosSvc = C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
CCDMonitorService = C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
Dragon Service = C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
EpsonBidirectionalService = C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
IconMan_R = "C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe"
Intel® Capability Licensing Service Interface = "C:\Program Files\Intel\iCLS Client\HeciServer.exe"
Intel® Dynamic Application Loader Host Interface Service = C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
Intel® Management and Security Application Local Management Service = C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
Intel® Management and Security Application User Notification Service = "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
Intel® PROSet Monitoring Service = C:\Windows\system32\IProsetMonitor.exe
MBAMScheduler = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
MBAMService = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
McAfee Anti-Malware Core = C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
McAfee Anti-Spam Service = "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc
McAfee AP Service = "C:\Program Files\McAfee\MSC\McAPExe.exe"
McAfee Application Statistics Service = "C:\Program Files\McAfee\AppStats\MfeASUM.exe"
McAfee Firewall Core Service = "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe"
McAfee Home Network = "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc
McAfee Personal Firewall Service = "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc
McAfee Platform Services = "C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc
McAfee Proxy Service = "C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc
McAfee SiteAdvisor Service = "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc
McAfee Validation Trust Protection Service = "C:\Windows\system32\mfevtps.exe"
McAfee VirusScan Announcer = "C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc
Motorola Device Manager Service = C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
Norton Online Backup = "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE
PST Service = C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
Search Protect by Conduit Updater = C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe

[SafeBoot services (Minimal boot)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
BasicDisplay.sys
BasicRender.sys
dxgkrnl.sys
FsDepends.sys
sermouse.sys
volmgr.sys
volmgrx.sys
WudfPf
WudfRd

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
PCI Configuration
PNP Filter
Primary disk
SCSI Class
System Bus Extender

* Enhanced Storage Devices *
{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* IEEE 1394 Bus host controllers *
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SBP2 IEEE 1394 Devices *
{D48179BE-EC20-11D1-B6B8-00C04FA372A7}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* SDA Standard Compliant SD Host Controller *
{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}

* SecurityDevices *
{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

* Service *
AppInfo
AppMgmt
BrokerInfrastructure
CryptSvc
DcomLaunch
DeviceInstall
EFS
EventLog
HelpSvc
KeyIso
LSM
Netlogon
NTDS
PlugPlay
Power
ProfSvc
RpcEptMapper
RpcSs
sacsvr
SWPRV
TabletInputService
TBS
TrustedInstaller
VDS
vmms
WinDefend
WinMgmt
WudfSvc

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}

* Volume shadow copy *
{533C5B84-EC70-11D2-9505-00C04F79DEAF}


[SafeBoot services (Minimal boot + network support)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
BasicDisplay.sys
BasicRender.sys
bowser
dfsc
dxgkrnl.sys
FsDepends.sys
ipnat.sys
mfefire
mfefirek
mfefirek.sys
mfehidk
mfehidk.sys
mfevtp
MPSDrv
mrxsmb
mrxsmb10
mrxsmb20
ndiscap
nsiproxy.sys
rdbss
rdpencdd.sys
sermouse.sys
SmartcardSimulator
VirtualSmartcardReader
volmgr.sys
volmgrx.sys
WudfPf
WudfRd
WudfUsbccidDriver

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
NDIS
NDIS Wrapper
NetBIOSGroup
NetDDEGroup
Network
NetworkProvider
PCI Configuration
PNP Filter
PNP_TDI
Primary disk
SCSI Class
Streams Drivers
System Bus Extender
TDI

* Enhanced Storage Devices *
{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* IEEE 1394 Bus host controllers *
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* Net *
{4D36E972-E325-11CE-BFC1-08002BE10318}

* NetClient *
{4D36E973-E325-11CE-BFC1-08002BE10318}

* NetService *
{4D36E974-E325-11CE-BFC1-08002BE10318}

* NetTrans *
{4D36E975-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SBP2 IEEE 1394 Devices *
{D48179BE-EC20-11D1-B6B8-00C04FA372A7}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* SDA Standard Compliant SD Host Controller *
{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}

* SecurityDevices *
{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

* Service *
AFD
AppInfo
AppMgmt
BFE
BrokerInfrastructure
Browser
CryptSvc
DcomLaunch
DeviceInstall
Dhcp
DnsCache
Dot3Svc
Eaphost
EFS
EventLog
HelpSvc
IKEEXT
KeyIso
LanmanServer
LanmanWorkstation
LmHosts
LSM
McMPFSvc
Messenger
MPSSvc
NativeWifiP
Ndisuio
NetBIOS
NetBT
Netlogon
NetMan
netprofm
NlaSvc
Nsi
NTDS
PlugPlay
PolicyAgent
Power
ProfSvc
rdsessmgr
RpcEptMapper
RpcSs
sacsvr
SCardSvr
SharedAccess
SWPRV
TabletInputService
TBS
Tcpip
TrustedInstaller
VaultSvc
VDS
vmms
Wcmsvc
WinDefend
WinMgmt
Wlansvc
WudfSvc

* Smart card readers *
{50DD5230-BA8A-11D1-BF5D-0000F805F530}

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}

* Volume shadow copy *
{533C5B84-EC70-11D2-9505-00C04F79DEAF}


[SafeBoot: Alternate shell]
cmd.exe (not enabled)

--------------------

Driver filters:

[Class filters]
* (no name) *
- Upper filters
WpdUpFltr.sys



[Device filters]
* @netrasa.inf,%mp-bh-dispname%;WAN Miniport (Network Monitor) *
- Lower filters
NdisTapi.sys

* @netrasa.inf,%mp-ip-dispname%;WAN Miniport (IP) *
- Lower filters
NdisTapi.sys

* @netrasa.inf,%mp-ipv6-dispname%;WAN Miniport (IPv6) *
- Lower filters
NdisTapi.sys

* @oem21.inf,%athr.devicedesc.311711ad%;Qualcomm Atheros AR5BWB222 Wireless Network Adapter *
- Upper filters
vwifibus.sys

* @oem24.inf,%vid_04ca&pid_3006%;Bluetooth USB Module *
- Upper filters
BtFilter.sys

- Lower filters
BtFilter.sys

* @oem25.inf,%btath_a2dp_snk.devicedesc%;Bluetooth Audio Device *
- Lower filters
btath_avdt.sys

* @oem32.inf,%usb\vid_046d&pid_0826.devicedesc%;Logitech USB Camera (HD Webcam C525) *
- Lower filters
CompFilter64.sys

* @oem34.inf,%usb\vid_046d&pid_0826.devicedesc%;HD Webcam C525 *
- Upper filters
lvrs64.sys

* @oem39.inf,%usbmotccgp%;Motorola USB Composite Device *
- Upper filters
MotoSwitchService.sys

* @oem42.inf,%motousbnet.devicedesc%;Motorola USB Networking Driver *
- Upper filters
MotoSwitchService.sys
BTCFilterService.sys

* @oem50.inf,%ssud.devicedesc%;SAMSUNG Mobile USB Modem *
- Lower filters
ssudmdm.sys

* @tdibth.inf,%rfcomm.displayname%;Bluetooth Device (RFCOMM Protocol TDI) *
- Upper filters
BthEnum.sys

* DSC-WX150 *
- Lower filters
WinUsb.sys

* SPH-L720 *
- Lower filters
WinUsb.sys

* XT897 *
- Lower filters
WinUsb.sys



--------------------

Print monitors (8):

EPSON WorkForce 610 Series 64MonitorBA - E_ILMFJA.DLL
EpsonNet Print Port - enppmon.dll
Local Port - localspl.dll
Microsoft Shared Fax Monitor - FXSMON.DLL
ssa3m Langmon - ssa3mlm.dll
Standard TCP/IP Port - tcpmon.dll
USB Monitor - usbmon.dll
WSD Port - WSDMon.dll

--------------------

WinLogon autoruns:

UserInit = userinit.exe,
VmApplet = SystemPropertiesPerformance.exe /pagefile

[Group policy extensions (16)]
Wireless Group Policy = wlgpclnt.dll
Folder Redirection = fdeploy.dll
Microsoft Disk Quota = %SystemRoot%\System32\dskquota.dll
QoS Packet Scheduler = gptext.dll
Internet Explorer Zonemapping = C:\Windows\SysWOW64\iedkcs32.dll
Windows Search Group Policy Extension = %SystemRoot%\System32\srchadmin.dll
Internet Explorer User Accelerators = C:\Windows\SysWOW64\iedkcs32.dll
Security = scecli.dll
Deployed Printer Connections = %systemroot%\system32\gpprnext.dll
Internet Explorer Branding = C:\Windows\SysWOW64\iedkcs32.dll
802.3 Group Policy = dot3gpclnt.dll
TCPIP = gptext.dll
Internet Explorer Machine Accelerators = C:\Windows\SysWOW64\iedkcs32.dll
IP Security = %SystemRoot%\System32\polstore.dll
Enterprise QoS = gptext.dll
CP = gptext.dll

--------------------

Policies:

[This user]
* Alternate policies *
- Software\Microsoft\Windows\CurrentVersion\policies\Ext (1)
ListBox_Support_CLSID = dword: 1



[All users]
* Primary policies *
- Software\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown\cDefaultExecMenuItems (78)
tWhiteList = Close
GeneralInfo
Quit
FirstPage
PrevPage
NextPage
LastPage
ActualSize
FitPage
FitWidth
FitHeight
SinglePage
OneColumn
TwoPages
TwoColumns
ZoomViewIn
ZoomViewOut
ShowHideBookmarks
ShowHideThumbnails
Print
GoToPage
ZoomTo
GeneralPrefs
SaveAs
FullScreenMode
OpenOrganizer
Scan
Web2PDF:OpnURL
AcroSendMail:SendMail
Spelling:Check Spelling
PageSetup
Find
FindSearch
GoBack
GoForward
FitVisible
ShowHideArticles
ShowHideFileAttachment
ShowHideAnnotManager
ShowHideFields
ShowHideOptCont
ShowHideModelTree
ShowHideSignatures
InsertPages
ExtractPages
ReplacePages
DeletePages
CropPages
RotatePages
AddFileAttachment
FindCurrentBookmark
BookmarkShowLocation
GoBackDoc
GoForwardDoc
DocHelpUserGuide
HelpReader
rolReadPage
HandMenuItem
ZoomDragMenuItem
CollectionPreview
CollectionHome
CollectionDetails
CollectionShowRoot
&Pages
Co&ntent
&Forms
Action &Wizard
Recognize &Text
P&rotection
&Sign && Certify
Doc&ument Processing
Print Pro&duction
Ja&vaScript
&Accessibility
Analy&ze
&Annotations
D&rawing Markups
Revie&w

- Software\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown\cDefaultFindAttachmentPerms (73)
tSearchAttachmentsWhiteList = 3g2
3gp
3gpp
3gpp2
aac
ac3
aif
aiff
ani
asf
avi
bmp
cdr
cur
divx
djvu
doc
docx
dv
emf
eps
flv
f4v
gif
ico
iff
jbig2
jp2
jpeg
jpg
m2v
m4a
m4b
m4p
m4v
mid
mkv
mov
mpa
mp2
mp3
mp4
mts
nsv
ogg
ogm
ogv
pbm
pgm
png
ppm
ppt
pptx
ps
psd
qt
rtf
riff
svg
tif
ts
txt
ram
rm
rmvb
vob
wav
wma
wmf
wmv
xmb
xls
xlsx

- Software\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown\cDefaultLaunchAttachmentPerms (105)
tBuiltInPermList = version:1
.ade:3
.adp:3
.app:3
.arc:3
.arj:3
.asp:3
.bas:3
.bat:3
.bz:3
.bz2:3
.cab:3
.chm:3
.class:3
.cmd:3
.com:3
.command:3
.cpl:3
.crt:3
.csh:3
.desktop:3
.dll:3
.exe:3
.fxp:3
.gz:3
.hex:3
.hlp:3
.hqx:3
.hta:3
.inf:3
.ini:3
.ins:3
.isp:3
.its:3
.job:3
.js:3
.jse:3
.ksh:3
.lnk:3
.lzh:3
.mad:3
.maf:3
.mag:3
.mam:3
.maq:3
.mar:3
.mas:3
.mat:3
.mau:3
.mav:3
.maw:3
.mda:3
.mdb:3
.mde:3
.mdt:3
.mdw:3
.mdz:3
.msc:3
.msi:3
.msp:3
.mst:3
.ocx:3
.ops:3
.pcd:3
.pi:3
.pif:3
.prf:3
.prg:3
.pst:3
.rar:3
.reg:3
.scf:3
.scr:3
.sct:3
.sea:3
.shb:3
.shs:3
.sit:3
.tar:3
.taz:3
.tgz:3
.tmp:3
.url:3
.vb:3
.vbe:3
.vbs:3
.vsmacros:3
.vss:3
.vst:3
.vsw:3
.webloc:3
.ws:3
.wsc:3
.wsf:3
.wsh:3
.z:3
.zip:3
.zlo:3
.zoo:3
.pdf:2
.fdf:2
.jar:3
.pkg:3
.tool:3
.term:3

- Software\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown\cDefaultLaunchURLPerms (32)
tFlashContentSchemeWhiteList = http
https
ftp
rtmp
rtmpe
rtmpt
rtmpte
rtmps
mailto
tSponsoredContentSchemeWhiteList = http
https
tSchemePerms = version:2
shell:3
hcp:3
ms-help:3
ms-its:3
ms-itss:3
its:3
mk:3
mhtml:3
help:3
disk:3
afp:3
disks:3
telnet:3
ssh:3
acrobat:2
mailto:2
file:1
rlogin:3
javascript:4
data:3

- Software\Policies\Microsoft\Peernet (1)
Disabled = dword: 0

- Software\Policies\Microsoft\Windows\EnhancedStorageDevices (1)
TCGSecurityActivationDisabled = dword: 0

- Software\Policies\Microsoft\Windows\Installer (1)
Logging = iwmoe

- Software\Policies\Microsoft\Windows\Network Connections (1)
NC_PersonalFirewallConfig = dword: 0

- Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator (1)
@ =

- Software\Policies\Microsoft\Windows\safer\codeidentifiers (1)
authenticodeenabled = dword: 0

- Software\Policies\Microsoft\Windows\WcmSvc\Local (4)
fBlockRoaming = dword: 0
fBlockNonDomain = dword: 0
fDisablePowerManagement = dword: 0
fMinimizeConnections = dword: 1

- Software\Policies\Microsoft\Windows NT\Terminal Services\Client (3)
fEnableUsbNoAckIsochWriteToDevice = dword: 80
fEnableUsbBlockDeviceBySetupClass = dword: 1
fEnableUsbSelectDeviceByInterface = dword: 1

- Software\Policies\Microsoft\Windows NT\Terminal Services\Client\UsbBlockDeviceBySetupClasses (1)
1000 = {3376f4ce-ff8d-40a2-a80f-bb4359d1415c}

- Software\Policies\Microsoft\Windows NT\Terminal Services\Client\UsbSelectDeviceByInterfaces (1)
1000 = {6bdd1fc6-810f-11d0-bec7-08002be2092f}

- Software\Policies\Microsoft\Windows NT\Windows File Protection (1)
KnownDllList = nlhtml.dll

* Alternate policies *
- Software\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop (2)
NoComponents = dword: 1
NoAddingComponents = dword: 1

- Software\Microsoft\Windows\CurrentVersion\policies\Attachments (1)
ScanWithAntiVirus = dword: 3

- Software\Microsoft\Windows\CurrentVersion\policies\Explorer (3)
ForceActiveDesktopOn = dword: 0
NoActiveDesktopChanges = dword: 1
NoActiveDesktop = dword: 1

- Software\Microsoft\Windows\CurrentVersion\policies\NonEnum (3)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = dword: 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = dword: 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = dword: 32

- Software\Microsoft\Windows\CurrentVersion\policies\System (18)
EnableVirtualization = dword: 1
EnableInstallerDetection = dword: 1
PromptOnSecureDesktop = dword: 1
EnableLUA = dword: 1
EnableSecureUIAPaths = dword: 1
ConsentPromptBehaviorAdmin = dword: 5
ValidateAdminCodeSignatures = dword: 0
EnableUIADesktopToggle = dword: 0
EnableCursorSuppression = dword: 1
ConsentPromptBehaviorUser = dword: 3
dontdisplaylastusername = dword: 0
legalnoticecaption =
legalnoticetext =
scforceoption = dword: 0
shutdownwithoutlogon = dword: 1
undockwithoutlogon = dword: 1
FilterAdministratorToken = dword: 0
DisableCAD = dword: 1

- Software\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats (7)
CF_UNICODETEXT = dword: 13
CF_DIBV5 = dword: 17
CF_PALETTE = dword: 9
CF_BITMAP = dword: 2
CF_TEXT = dword: 1
CF_DIB = dword: 8
CF_OEMTEXT = dword: 7



--------------------

Browser Helper Objects (5):

Connect DLC 5 = {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} = C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll
Groove GFS Browser Helper = {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
McAfee SiteAdvisor BHO = {B164E929-A1B6-4A06-B104-2CD0E90A88FF} = c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
RoboForm BHO = {724d43a9-0d85-11d4-9908-00400523e39a} = C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
URLRedirectionBHO = {B4F3A835-0E21-4959-BA22-42B3008E02FF} = C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

--------------------

ActiveX objects (4):

DOTNETFRAMEWORKS - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
MailNews - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\system32\unregmp2.exe /FirstLogon
WMPACCESS - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

--------------------

Internet Explorer toolbars:

[All users (2)]
McAfee SiteAdvisor - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll

[This user]
* ShellBrowser (1) *
(no name) - ITBar7Layout - (no file)

* WebBrowser (1) *
&RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll


--------------------

Internet Explorer buttons/tools (5):

Send to OneNote - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
OneNote Lin&ked Notes - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

--------------------

Internet Explorer menu extensions:

[This user (6)]
Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

--------------------

Internet Explorer Bands (3):

Groove Folder Synchronization - {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
IE Search Band - {30D02401-6A81-11d0-8274-00C04FD5AE38} - C:\Windows\SysWOW64\ieframe.dll
- {EFA24E64-B078-11D0-89E4-00C04FC9E26E} -

--------------------

Downloaded Program Files (2):

Garmin Communicator Plug-In - Garmin Communicator Plug-In - (no file) - https://static.garmi...xControl_32.CAB
Shockwave ActiveX Control - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\Windows\SysWow64\Adobe\Director\SwDir_1204144.dll - http://download.macr...director/sw.cab

--------------------

URL search hooks:

[This user (2)]
Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll
Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll

--------------------

Explorer clones:

C:\Windows\explorer.exe
C:\Windows\system32\explorer.exe

--------------------

ContextMenuHandlers:

[* (7)]
BriefcaseMenu = {85BBD920-42A0-1069-A2E4-08002B30309D} = C:\Windows\system32\syncui.dll
NeroShellExt Class = {F764812A-132C-4013-9960-5CBBEB408A0E} = C:\Program Files (x86)\Common Files\Nero\NeroShellExt\\NeroShellExt.dll
Open With = {09799AFB-AD67-11d1-ABCD-00C04FC30936} = C:\Windows\system32\shell32.dll
Open With EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = C:\Windows\system32\shell32.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = C:\Windows\system32\ntshrui.dll
Taskband Pin = {90AA3A4E-1CBA-4233-B8BB-535773D48449} = C:\Windows\system32\shell32.dll
XXX Groove GFS Context Menu Handler XXX = {6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

[Drive (6)]
Disk Copy Extension = {59099400-57FF-11CE-BD94-0020AF85B590} = C:\Windows\system32\diskcopy.dll
NeroShellExt Class = {F764812A-132C-4013-9960-5CBBEB408A0E} = C:\Program Files (x86)\Common Files\Nero\NeroShellExt\\NeroShellExt.dll
Portable Devices Menu = {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} = C:\Windows\system32\wpdshext.dll
Previous Versions Property Page = {596AB062-B4D2-4215-9F74-E9109B0A8153} = C:\Windows\system32\twext.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = C:\Windows\system32\ntshrui.dll
ShellFolder for CD Burning = {fbeb8a05-beee-4442-804e-409d6c4515e9} = C:\Windows\system32\shell32.dll

[Folder (3)]
BriefcaseMenu = {85BBD920-42A0-1069-A2E4-08002B30309D} = C:\Windows\system32\syncui.dll
Library Location = {3dad6c5d-2167-4cae-9914-f99e41c12cfa} = C:\Windows\system32\shell32.dll
XXX Groove GFS Context Menu Handler XXX = {6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

[CompressedFolder (1)]
Compressed (zipped) Folder Context Menu = {b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} = C:\Windows\system32\zipfldr.dll

[Directory (5)]
EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = C:\Windows\system32\shell32.dll
NeroShellExt Class = {F764812A-132C-4013-9960-5CBBEB408A0E} = C:\Program Files (x86)\Common Files\Nero\NeroShellExt\\NeroShellExt.dll
Previous Versions Property Page = {596AB062-B4D2-4215-9F74-E9109B0A8153} = C:\Windows\system32\twext.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = C:\Windows\system32\ntshrui.dll
XXX Groove GFS Context Menu Handler XXX = {6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

[Directory\Background (3)]
New = {D969A300-E7FF-11d0-A93B-00A0C90F2719} = C:\Windows\system32\shell32.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = C:\Windows\system32\ntshrui.dll
XXX Groove GFS Context Menu Handler XXX = {6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

[InternetShortcut (1)]
Internet Shortcut = {FBF23B40-E3F0-101B-8488-00AA003E56F8} = C:\Windows\SysWOW64\ieframe.dll

[AllFileSystemObjects (6)]
CopyAsPathMenu = {f3d06e7c-1e45-4a26-847e-f9fcdee59be0} = C:\Windows\system32\shell32.dll
MWLIVShellExt = {B1B294FE-EC1E-4fef-AF68-D34CE3E38157} = C:\Program Files (x86)\EgisTec MyWinLocker\MWLIVShellExt.dll
Previous Versions Property Page = {596AB062-B4D2-4215-9F74-E9109B0A8153} = C:\Windows\system32\twext.dll
SendTo = {7BA4C740-9E81-11CF-99D3-00AA004AE837} = C:\Windows\system32\shell32.dll
ShredderContextMenu = {521065F1-DE6C-4E46-BBCB-89B0D0BE860D} = C:\Program Files (x86)\EgisTec Shredder\x86\ShredderContextMenu.dll
XXX Groove GFS Context Menu Handler XXX = {6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

--------------------

ColumnHandlers (1):

PDF Shell Extension - {F9DB5320-233E-11D1-9F84-707F02C10627} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

--------------------

ShellExecuteHooks (1):

Groove GFS Stub Execution Hook = {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

--------------------

Approved Shell Extensions:

[All users (40)]
.contact shell extension handler - {8082C5E6-4C27-48ec-A809-B8E1122E8F97} - %CommonProgramFiles%\System\wab32.dll
.group shell extension handler - {4F58F63F-244B-4c07-B29F-210BE59BE9B4} - %CommonProgramFiles%\System\wab32.dll
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} - {506F4668-F13E-4AA1-BB04-B43203AB3CC0} - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
{D66DC78C-4F61-447F-942B-3FB6980118CF} - {D66DC78C-4F61-447F-942B-3FB6980118CF} - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
Code Download Agent - {7D559C10-9FE9-11d0-93F7-00AA0059CE02} - C:\Windows\SysWOW64\webcheck.dll
contact_wab_auto_file - {CF67796C-F57F-45F8-92FB-AD698826C602} - %CommonProgramFiles%\System\wab32.dll
Contacts folder - {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} -
DLNA Namespace Extension - {289AF617-1CC3-42A6-926C-E6A863F0E3BA} - C:\Windows\SysWOW64\dlnashext.dll
Groove Explorer Icon Overlay 1 (GFS Unread Stub) - {99FD978C-D287-4F50-827F-B2C658EDA8E7} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Groove Explorer Icon Overlay 2 (GFS Stub) - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) - {920E6DB1-9907-4370-B3A0-BAFC03D81399} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Groove Explorer Icon Overlay 3 (GFS Folder) - {16F3DD56-1AF5-4347-846D-7C10C4192619} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Groove Explorer Icon Overlay 4 (GFS Unread Mark) - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Groove GFS Context Menu Handler - {6C467336-8281-4E60-8204-430CED96822D} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Groove GFS Explorer Bar - {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Groove GFS Stub Icon Handler - {A449600E-1DC6-4232-B948-9BD794D62056} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Groove Namespace Extension - {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Groove XML Icon Handler - {387E725D-DC16-4D76-B310-2C93ED4752A0} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
group_wab_auto_file - {16C2C29D-0E5F-45f3-A445-03E03F587B7D} - %CommonProgramFiles%\System\wab32.dll
Microsoft Camera Raw Property Store - {3DBEE9A1-C471-4B95-BBCA-F39310064458} - C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
Microsoft Office HTML Icon Handler - {42042206-2D85-11D3-8CFF-005004838597} - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll
Microsoft Office Metadata Handler - {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
Microsoft Office Thumbnail Handler - {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
Microsoft OneNote Namespace Extension for Windows Desktop Search - {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL
Microsoft Outlook Custom Icon Handler - {0006F045-0000-0000-C000-000000000046} - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL
Microsoft Outlook Desktop Icon Handler - {00020D75-0000-0000-C000-000000000046} - C:\PROGRA~2\MICROS~1\Office14\MLSHEXT.DLL
Microsoft Windows Mail Html Preview Handler - {92dbad9f-5025-49b0-9078-2d78f935e341} - C:\Windows\SysWOW64\inetcomm.dll
Microsoft Windows Mail Html Preview Handler - {b9815375-5d7f-4ce2-9245-c9d4da436930} - C:\Windows\SysWOW64\inetcomm.dll
Microsoft Windows Mail Html Preview Handler - {BFD468D2-D0A0-4bdc-878C-E69C2F5B435D} - C:\Windows\SysWOW64\inetcomm.dll
Microsoft Windows Mail Html Preview Handler - {f8b8412b-dea3-4130-b36c-5e8be73106ac} - C:\Windows\SysWOW64\inetcomm.dll
Nero Shell Extension - {F764812A-132C-4013-9960-5CBBEB408A0E} - C:\Program Files (x86)\Common Files\Nero\NeroShellExt\\NeroShellExt.dll
Shell extensions for Windows Script Host - {60254CA5-953B-11CF-8C96-00AA00B8708C} - C:\Windows\SysWOW64\wshext.dll
Subscription Folder - {F5175861-2688-11d0-9C5E-00AA00A45957} - C:\Windows\SysWOW64\webcheck.dll
Subscription Mgr - {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} - C:\Windows\SysWOW64\webcheck.dll
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -
WebCheck SyncMgr Handler - {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} - C:\Windows\SysWOW64\webcheck.dll
WebCheckWebCrawler - {08165EA0-E946-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll
Windows Contact Preview Handler - {13D3C4B8-B179-4ebb-BF62-F704173E7448} - %CommonProgramFiles%\System\wab32.dll

--------------------

Registry 'Run' keys:

[User Run]
BackgroundContainer = "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\angbo_000\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
DW7 = "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
ISUSPM = C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
RoboForm = "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
WinPatrol = C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
WorkForce 610(Network) = C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\Windows\TEMP\E_S8C2E.tmp" /EF "HKCU"

[System Run]
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
BCSSync = "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
DNS7reminder = "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
EEventManager = C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mcpltui_exe = "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mcui_exe = "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
Norton Online Backup = C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
Starter = C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe

--------------------

Protocols:

[Pluggable MIME filters (5)]
application/octet-stream = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = C:\Windows\SysWOW64\mscoree.dll
application/x-complus = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = C:\Windows\SysWOW64\mscoree.dll
application/x-mfe-ipt = {3EF5086B-5478-4598-A054-786C45D75692} = c:\PROGRA~2\mcafee\msc\mcsniepl.dll
application/x-msdownload = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = C:\Windows\SysWOW64\mscoree.dll
text/xml = {807573E5-5146-11D5-A672-00B0D022E945} = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

[Protocol handlers (20)]
about = {3050F406-98B5-11CF-BB82-00AA00BDCE0B} = C:\Windows\SysWOW64\mshtml.dll
cdl = {3dd53d40-7b8b-11D0-b013-00aa0059ce02} = C:\Windows\SysWOW64\urlmon.dll
dssrequest = {5513F07E-936B-4E52-9B00-067394E91CC5} = c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
dvd = {12D51199-0DB5-46FE-A120-47A3D7D937CC} = C:\Windows\SysWOW64\msvidctl.dll
file = {79eac9e7-baf9-11ce-8c82-00aa004ba90b} = C:\Windows\SysWOW64\urlmon.dll
ftp = {79eac9e3-baf9-11ce-8c82-00aa004ba90b} = C:\Windows\SysWOW64\urlmon.dll
http = {79eac9e2-baf9-11ce-8c82-00aa004ba90b} = C:\Windows\SysWOW64\urlmon.dll
https = {79eac9e5-baf9-11ce-8c82-00aa004ba90b} = C:\Windows\SysWOW64\urlmon.dll
its = {9D148291-B9C8-11D0-A4CC-0000F80149F6} = C:\Windows\SysWOW64\itss.dll
javascript = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} = C:\Windows\SysWOW64\mshtml.dll
local = {79eac9e7-baf9-11ce-8c82-00aa004ba90b} = C:\Windows\SysWOW64\urlmon.dll
mailto = {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} = C:\Windows\SysWOW64\mshtml.dll
mhtml = {05300401-BCBC-11d0-85E3-00C04FD85AB4} = C:\Windows\SysWOW64\inetcomm.dll
mk = {79eac9e6-baf9-11ce-8c82-00aa004ba90b} = C:\Windows\SysWOW64\urlmon.dll
ms-help = {314111c7-a502-11d2-bbca-00c04f8ec294} = C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
ms-its = {9D148291-B9C8-11D0-A4CC-0000F80149F6} = C:\Windows\SysWOW64\itss.dll
res = {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} = C:\Windows\SysWOW64\mshtml.dll
sacore = {5513F07E-936B-4E52-9B00-067394E91CC5} = c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
tv = {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} = C:\Windows\SysWOW64\msvidctl.dll
vbscript = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} = C:\Windows\SysWOW64\mshtml.dll

--------------------

WOW compatibility:

[KnownDlls (32-bit) (32)]
advapi32.dll
clbcatq.dll
combase.dll
COMDLG32.dll
difxapi.dll
gdi32.dll
gdiplus.dll
IERTUTIL.dll
IMAGEHLP.dll
IMM32.dll
kernel32.dll
LPK.dll
MSCTF.dll
MSVCRT.dll
NORMALIZ.dll
NSI.dll
ole32.dll
OLEAUT32.dll
PSAPI.DLL
rpcrt4.dll
sechost.dll
Setupapi.dll
SHELL32.dll
SHLWAPI.dll
URLMON.dll
user32.dll
WININET.dll
WLDAP32.dll
Wow64.dll
Wow64cpu.dll
Wow64win.dll
WS2_32.dll

--------------------

Winsock LSP:

[Protocols (9)]
MSAFD Tcpip [TCP/IP] - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} - C:\Windows\system32\mswsock.dll
MSAFD Tcpip [UDP/IP] - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} - C:\Windows\system32\mswsock.dll
MSAFD Tcpip [TCP/IPv6] - {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4} - C:\Windows\system32\mswsock.dll
MSAFD Tcpip [UDP/IPv6] - {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4} - C:\Windows\system32\mswsock.dll
RSVP TCPv6 Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\Windows\system32\mswsock.dll
RSVP TCP Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\Windows\system32\mswsock.dll
RSVP UDPv6 Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\Windows\system32\mswsock.dll
RSVP UDP Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\Windows\system32\mswsock.dll
MSAFD RfComm [Bluetooth] - {9FC48064-7298-43E4-B7BD-181F2089792A} - C:\Windows\system32\mswsock.dll

[Namespace Providers (7)]
E-mail Naming Shim Provider - {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE} -
PNRP Cloud Namespace Provider - {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D} -
PNRP Name Namespace Provider - {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D} -
Network Location Awareness Legacy (NLAv1) Namespace - {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} -
Tcpip - {22059D40-7E9E-11CF-AE5A-00AA00A7112B} -
NTDS - {3B2637EE-E580-11CF-A555-00C04FD8D4AC} -
Bluetooth Namespace - {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D} - C:\Windows\system32\wshbth.dll

--------------------

Hijack points:

[Reset web settings URLs]
SearchAssistant =
CustomizeSearch =
START_PAGE_URL =
SEARCH_PAGE_URL =
MS_START_PAGE_URL =

[Internet Explorer URLs]
* This user *
- Internet Explorer\Main (4)
Default_Page_Url = http://acer13.msn.com
Local Page = C:\Windows\system32\blank.htm
Search Page = http://go.microsoft....k/?LinkId=54896
Start Page = https://us-mg6.mail....d=b7kgkshafvve0

* All users *
- Internet Explorer\Main (5)
Default_Page_Url = http://go.microsoft..../?LinkId=255141
Default_Search_Url = http://go.microsoft....k/?LinkId=54896
Local Page = C:\Windows\SysWOW64\blank.htm
Search Page = http://go.microsoft....k/?LinkId=54896
Start Page = http://go.microsoft..../?LinkId=255141

- Internet Explorer\AboutURLs (6)
blank = res://mshtml.dll/blank.htm
DesktopItemNavigationFailure = res://ieframe.dll/navcancl.htm
NavigationCanceled = res://ieframe.dll/navcancl.htm
NavigationFailure = res://ieframe.dll/navcancl.htm
OfflineInformation = res://ieframe.dll/offcancl.htm
PostNotCached = res://ieframe.dll/repost.htm



[Default URL prefixes]
default = http://
ftp = ftp://
home = http://
mosaic = http://
www = http://

[Hosts file location]
DatabasePath = C:\Windows\System32\drivers\etc\hosts

--------------------

Protection & disabled items:

[ActiveX killbits (172)]
&Address - {01E04581-4EEE-11d0-BFE9-00AA005B4383} - C:\Windows\system32\explorerframe.dll
(no name) - {35cec8a3-2be6-11d2-8773-92e220524153} - C:\Windows\system32\stobject.dll
(no name) - {53C74826-AB99-4D33-ACA4-3117F51D3788} - C:\Windows\system32\shell32.dll
(no name) - {b4b3aecb-dfd6-11d1-9daa-00805f85cfe3} - C:\Windows\system32\clbcatq.dll
(no name) - {e846f0a0-d367-11d1-8286-00a0c9231c29} - C:\Windows\SysWOW64\catsrvut.dll
(no name) - {FEF10FA2-355E-4E06-9381-9B24D7F7CC88} - C:\Windows\system32\shell32.dll
ACM Class Manager - {33d9a761-90c8-11d0-bd43-00a0c911ce86} - C:\Windows\SysWOW64\devenum.dll
ActiveMovie Filter Class Manager - {083863F1-70DE-11d0-BD40-00A0C911CE86} - C:\Windows\SysWOW64\devenum.dll
ADODB.Stream - {00000566-0000-0010-8000-00AA006D2EA4} - C:\Program Files (x86)\Common Files\System\ado\msado15.dll
Analog Audio Component Type - {28AB0005-E845-4FFA-AA9B-F4665236141C} - C:\Windows\SysWOW64\msvidctl.dll
ATSC Tune Request Location Information - {8872FF1B-98FA-4D7A-8D93-C9F1055F85BB} - C:\Windows\SysWOW64\msvidctl.dll
Audio Renderers Collection Class - {C5702CCF-9B79-11D3-B654-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
BDA Data Services Feature Segment - {334125C0-77E5-11d3-B653-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuner Device Segment - {A2E3074E-6C3D-11D3-B653-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Analog Locator - {49638B91-48AB-48B7-A47A-7D0E75A08EDE} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Analog Radio Tuning Space - {8A674B4C-1F63-11D3-B64C-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Analog TV Tuning Space - {8A674B4D-1F63-11D3-B64C-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model ATSC Channel Tune Request - {0369B4E6-45B6-11D3-B650-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model ATSC Component Type Class (Broadcast Substream Type) - {A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model ATSC Tuning Space - {A2E30750-6C3D-11D3-B653-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Auxiliary Inputs Tuning Space - {F9769A06-7ACA-4E39-9CFB-97BB35F0E77E} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Channel ID Tune Request - {3A9428A7-31A4-45E9-9EFB-E055BF7BB3DB} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Channel ID Tuning Space - {CC829A2F-3365-463F-AF13-81DBB6F3A555} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Channel Tune Request - {0369B4E5-45B6-11D3-B650-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Component Class(Broadcast Substream) - {59DC47A8-116C-11D3-9D8E-00C04F72D980} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Component Type Class (Broadcast Substream Type) - {823535A0-0318-11D3-9D8E-00C04F72D980} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Digital Cable Locator - {03C06416-D127-407A-AB4C-FDD279ABBE5D} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Digital Cable Tune Request - {26EC0B63-AA90-458A-8DF4-5659F2C8A18A} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Digital Cable Tuning Space - {D9BB4CEE-B87A-47F1-AC92-B08D9C7813FC} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model DVB Cable Locator - {C531D9FD-9685-4028-8B68-6E1232079F1E} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model DVB Satellite Locator - {1DF7D126-4050-47F0-A7CF-4C4CA9241333} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model DVB Terrestrial Locator - {9CD64701-BDF3-4D14-8E03-F12983D86664} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model DVB Tune Request - {15D6504A-5494-499C-886C-973C9E53B9F1} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model DVB Tuning Space - {C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model DVB-Satellite Tuning Space - {B64016F3-C9A2-4066-96F0-BD9563314726} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model Language Component Type Class (Broadcast Substream Type) - {1BE49F30-0E1B-11D3-9D8E-00C04F72D980} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model MPEG2 Component Class (Broadcast Substream) - {055CB2D7-2969-45CD-914B-76890722F112} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model MPEG2 Component Type Class (Broadcast Substream Type) - {418008F3-CF67-4668-9628-10DC52BE1D08} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model MPEG2 Tune Request - {0955AC62-BF2E-4CBA-A2B9-A63F772D46CF} - C:\Windows\SysWOW64\msvidctl.dll
BDA Tuning Model MPEG2 Tune Request Factory - {2C63E4EB-4CEA-41B8-919C-E947EA19A77C} - C:\Windows\SysWOW64\msvidctl.dll
Briefcase - {85bbd920-42a0-1069-a2e4-08002b30309d} - C:\Windows\system32\syncui.dll
cfw Class - {ECABAFC0-7F19-11D2-978E-0000F8757E2A} - C:\Windows\SysWOW64\comsvcs.dll
Closed Captions Analysis Feature Segment - {86151827-E47B-45EE-8421-D10E6E690979} - C:\Windows\SysWOW64\msvidctl.dll
ColleagueImportAddIn Class - {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120} - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\ColleagueImport.dll
Collection of all the available BDA Tuning Model Tuning Space objects on this system - {D02AAC50-027E-11D3-9D8E-00C04F72D980} - C:\Windows\SysWOW64\msvidctl.dll
Collection of BDA Tuning Model Component Types(Broadcast Substream Types) - {A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980} - C:\Windows\SysWOW64\msvidctl.dll
Collection of BDA Tuning Model Components(Broadcast Substreams) - {809B6661-94C4-49E6-B6EC-3F0F862215AA} - C:\Windows\SysWOW64\msvidctl.dll
Custom Composition Segment from Data Services to Time Shift Sink - {38F03426-E83B-4E68-B65B-DCAE73304838} - C:\Windows\SysWOW64\msvidctl.dll
Custom Composition Segment from Encoder to Time Shift Sink - {A0B9B497-AFBC-45AD-A8A6-9B077C40D4F2} - C:\Windows\SysWOW64\msvidctl.dll
Custom Composition Segment from iTV to Stream Buffer Source - {92B94828-1AF7-4E6E-9EBF-770657F77AF5} - C:\Windows\SysWOW64\msvidctl.dll
Custom Composition Segment from Legacy Analog Tv Tuner Device Segment to Data Services Feature Segment - {C5702CD6-9B79-11D3-B654-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
Custom Composition Segment from Legacy Analog Tv Tuner Device Segment to Standard Video Renderer Device Segment - {E18AF75A-08AF-11D3-B64A-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
Custom Composition Segment from WebDVD Device Segment to Standard Video Renderer Device Segment - {267DB0B3-55E3-4902-949B-DF8F5CEC0191} - C:\Windows\SysWOW64\msvidctl.dll
Developer Tools - {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
Developer Tools - {8FE85D00-4647-40B9-87E4-5EB8A52F4759} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
DigitalCable Class - {ABBA001B-3075-11D6-88A4-00B0D0200F88} - C:\Windows\SysWOW64\psisdecd.dll
DirectSR Class - {4E3D9D1F-0C63-11D1-8BFB-0060081841DE} - C:\Windows\speech\Xlisten.dll
DirectSS Class - {EEE78591-FE22-11D0-8BEF-0060081841DE} - C:\Windows\speech\XVoice.dll
DirectX Transform Wrapper Property Page - {1B544C24-FD0B-11CE-8C63-00AA0044B520} - C:\Windows\SysWOW64\qedit.dll
Encoder Feature Segment - {BB530C63-D9DF-4B49-9439-63453962E598} - C:\Windows\SysWOW64\msvidctl.dll
Features Collection Class - {C5702CD0-9B79-11D3-B654-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
File Playback Device Segment - {37B0353C-A4C8-11D2-B634-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
Generic Graph Composition Segment - {2764BCE5-CC39-11D2-B639-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
Generic Sink Segment - {4A5869CF-929D-4040-AE03-FCAFC5B9CD42} - C:\Windows\SysWOW64\msvidctl.dll
HHCtrl Object - {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} - C:\Windows\SysWOW64\hhctrl.ocx
HHCtrl Object - {ADB880A6-D8FF-11CF-9377-00AA003B7A11} - C:\Windows\SysWOW64\hhctrl.ocx
IAVIStream & IAVIFile Proxy - {0002000D-0000-0000-C000-000000000046} - C:\Windows\SysWOW64\avifil32.dll
ICM Class Manager - {33d9a760-90c8-11d0-bd43-00a0c911ce86} - C:\Windows\SysWOW64\devenum.dll
Input Devices Collection Class - {C5702CCC-9B79-11D3-B654-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
iTV Capture Feature Segment - {5740A302-EF0B-45CE-BF3B-4470A14A8980} - C:\Windows\SysWOW64\msvidctl.dll
iTV Playback Feature Segment - {9E797ED0-5253-4243-A9B7-BD06C58F8EF3} - C:\Windows\SysWOW64\msvidctl.dll
Legacy Analog TV Tuner Device Segment - {1C15D484-911D-11D2-B632-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
LexRefBilingualTextContext Class - {75C11604-5C51-48B2-B786-DF5E51D10EC9} - C:\Program Files (x86)\Common Files\Microsoft Shared\TRANSLAT\MSB1CORE.DLL
LexRefStEsObject Class - {4CFB5280-800B-4367-848F-5A13EBF27F1D} - C:\Program Files (x86)\Common Files\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.DLL
LexRefStFrObject Class - {B3E0E785-BD78-4366-9560-B7DABE2723BE} - C:\Program Files (x86)\Common Files\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.DLL
LW Identities - {A9AE6C91-1D1B-11D2-B21A-00C04FA357FA} - C:\Windows\system32\msident.dll
Media Streaming Dynamic Terminal - {AED6483F-3304-11D2-86F1-006008B0E5D2} - C:\Windows\SysWOW64\termmgr.dll
MessageMover Class - {ecabb0bf-7f19-11d2-978e-0000f8757e2a} - C:\Windows\SysWOW64\comsvcs.dll
Microsoft Common Browser Architecture - {AF604EFE-8897-11D1-B944-00A0C90312E1} - C:\Windows\system32\explorerframe.dll
Microsoft DocHost User Interface Handler - {7057e952-bd1b-11d1-8919-00c04fc2c836} - C:\Windows\SysWOW64\ieframe.dll
Microsoft HTA Document 6.0 - {3050F5C8-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Microsoft Html Document for Popup Window - {3050F67D-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Microsoft Html Popup Window - {3050f667-98b5-11cf-bb82-00aa00bdce0b} - C:\Windows\SysWOW64\mshtml.dll
Microsoft HTML Window Security Proxy - {3050F391-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Microsoft ImageComboBox Control, version 6.0 - {DD9DA666-8594-11D1-B16A-00C0F0283628} - C:\Windows\SysWOW64\MSCOMCTL.OCX
Microsoft ImageList Control, version 6.0 - {2C247F23-8591-11D1-B16A-00C0F0283628} - C:\Windows\SysWOW64\MSCOMCTL.OCX
Microsoft ImageList Control, version 6.0 - {F91CAF91-225B-43A7-BB9E-472F991FC402} - C:\Windows\SysWOW64\MSCOMCTL.OCX
Microsoft ListView Control 6.0 (SP6) - {979127D3-7D01-4FDE-AF65-A698091468AF} - C:\Windows\SysWOW64\MSCOMCTL.OCX
Microsoft ListView Control, version 6.0 - {996BF5E0-8044-4650-ADEB-0B013914E99C} - C:\Windows\SysWOW64\MSCOMCTL.OCX
Microsoft ListView Control, version 6.0 - {BDD1F04B-858B-11D1-B16A-00C0F0283628} - C:\Windows\SysWOW64\MSCOMCTL.OCX
Microsoft ProgressBar Control, version 6.0 - {35053A22-8589-11D1-B16A-00C0F0283628} - C:\Windows\SysWOW64\MSCOMCTL.OCX
Microsoft RDP Client Control (redistributable) - version 3 - {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} - C:\Windows\system32\mstscax.dll
Microsoft RDP Client Control (redistributable) - version 4 - {7584c670-2274-4efb-b00b-d6aaba6d3850} - C:\Windows\system32\mstscax.dll
Microsoft RDP Client Control (redistributable) - version 5 - {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} - C:\Windows\system32\mstscax.dll
Microsoft Slider Control, version 6.0 - {F08DF954-8592-11D1-B16A-00C0F0283628} - C:\Windows\SysWOW64\MSCOMCTL.OCX
Microsoft StatusBar Control, version 6.0 - {627C8B79-918A-4C5C-9E19-20F66BF30B86} - C:\Windows\SysWOW64\MSCOMCTL.OCX
Microsoft StatusBar Control, version 6.0 - {8E3867A3-8586-11D1-B16A-00C0F0283628} - C:\Windows\SysWOW64\MSCOMCTL.OCX
Microsoft TabStrip Control, version 6.0 - {1EFB6596-857C-11D1-B16A-00C0F0283628} - C:\Windows\SysWOW64\MSCOMCTL.OCX
Microsoft TabStrip Control, version 6.0 - {24B224E0-9545-4A2F-ABD5-86AA8A849385} - C:\Windows\SysWOW64\MSCOMCTL.OCX
Microsoft Toolbar Control, version 6.0 - {66833FE6-8583-11D1-B16A-00C0F0283628} - C:\Windows\SysWOW64\MSCOMCTL.OCX
Microsoft Toolbar Control, version 6.0 - {7DC6F291-BF55-4E50-B619-EF672D9DCC58} - C:\Windows\SysWOW64\MSCOMCTL.OCX
Microsoft TreeView Control, version 6.0 - {9181DC5F-E07D-418A-ACA6-8EEA1ECB8E9E} - C:\Windows\SysWOW64\MSCOMCTL.OCX
Microsoft TreeView Control, version 6.0 - {C74190B6-8589-11D1-B16A-00C0F0283628} - C:\Windows\SysWOW64\MSCOMCTL.OCX
MidiOut Class Manager - {4efe2452-168a-11d1-bc76-00c04fb9453b} - C:\Windows\SysWOW64\devenum.dll
MMStream Class - {49C47CE5-9BA4-11D0-8212-00C04FC32C45} - C:\Windows\SysWOW64\amstream.dll
MS TV Video Control - {B0EDF163-910A-11D2-B632-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
MS Video Control Closed Captioning Feature Segment - {7F9CB14D-48E4-43B6-9346-1AEBC39C64D3} - C:\Windows\SysWOW64\msvidctl.dll
MS Video Control Closed Captioning SI Feature Segment - {92ED88BF-879E-448F-B6B6-A385BCEB846D} - C:\Windows\SysWOW64\msvidctl.dll
MSP Class - {4DDB6D36-3BC1-11D2-86F2-006008B0E5D2} - C:\Windows\SysWOW64\wavemsp.dll
MSVidCtl Analog Capture to Encoder Composition Segment - {28953661-0231-41DB-8986-21FF4388EE9B} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl Analog Capture to XDS Composition Segment - {3540D440-5B1D-49CB-821A-E84B8CF065A7} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl Analog TV to StreamBufferSource Composition Segment - {9F50E8B1-9530-4DDC-825E-1AF81D47AED6} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl CC to Audio Renderer Composition Segment - {D76334CA-D89E-4BAF-86AB-DDB59372AFC2} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl CC to Video Renderer Composition Segment - {C4BF2784-AE00-41BA-9828-9C953BD3C54A} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl Digital TV to CCA Composition Segment - {73D14237-B9DB-4EFA-A6DD-84350421FB2F} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl Digital TV to iTV Composition Segment - {5D8E73F7-4989-4AC8-8A98-39BA0D325302} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl Digital TV to StreamBufferSource Composition Segment - {ABE40035-27C3-4A2F-8153-6624471608AF} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl DVD to Audio Renderer Composition Segment - {8D04238E-9FD1-41C6-8DE3-9E1EE309E935} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl Enhanced Video Renderer(DX10) Segment - {C45268A2-FA81-4E19-B1E3-72EDBD60AEDA} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl FilePlayback to Audio Renderer Composition Segment - {CC23F537-18D4-4ECE-93BD-207A84726979} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl FilePlayback to Video Renderer Composition Segment - {B401C5EB-8457-427F-84EA-A4D2363364B0} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl MPEG2 Decoder to Closed Captioning Composition Segment - {6AD28EE1-5002-4E71-AAF7-BD077907B1A4} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl SBE Source to Closed Caption Composition Segment - {9193A8F9-0CBA-400E-AA97-EB4709164576} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl SBE Source to iTV Composition Segment - {2291478C-5EE3-4BEF-AB5D-B5FF2CF58352} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl SBE Source to Video Mixing Renderer Composition Segment - {3C4708DC-B181-46A8-8DA8-4AB0371758CD} - C:\Windows\SysWOW64\msvidctl.dll
MSVidCtl Stream Buffer Source To Generic Sink Composition segment - {991DA7E5-953F-435B-BE5E-B92A05EDFC42} - C:\Windows\SysWOW64\msvidctl.dll
MTSEvents Class - {ECABB0AB-7F19-11D2-978E-0000F8757E2A} - C:\Windows\SysWOW64\comsvcs.dll
Network Connections - {7007acc7-3202-11d1-aad2-00805fc1270e} - C:\Windows\System32\netshell.dll
Network Connections - {992cffa0-f557-101a-88ec-00dd010ccc48} - C:\Windows\System32\netshell.dll
Outlook Progress Ctl - {0006F071-0000-0000-C000-000000000046} - C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
Output Devices Collection Class - {C5702CCD-9B79-11D3-B654-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
PostBootReminder object - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\Windows\system32\shell32.dll
PSDispatch - {00020420-0000-0000-c000-000000000046} - C:\Windows\SysWOW64\oleaut32.dll
PSEnumVariant - {00020421-0000-0000-C000-000000000046} - C:\Windows\SysWOW64\oleaut32.dll
PSOAInterface - {00020424-0000-0000-c000-000000000046} - C:\Windows\SysWOW64\oleaut32.dll
PSSupportErrorInfo - {DF0B3D60-548F-101B-8E65-08002B2BD119} - C:\Windows\SysWOW64\oleaut32.dll
PSTypeComp - {00020425-0000-0000-C000-000000000046} - C:\Windows\SysWOW64\oleaut32.dll
PSTypeInfo - {00020422-0000-0000-C000-000000000046} - C:\Windows\SysWOW64\oleaut32.dll
PSTypeLib - {00020423-0000-0000-C000-000000000046} - C:\Windows\SysWOW64\oleaut32.dll
Queued Components Recorder - {ecabafc2-7f19-11d2-978e-0000f8757e2a} - C:\Windows\SysWOW64\comsvcs.dll
Script Encoder Object - {32DA2B15-CFED-11D1-B747-00C04FC2B085} - C:\Windows\SysWOW64\scrrun.dll
ShellFolder for CD Burning - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\Windows\system32\shell32.dll
Shockwave ActiveX Control - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\Windows\SysWow64\Adobe\Director\SwDir_1204144.dll
Shortcut - {00021401-0000-0000-C000-000000000046} - C:\Windows\SysWOW64\shell32.dll
SpSharedRecoContext Class - {47206204-5ECA-11D2-960F-00C04F8EE628} - C:\Windows\System32\Speech\Common\sapi.dll
SpSharedRecognizer Class - {3BEE4890-4FE9-4A37-8C1E-5E7E12791C1F} - C:\Windows\System32\Speech\Common\sapi.dll
Standard Audio Renderer Device Segment - {37B03544-A4C8-11D2-B634-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
Standard Video Renderer Device Segment - {37B03543-A4C8-11D2-B634-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
Stream Buffer Recording Control Object - {CAAFDD83-CEFC-4E3D-BA03-175F17A24F91} - C:\Windows\SysWOW64\msvidctl.dll
Stream Buffer Sink Segment - {9E77AAC4-35E5-42A1-BDC2-8F3FF399847C} - C:\Windows\SysWOW64\msvidctl.dll
Stream Buffer Source - {AD8E510D-217F-409B-8076-29C5E73B98E8} - C:\Windows\SysWOW64\msvidctl.dll
Stream Buffer V2 Source - {FD351EA1-4173-4AF4-821D-80D4AE979048} - C:\Windows\SysWOW64\MSVidCtl.dll
System Monitor Source Properties - {0CF32AA1-7571-11D0-93C4-00AA00A3DDEA} - C:\Windows\System32\sysmon.ocx
Tablet Tip Soft Keyboard Skin Class - {E94137E0-92ED-4579-9251-18AF2A08CCD1} - %CommonProgramFiles%\microsoft shared\ink\tipskins.dll
Trident HTMLEditor - {3050F4F5-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtmled.dll
Utility Object for Binding Events SubObjects in Script Variables - {577FAA18-4518-445E-8F70-1473F8CF4BA4} - C:\Windows\SysWOW64\msvidctl.dll
VFW Capture Class Manager - {860bb310-5d01-11d0-bd3b-00a0c911ce86} - C:\Windows\SysWOW64\devenum.dll
Video Effect (1 input) Class Manager - {cc7bfb42-f175-11d1-a392-00e0291f3959} - C:\Windows\SysWOW64\qedit.dll
Video Effect (2 input) Class Manager - {cc7bfb43-f175-11d1-a392-00e0291f3959} - C:\Windows\SysWOW64\qedit.dll
Video Mixing Renderer 9 - {51B4ABF3-748F-4E3B-A276-C828330E926A} - C:\Windows\SysWOW64\quartz.dll
Video Mixing Renderer 9 Device Segment - {24DC3975-09BF-4231-8655-3EE71F43837D} - C:\Windows\SysWOW64\msvidctl.dll
Video Render Dynamic Terminal - {AED6483E-3304-11D2-86F1-006008B0E5D2} - C:\Windows\SysWOW64\termmgr.dll
Video Renderers Collection Class - {C5702CCE-9B79-11D3-B654-00C04F79498E} - C:\Windows\SysWOW64\msvidctl.dll
VideoPort Object - {CE292861-FC88-11D0-9E69-00C04FD7C15B} - C:\Windows\SysWOW64\qdvd.dll
VMR Allocator Presenter 9 - {2D2E24CB-0CD5-458F-86EA-3E6FA22C8E64} - C:\Windows\SysWOW64\quartz.dll
VMR ImageSync 9 - {E4979309-7A32-495E-8A92-7B014AAD4961} - C:\Windows\SysWOW64\quartz.dll
WaveIn Class Manager - {33D9A762-90C8-11d0-BD43-00A0C911CE86} - C:\Windows\SysWOW64\devenum.dll
WaveOut and DSound Class Manager - {e0f158e1-cb04-11d0-bd4e-00a0c911ce86} - C:\Windows\SysWOW64\devenum.dll
WebDVD Adminitration class - {FA7C375B-66A7-4280-879D-FD459C84BB02} - C:\Windows\SysWOW64\msvidctl.dll
WebDVD Device Segment - {011B3619-FE63-4814-8A84-15A194CE9CE3} - C:\Windows\SysWOW64\msvidctl.dll
Windows Mail Address Book - {233A9694-667E-11d1-9DFB-006097D50408} - %ProgramFiles%\Windows Mail\msoe.dll
XDS Feature Segment - {0149EEDF-D08F-4142-8D73-D23903D21E90} - C:\Windows\SysWOW64\msvidctl.dll

[Stopped/disabled NT Services]
* Stopped (115) *
@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 = "%ProgramFiles%\Windows Defender\MsMpEng.exe"
@%SystemRoot%\servicing\TrustedInstaller.exe,-100 = C:\Windows\servicing\TrustedInstaller.exe
@%SystemRoot%\system32\aelupsvc.dll,-1 = C:\Windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\system32\Alg.exe,-112 = C:\Windows\System32\alg.exe
@%systemroot%\system32\appidsvc.dll,-100 = C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
@%systemroot%\system32\appinfo.dll,-100 = C:\Windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\System32\AUInstallAgent.dll,-101 = C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\system32\AxInstSV.dll,-103 = C:\Windows\system32\svchost.exe -k AxInstSVGroup
@%SystemRoot%\system32\bdesvc.dll,-100 = C:\Windows\System32\svchost.exe -k netsvcs
@%systemroot%\system32\browser.dll,-100 = C:\Windows\System32\svchost.exe -k netsvcs
@%SystemRoot%\System32\bthserv.dll,-101 = C:\Windows\system32\svchost.exe -k LocalService
@%SystemRoot%\System32\certprop.dll,-11 = C:\Windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\System32\certprop.dll,-13 = C:\Windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\system32\defragsvc.dll,-101 = C:\Windows\system32\svchost.exe -k defragsvc
@%SystemRoot%\system32\DeviceSetupManager.dll,-1000 = C:\Windows\system32\svchost.exe -k netsvcs
@%systemroot%\system32\dot3svc.dll,-1102 = C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
@%systemroot%\system32\eapsvc.dll,-1 = C:\Windows\System32\svchost.exe -k netsvcs
@%SystemRoot%\system32\efssvc.dll,-100 = C:\Windows\System32\lsass.exe
@%systemroot%\system32\fdPHost.dll,-100 = C:\Windows\system32\svchost.exe -k LocalService
@%systemroot%\system32\fdrespub.dll,-100 = C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
@%systemroot%\system32\fxsresm.dll,-118 = C:\Windows\system32\fxssvc.exe
@%SystemRoot%\System32\hidserv.dll,-101 = C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\system32\ipnathlp.dll,-106 = C:\Windows\System32\svchost.exe -k netsvcs
@%SystemRoot%\system32\iscsidsc.dll,-5000 = C:\Windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\system32\kmsvc.dll,-6 = C:\Windows\System32\svchost.exe -k netsvcs
@%SystemRoot%\System32\ListSvc.dll,-100 = C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\system32\lltdres.dll,-1 = C:\Windows\System32\svchost.exe -k LocalService
@%systemroot%\system32\Locator.exe,-2 = C:\Windows\system32\locator.exe
@%systemroot%\system32\mmcss.dll,-102 = C:\Windows\system32\svchost.exe -k LocalService
@%SystemRoot%\system32\msimsg.dll,-27 = C:\Windows\system32\msiexec.exe /V
@%SystemRoot%\system32\ncasvc.dll,-3009 = C:\Windows\System32\svchost.exe -k NetSvcs
@%SystemRoot%\system32\NcdAutoSetup.dll,-100 = C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
@%SystemRoot%\System32\netlogon.dll,-102 = C:\Windows\system32\lsass.exe
@%SystemRoot%\system32\netman.dll,-109 = C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\system32\netprofmsvc.dll,-202 = C:\Windows\System32\svchost.exe -k LocalService
@%SystemRoot%\system32\p2psvc.dll,-8006 = C:\Windows\System32\svchost.exe -k LocalServicePeerNet
@%systemroot%\system32\pla.dll,-500 = C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
@%SystemRoot%\system32\pnrpauto.dll,-8002 = C:\Windows\System32\svchost.exe -k LocalServicePeerNet
@%SystemRoot%\system32\pnrpsvc.dll,-8000 = C:\Windows\System32\svchost.exe -k LocalServicePeerNet
@%SystemRoot%\system32\pnrpsvc.dll,-8004 = C:\Windows\System32\svchost.exe -k LocalServicePeerNet
@%SystemRoot%\System32\polstore.dll,-5010 = C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
@%SystemRoot%\system32\PresentationHost.exe,-3309 = C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
@%SystemRoot%\System32\provsvc.dll,-100 = C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
@%SystemRoot%\system32\qagentrt.dll,-6 = C:\Windows\System32\svchost.exe -k NetworkService
@%SystemRoot%\system32\qwave.dll,-1 = %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation
@%Systemroot%\system32\rasauto.dll,-200 = C:\Windows\System32\svchost.exe -k netsvcs
@%Systemroot%\system32\rasmans.dll,-200 = C:\Windows\System32\svchost.exe -k netsvcs
@%SystemRoot%\system32\sdrsvc.dll,-107 = C:\Windows\system32\svchost.exe -k SDRSVC
@%SystemRoot%\system32\seclogon.dll,-7001 = %windir%\system32\svchost.exe -k netsvcs
@%SystemRoot%\System32\sensrsvc.dll,-1000 = C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
@%SystemRoot%\System32\SessEnv.dll,-1026 = C:\Windows\System32\svchost.exe -k netsvcs
@%SystemRoot%\system32\snmptrap.exe,-3 = C:\Windows\System32\snmptrap.exe
@%systemroot%\system32\ssdpsrv.dll,-100 = C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
@%SystemRoot%\system32\sstpsvc.dll,-200 = C:\Windows\system32\svchost.exe -k LocalService
@%SystemRoot%\System32\StorSvc.dll,-100 = C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\system32\svsvc.dll,-101 = C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\System32\swprv.dll,-103 = C:\Windows\System32\svchost.exe -k swprv
@%SystemRoot%\system32\TabSvc.dll,-100 = C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\system32\tapisrv.dll,-10100 = C:\Windows\System32\svchost.exe -k NetworkService
@%SystemRoot%\System32\termsrv.dll,-268 = C:\Windows\System32\svchost.exe -k NetworkService
@%SystemRoot%\system32\ui0detect.exe,-101 = C:\Windows\system32\UI0Detect.exe
@%SystemRoot%\system32\umpnpmgr.dll,-100 = C:\Windows\system32\svchost.exe -k DcomLaunch
@%SystemRoot%\system32\umpnpmgr.dll,-200 = C:\Windows\system32\svchost.exe -k DcomLaunch
@%SystemRoot%\system32\umrdp.dll,-1000 = C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
@%systemroot%\system32\upnphost.dll,-213 = C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
@%SystemRoot%\system32\vaultsvc.dll,-1003 = C:\Windows\system32\lsass.exe
@%SystemRoot%\system32\vds.exe,-100 = C:\Windows\System32\vds.exe
@%systemroot%\system32\vmicres.dll,-101 = C:\Windows\system32\svchost.exe -k ICService
@%systemroot%\system32\vmicres.dll,-201 = C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
@%systemroot%\system32\vmicres.dll,-301 = C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
@%systemroot%\system32\vmicres.dll,-401 = C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
@%systemroot%\system32\vmicres.dll,-501 = C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
@%systemroot%\system32\vmicres.dll,-601 = C:\Windows\system32\svchost.exe -k ICService
@%systemroot%\system32\vssvc.exe,-102 = C:\Windows\system32\vssvc.exe
@%SystemRoot%\system32\w32time.dll,-200 = C:\Windows\system32\svchost.exe -k LocalService
@%Systemroot%\system32\wbem\wmiapsrv.exe,-110 = C:\Windows\system32\wbem\WmiApSrv.exe
@%systemroot%\system32\wbengine.exe,-104 = "C:\Windows\system32\wbengine.exe"
@%systemroot%\system32\wbiosrvc.dll,-100 = C:\Windows\system32\svchost.exe -k WbioSvcGroup
@%SystemRoot%\system32\wcncsvc.dll,-3 = C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
@%SystemRoot%\system32\WcsPlugInService.dll,-200 = C:\Windows\system32\svchost.exe -k wcssvc
@%systemroot%\system32\wdi.dll,-500 = C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
@%systemroot%\system32\wdi.dll,-502 = C:\Windows\System32\svchost.exe -k LocalService
@%systemroot%\system32\webclnt.dll,-100 = C:\Windows\system32\svchost.exe -k LocalService
@%SystemRoot%\system32\wecsvc.dll,-200 = C:\Windows\system32\svchost.exe -k NetworkService
@%SystemRoot%\System32\wercplsupport.dll,-101 = C:\Windows\System32\svchost.exe -k netsvcs
@%SystemRoot%\System32\wersvc.dll,-100 = C:\Windows\System32\svchost.exe -k WerSvcGroup
@%SystemRoot%\system32\wiarpc.dll,-2 = C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\system32\winhttp.dll,-100 = C:\Windows\system32\svchost.exe -k LocalService
@%SystemRoot%\system32\wlidsvc.dll,-100 = C:\Windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\system32\wpcsvc.dll,-100 = C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
@%SystemRoot%\system32\wpdbusenum.dll,-100 = C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
@%Systemroot%\system32\wsmsvc.dll,-101 = C:\Windows\System32\svchost.exe -k NetworkService
@%SystemRoot%\system32\WSService.dll,-103 = C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
@%systemroot%\system32\wuaueng.dll,-105 = C:\Windows\system32\svchost.exe -k netsvcs
@%SystemRoot%\system32\wudfsvc.dll,-1000 = C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
@%SystemRoot%\System32\wwansvc.dll,-257 = C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
@%systemroot%\sysWow64\perfhost.exe,-2 = C:\Windows\SysWow64\perfhost.exe
@%windir%\system32\SystemEventsBrokerServer.dll,-1001 = C:\Windows\system32\svchost.exe -k netsvcs
@%windir%\system32\TimeBrokerServer.dll,-1001 = C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
@C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll,-1 = C:\Windows\system32\svchost.exe -k print
@comres.dll,-2797 = C:\Windows\System32\msdtc.exe
@comres.dll,-2946 = C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
@comres.dll,-947 = C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
@keyiso.dll,-100 = C:\Windows\system32\lsass.exe
EgisTec Ticket Service = C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
ePower Service = "C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe"
GamesAppService = "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe"
Intel® Content Protection HECI Service = C:\Windows\SysWow64\IntelCpHeciSvc.exe
McAfee Activation Service = c:\PROGRA~1\mcafee\msc\mcawfwk.exe
McAfee Scanner = "C:\Program Files\mcafee\VirusScan\mcods.exe"
McAfee Security Scan Component Host Service = "C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe"
Microsoft SharePoint Workspace Audit Service = "C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice
Mozilla Maintenance Service = "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
Office Source Engine = "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Office Software Protection Platform = "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"

* Stopped & disabled (6) *
@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8201 = C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
@%Systemroot%\system32\mprdim.dll,-200 = C:\Windows\System32\svchost.exe -k netsvcs
@%SystemRoot%\System32\SCardSvr.dll,-1 = C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
@regsvc.dll,-1 = C:\Windows\system32\svchost.exe -k localService
McAfee Application Installer Cleanup (0155901387325377) = C:\Windows\TEMP\015590~1.EXE -cleanup -nolog
McAfee OOBE Service = "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc



==================================================
= Other users on this computer: Default user =
==================================================
--------------------

Autostart folders:

[User Startup]
desktop.ini

--------------------

Registry 'Run' keys:

[User RunOnce]
IsMyWinLockerReboot = msiexec.exe /qn /x{voidguid}


==================================================
= Other users on this computer: SYSTEM =
==================================================
--------------------

Autostart folders:

[User Startup]
desktop.ini

--------------------

Registry 'Run' keys:

[User RunOnce]
IsMyWinLockerReboot = msiexec.exe /qn /x{voidguid}


--------------------------------------------------
End of report, 109,105 bytes

Commandline options:
/showempty - Show empty sections
/showcmts - Show comments in .bat files
/noshowclsids - Hide class IDs
/noshowprivate - Hide usernames and computer name
/noshowusers - Hide entries from other users
/noshowhardware - Hide entries from other hardware configurations
/showlargehosts - Show hosts file even when more than 1000 lines are in it
/showlargezones - Show Zones even when more than 1000 domains are in them
/autosave - Run hidden, automatically save a report and quit
/autosavepath: - Specify where to save log, when using /autosave.
Use surrounding quotes for paths with spaces.
  • 0

#9
Ztruker
Posted 22 December 2013 - 07:34 PM

Ztruker

    Member 5k

  • Technician
  • 7,091 posts
Wow, I forgot how much info StartupList provides. Conduit is definitely in there:


Services:
Search Protect by Conduit Updater = C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe

Registry 'Run' keys:
[User Run]
BackgroundContainer = "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\angbo_000\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun

Press the Window key + the R key to open a Run box.
Type msconfig and press Enter.
Click on the Services tab.
Check the Hide all Microsoft services box at eh bottom of the window then look for anything with Conduit, Search Protect or CltMngSvc in it. Disable by double clicking ion it, click on the Stop then change the Startup type to Disable.

Now click on the Start tab then look for anything with Conduit, Search Protect or CltMngSvc in it. Uncheck (Disable) any you find.
Reboot.

Open Windows Explorer or Computer.
Delete C:\Program Files (x86)\SearchProtect folder tree.
Delete C:\Users\angbo_000\AppData\Local\Conduit folder tree.

That should get rid of it.

I also noticed you have some probably unwanted Browser Helpers (toolbars and such) installed.
To get rid of them, open Internet Explorer. Click on the Gear icon at top right under the red X.
Select Manage add-ons.
Disable everything you don't specifically remember adding. If there are problems later you can always enable them, though I doubt you will have any.
Under Search Providers, make the one you want default then delete the rest, especially Conduit.

Let me know how you make out.
  • 0

#10
turnall
Posted 22 December 2013 - 10:06 PM

turnall

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
OK, I found one file in the services tab that I disabled and it doesn't show up now. I didn't see anything in the start tab- it took me to the task manager and I didn't see anything there. I deleted one of the files you mentioned, but didn't see this one:

Delete C:\Users\angbo_000\AppData\Local\Conduit folder tree

I also disabled a bunch of stuff under the IE add-ons as suggested.

When I restarted the computer, that pop-up box didn't appear.

I should also mention that I didn't know that my sig other decided to do the update my computer was prompting me to do when he used my computer this afternoon, and so I'm now updated to windows 8.1 I don't know if that affects anything, but just wanted to mention it.
  • 0

#11
Ztruker
Posted 23 December 2013 - 09:48 AM

Ztruker

    Member 5k

  • Technician
  • 7,091 posts
Sounds good. Hopefully that's the end of Conduit.

Take care and Merry Christmas.
  • 0

#12
turnall
Posted 23 December 2013 - 10:34 AM

turnall

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Thanks SOOO much for your help!! And a merry Christmas to you as well.
  • 0
Back to Windows 8 and 8.1 · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Operating Systems
  3. Windows 8 and 8.1

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP