Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Find Nsg3b.tmp


  • Please log in to reply
15 replies to this topic

#1 vomog1

vomog1

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 24 August 2007 - 04:42 AM

Hi all
When running XP sp2, I get the message "windows cannot find file nsg3B.tmp" What is it, and how do I get it sorted?
Cheers Vomog

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 24 August 2007 - 04:50 AM

I did a search for this file and the only hits I got were malware related. Did you recently remove any viruses or malware from your computer?

Typically when you get a virus it makes an entry in your registry instructing your computer to run the virus everytime you start. Your antivirus may have found the virus and deleted it, but this entry is still in your registry, which is why you are getting the error message. Using the AutoRuns utility you should be able to locate this entry and delete it.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Layback Bear

Layback Bear

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:01:27 PM

Posted 25 August 2007 - 07:03 AM

Thank you Budapest that is a great little program! This program should help a lot of people including vomog1.

#4 vomog1

vomog1
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 25 August 2007 - 08:29 AM

Thanks for that Budapest. The thing is: where do I start to look in "Autoruns" for this file?. It only pops up on bootup. and Autoruns, does not have the facility for me to specify the file I'm looking for. Or does it?
Cheers vomog1

#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 25 August 2007 - 08:39 AM

In AutoRuns program click on the "Everything" tab. Then press Ctrl+F, type in the file name "nsg3B.tmp" and see if anything comes up.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 vomog1

vomog1
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 26 August 2007 - 03:11 AM

Thanks Budapest. Unfortunately, nothing showed relating to this file. You're quite right though, I did remove a couple of trojans.
Vomog

#7 idk

idk

  • Members
  • 302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Auckland, New Zealand
  • Local time:07:27 AM

Posted 26 August 2007 - 04:13 AM

When my computer starts up, the first screen is the startup menu which is normally activated by pressing f8. Do you think autorun can remove the entry which makes it do that?

#8 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:02:27 PM

Posted 26 August 2007 - 06:30 AM

If the .tmp file can't be located, then it's likely that the virus writer was a bit smarter than the norm - and hid this launcher by launching something innocuous that would in turn launch the program that calls the .tmp file.

Try this free program to generate a list that you can post here for us to have a look at: http://www.spywareinfo.com/~merijn/programs.php#startuplist
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#9 qwerty9876

qwerty9876

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 26 August 2007 - 06:43 AM

Hi. sorry I didnt see this thread earlier. I have a thread on exactly the same thing, but its a different exe. Its PET32.exe

So ive followed what you said and here is a VERY long list.
StartupList report, 8/26/2007, 7:38:59 PM
StartupList version 2.02.0
Started from: C:\Autoruns\StartupList.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Logged on as 'Ong B' to 'ONG'
* Using default options (see end of log for possible options)
==================================================

Running processes (31):

[C:\Autoruns\autoruns.exe (47)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\appHelp.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMDLG32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\CRYPTUI.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LINKINFO.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\mslbui.dll
C:\WINDOWS\system32\mstask.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTDSAPI.dll
C:\WINDOWS\system32\ntshrui.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RICHED20.dll
C:\WINDOWS\system32\Riched32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\shdocvw.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\Wintrust.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll

[C:\Autoruns\StartupList.exe (45)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\asycfilt.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\mscomctl.ocx
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\mslbui.dll
C:\WINDOWS\system32\MSVBVM60.DLL
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTDSAPI.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\wbem\fastprox.dll
C:\WINDOWS\system32\wbem\wbemcomn.dll
C:\WINDOWS\system32\wbem\wbemdisp.dll
C:\WINDOWS\system32\wbem\wbemprox.dll
C:\WINDOWS\system32\wbem\wbemsvc.dll
C:\WINDOWS\system32\wbem\wmiutils.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE (17)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\xpsp2res.dll

[C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (36)]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdboot.dll
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\MSVCP71.dll
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\MSVCR71.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CFGMGR32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\DSOUND.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\imagehlp.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\setupapi.DLL
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\sti.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (21)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\psapi.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\Common Files\Sogou PXP\p2psvr.exe (48)]
C:\Program Files\P4P\p4pipc.dll
C:\Program Files\P4P\tbupdate.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RASAPI32.DLL
C:\WINDOWS\system32\rasman.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\sensapi.dll
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\TAPI32.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (72)]
C:\PROGRA~1\COMMON~1\SYMANT~1\ccEvtCli.dll
C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070825.006\ecmsvr32.dll
C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070825.006\NAVENG32.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070825.006\NAVEX32a.DLL
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AV.loc
C:\Program Files\Common Files\Symantec Shared\AntiVirus\avDefMgr.dll
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVExclu.dll
C:\Program Files\Common Files\Symantec Shared\AntiVirus\avModule.dll
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVScan.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppMgr32.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSet32.dll
C:\Program Files\Common Files\Symantec Shared\ccL60U.dll
C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
C:\Program Files\Common Files\Symantec Shared\ccScanw.dll
C:\Program Files\Common Files\Symantec Shared\ccSet.dll
C:\Program Files\Common Files\Symantec Shared\ccSvc.dll
C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
C:\Program Files\Common Files\Symantec Shared\dec_abi.dll
C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL
C:\Program Files\Common Files\Symantec Shared\MSL\msl.dll
C:\Program Files\Common Files\Symantec Shared\QBackup.dll
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCCli.dll
C:\Program Files\Common Files\Symantec Shared\SRTSP\Srtsp32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\ATL71.DLL
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\Crypt32.dll
C:\WINDOWS\system32\DBGHELP.DLL
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LINKINFO.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\MSVCP71.dll
C:\WINDOWS\system32\MSVCR71.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\mswsock.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ntshrui.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WinTrust.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\Common Files\Symantec Shared\ccApp.exe (105)]
C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\ccEvtCli.dll
C:\PROGRA~1\COMMON~1\SYMANT~1\PIF\{B8E1D~1\AlertUi.dll
C:\PROGRA~1\COMMON~1\SYMANT~1\rcEmlPxy.dll
C:\PROGRA~1\NORTON~1\AlertRes.dll
C:\PROGRA~1\NORTON~1\ISLALERT.DLL
C:\PROGRA~1\NORTON~1\NISTRAY.DLL
C:\PROGRA~1\NORTON~1\NISTrRes.dll
C:\PROGRA~1\NORTON~1\NORTON~1\AVPAPP32.DLL
C:\PROGRA~1\NORTON~1\NORTON~1\AVPAPP32.loc
C:\PROGRA~1\NORTON~1\NORTON~1\DEFALERT.DLL
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVExclu.dll
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVIfc.dll
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVMail.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppMgr32.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppPlg32.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSet32.dll
C:\Program Files\Common Files\Symantec Shared\ccL60U.dll
C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
C:\Program Files\Common Files\Symantec Shared\ccSet.dll
C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll
C:\Program Files\Common Files\Symantec Shared\ccSvc.dll
C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
C:\Program Files\Common Files\Symantec Shared\CF\cfEPack.dll
C:\Program Files\Common Files\Symantec Shared\CF\cfV2Pack.dll
C:\Program Files\Common Files\Symantec Shared\CF\PEP2.dll
C:\Program Files\Common Files\Symantec Shared\COH\sesHlp.dll
C:\Program Files\Common Files\Symantec Shared\NcoItf.dll
C:\Program Files\Common Files\Symantec Shared\NPC\DataPvdr.dll
C:\Program Files\Common Files\Symantec Shared\NPC\npcTRAY.dll
C:\Program Files\Common Files\Symantec Shared\NPC\npcWmiCl.dll
C:\Program Files\Common Files\Symantec Shared\NPC\npcWmiDt.dll
C:\Program Files\Common Files\Symantec Shared\NPC\NSCEXT.dll
C:\Program Files\Common Files\Symantec Shared\NPC\NSCHlpr2.dll
C:\Program Files\Common Files\Symantec Shared\NPC\NSCWSCR2.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\pcStatus.dll
C:\Program Files\Common Files\Symantec Shared\NPC\PEPEvnt.dll
C:\Program Files\Common Files\Symantec Shared\NPC\UICntnr.dll
C:\Program Files\Common Files\Symantec Shared\NPC\uiLicPlg.dll
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll
C:\Program Files\Common Files\Symantec Shared\SymHTML\1.0\SymHTML.DLL
C:\Program Files\Common Files\Symantec Shared\SymTheme\1.0\SymTheme.dll
C:\Program Files\Norton Internet Security\fwAlert.dll
C:\Program Files\Norton Internet Security\fwAlRes.dll
C:\Program Files\Norton Internet Security\fwEvent.dll
C:\Program Files\Norton Internet Security\IMCfg.dll
C:\Program Files\Norton Internet Security\ISDataCl.dll
C:\Program Files\Norton Internet Security\isStatus.dll
C:\Program Files\Norton Internet Security\SetEvtHp.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\ATL71.DLL
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\Crypt32.dll
C:\WINDOWS\system32\DBGHELP.DLL
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\Msimg32.dll
C:\WINDOWS\system32\mslbui.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\MSVCP71.dll
C:\WINDOWS\system32\MSVCR71.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\MSWSOCK.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEACC.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SymNeti.dll
C:\WINDOWS\system32\SymRedir.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WinTrust.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\Wtsapi32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll

[C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (110)]
C:\PROGRA~1\COMMON~1\SYMANT~1\CCEVTPLG.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETPLG.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\FIREWALL\FWAGENT.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\NPC\NPCWMIMN.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\PIF\{B8E1D~1\PIFENG.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\PIF\{B8E1D~1\PollMgr.dll
C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSVC.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\TPROCPLG.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\SRTSP\SRTSP32.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\SUBMIS~1\SubConn.dll
C:\PROGRA~1\COMMON~1\SYMANT~1\SUBMIS~1\SUBENG.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\SUBMIS~1\SUBRES.loc
C:\PROGRA~1\NORTON~1\ISDATASV.DLL
C:\PROGRA~1\NORTON~1\ISSVC.DLL
C:\PROGRA~1\NORTON~1\NORTON~1\AVPSVC32.DLL
C:\PROGRA~1\NORTON~1\NORTON~1\AVPSVC32.loc
C:\PROGRA~1\NORTON~1\NORTON~1\NAVEVENT.DLL
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVExclu.dll
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVIfc.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppMgr32.dll
C:\Program Files\Common Files\Symantec Shared\ccEvtCli.dll
C:\Program Files\Common Files\Symantec Shared\ccL60.dll
C:\Program Files\Common Files\Symantec Shared\ccL60U.dll
C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
C:\Program Files\Common Files\Symantec Shared\ccSet.dll
C:\Program Files\Common Files\Symantec Shared\ccSvc.dll
C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
C:\Program Files\Common Files\Symantec Shared\Firewall\FWHelper.dll
C:\Program Files\Common Files\Symantec Shared\NcoItf.dll
C:\Program Files\Common Files\Symantec Shared\NPC\npcWmiDt.dll
C:\Program Files\Common Files\Symantec Shared\SPBBC\bbRGen.dll
C:\Program Files\Norton Internet Security\fwEvent.dll
C:\Program Files\Norton Internet Security\fwPlugin.dll
C:\Program Files\Norton Internet Security\IMCfg.dll
C:\Program Files\Norton Internet Security\isDataCl.dll
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVSubmit.dll
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVSubmit.loc
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVLOGV.dll
C:\Program Files\Norton Internet Security\Norton AntiVirus\navlogv.loc
C:\Program Files\Norton Internet Security\SetEvtHp.dll
C:\WINDOWS\system32\ACTIVEDS.dll
C:\WINDOWS\system32\adsldpc.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\ATL71.DLL
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\credui.dll
C:\WINDOWS\system32\Crypt32.dll
C:\WINDOWS\system32\DBGHELP.DLL
C:\WINDOWS\system32\DHCPCSVC.DLL
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\ESENT.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MPRAPI.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\MSVCP71.dll
C:\WINDOWS\system32\MSVCR71.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\netman.dll
C:\WINDOWS\system32\netshell.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTDSAPI.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RASAPI32.DLL
C:\WINDOWS\system32\rasman.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\SYSTEM32\SYMNETI.DLL
C:\WINDOWS\system32\TAPI32.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\wbem\fastprox.dll
C:\WINDOWS\system32\wbem\wbemcomn.dll
C:\WINDOWS\system32\wbem\wbemprox.dll
C:\WINDOWS\system32\wbem\wbemsvc.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WinTrust.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WMI.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\WTSAPI32.dll
C:\WINDOWS\system32\WZCSAPI.DLL
C:\WINDOWS\system32\WZCSvc.DLL
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (33)]
C:\PROGRA~1\COMMON~1\SYMANT~1\OPC\{31011~1\CLTNETCN.DLL
C:\Program Files\Common Files\Symantec Shared\ccL60U.dll
C:\Program Files\Common Files\Symantec Shared\ccSet.dll
C:\Program Files\Common Files\Symantec Shared\ccSvc.dll
C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Crypt32.dll
C:\WINDOWS\system32\DBGHELP.DLL
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSVCP71.dll
C:\WINDOWS\system32\MSVCR71.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WinTrust.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\Internet Explorer\IEXPLORE.EXE (150)]
C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVIfc.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppMgr32.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSet32.dll
C:\Program Files\Common Files\Symantec Shared\ccL60U.dll
C:\Program Files\Common Files\Symantec Shared\ccSet.dll
C:\Program Files\Common Files\Symantec Shared\ccSvc.dll
C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\BrCore.dll
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\BrRules.dll
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHORes.loc
c:\program files\common files\symantec shared\coshared\wp\1.5\nppw.dll
C:\Program Files\Common Files\Symantec Shared\coShared\WP\1.5\nppwBHO.dll
C:\Program Files\Common Files\Symantec Shared\coShared\WP\1.5\nppwUI.dll
c:\program files\google\googletoolbar3.dll
C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
C:\Program Files\Norton Internet Security\isRes.dll
C:\Program Files\P4P\autolink.dll
C:\Program Files\P4P\sodaie.dll
C:\Program Files\P4P\ToolBar.dll
C:\WINDOWS\IME\SPGRMR.DLL
C:\WINDOWS\ime\sptip.dll
C:\WINDOWS\system32\ACTXPRXY.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\appHelp.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\ATL71.DLL
C:\WINDOWS\system32\browselc.dll
C:\WINDOWS\system32\BROWSEUI.dll
C:\WINDOWS\system32\Cabinet.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\CRYPTUI.dll
C:\WINDOWS\System32\CSCDLL.dll
C:\WINDOWS\System32\cscui.dll
C:\WINDOWS\System32\davclnt.dll
C:\WINDOWS\system32\DCIMAN32.dll
C:\WINDOWS\system32\DDRAW.dll
C:\WINDOWS\system32\ddrawex.dll
C:\WINDOWS\system32\dispex.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\System32\drprov.dll
C:\WINDOWS\system32\dssenh.dll
C:\WINDOWS\system32\dxtmsft.dll
C:\WINDOWS\system32\dxtrans.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\iepeers.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\ImgUtil.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
c:\windows\system32\jscript.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\Macromed\Common\SwSupport.dll
C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx
c:\windows\system32\MFC42.DLL
C:\WINDOWS\system32\midimap.dll
C:\WINDOWS\system32\mlang.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSGINA.dll
C:\WINDOWS\system32\mshtml.dll
C:\WINDOWS\system32\mshtmled.dll
C:\WINDOWS\system32\mshtmler.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\msimg32.dll
C:\WINDOWS\system32\msimtf.dll
C:\WINDOWS\system32\mslbui.dll
C:\WINDOWS\system32\msls31.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\MSVCP71.dll
C:\WINDOWS\system32\MSVCR71.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\msxml3.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\System32\NETRAP.dll
C:\WINDOWS\System32\NETUI0.dll
C:\WINDOWS\System32\NETUI1.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\System32\ntlanman.dll
C:\WINDOWS\system32\ODBC32.dll
C:\WINDOWS\system32\odbcint.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEACC.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\system32\pngfilt.dll
C:\WINDOWS\system32\PortableDeviceApi.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RASAPI32.DLL
C:\WINDOWS\system32\rasman.dll
C:\WINDOWS\system32\RICHED20.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\system32\schannel.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\sensapi.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\shdoclc.dll
C:\WINDOWS\system32\SHDOCVW.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHFolder.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SoDAHK.DLL
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\TAPI32.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
c:\windows\system32\vbscript.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\wdmaud.drv
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\winmm.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\wsock32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\system32\xpsp3res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

[C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe (51)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\mswsock.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\OLEPRO32.DLL
C:\WINDOWS\system32\qmgrprxy.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RASAPI32.DLL
C:\WINDOWS\system32\rasman.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\sensapi.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\TAPI32.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\wsock32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe (18)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (77)]
C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\1033\stintl.dll
C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FNAME.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\ccEvtCli.dll
C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll
C:\Program Files\Common Files\Microsoft Shared\office11\riched20.dll
C:\Program Files\Common Files\Microsoft Shared\PROOF\mslid.dll
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVIfc.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppMgr32.dll
C:\Program Files\Common Files\Symantec Shared\ccL60U.dll
C:\Program Files\Common Files\Symantec Shared\ccSvc.dll
C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
C:\Program Files\Common Files\System\Ole DB\oledb32.dll
C:\Program Files\Common Files\System\Ole DB\OLEDB32R.DLL
C:\Program Files\Microsoft Office\OFFICE11\1033\srintl.dll
C:\Program Files\Norton Internet Security\Norton AntiVirus\avScanUI.dll
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVEvent.dll
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVLOGV.dll
C:\Program Files\Norton Internet Security\Norton AntiVirus\navlogv.loc
C:\Program Files\Norton Internet Security\Norton AntiVirus\OfficeAV.dll
C:\Program Files\Norton Internet Security\Norton AntiVirus\rcOffcAV.dll
C:\WINDOWS\IME\SPGRMR.DLL
C:\WINDOWS\ime\sptip.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\ATL71.DLL
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\Crypt32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LINKINFO.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\mscms.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSDART.DLL
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\msimg32.dll
C:\WINDOWS\system32\mslbui.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\MSVCP71.dll
C:\WINDOWS\system32\MSVCR71.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ntshrui.dll
C:\WINDOWS\system32\ODBC32.DLL
C:\WINDOWS\system32\odbcint.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEACC.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDR3m.DLL
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUI3m.DLL
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WinTrust.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\Comctl32.dll

[C:\Program Files\QuickTime\qttask.exe (19)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (39)]
C:\Program Files\Common Files\Symantec Shared\ccL60U.dll
C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
C:\Program Files\Symantec\LiveUpdate\MSVCP71.dll
C:\Program Files\Symantec\LiveUpdate\MSVCR71.dll
C:\Program Files\Symantec\LiveUpdate\PSLuComServer_3_2.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\Crypt32.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\userenv.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WinTrust.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe (18)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\WINDOWS\Explorer.EXE (136)]
C:\DOCUME~1\ONGB~1\LOCALS~1\Temp\CmdLineExt02.dll
C:\PROGRA~1\NORTON~1\NORTON~1\NavShcPS.dll
C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll
C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.loc
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Common Files\Symantec Shared\ccL60U.dll
C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
C:\Program Files\Common Files\Symantec Shared\NPC\NSCEXT.dll
C:\Program Files\Creative\Creative ZEN Neeon 2\ZEN Neeon 2 Media Explorer\AVSrcU.dll
C:\Program Files\Creative\Creative ZEN Neeon 2\ZEN Neeon 2 Media Explorer\CTAuSort.crl
C:\Program Files\Creative\Creative ZEN Neeon 2\ZEN Neeon 2 Media Explorer\CTAuSoru.dll
C:\Program Files\Creative\Creative ZEN Neeon 2\ZEN Neeon 2 Media Explorer\CTConfig.dll
C:\Program Files\Creative\Creative ZEN Neeon 2\ZEN Neeon 2 Media Explorer\CTIntrfu.dll
C:\Program Files\Creative\Creative ZEN Neeon 2\ZEN Neeon 2 Media Explorer\CTMVNSRs.DLL
C:\Program Files\Creative\Creative ZEN Neeon 2\ZEN Neeon 2 Media Explorer\CTMVNSu.Dll
C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
C:\Program Files\SmartFTP Client 2.0\smarthook.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ACTXPRXY.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\appHelp.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\ATL71.DLL
C:\WINDOWS\system32\Audiodev.dll
C:\WINDOWS\system32\BatMeter.dll
C:\WINDOWS\system32\browselc.dll
C:\WINDOWS\system32\BROWSEUI.dll
C:\WINDOWS\system32\CFGMGR32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\credui.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\CRYPTUI.dll
C:\WINDOWS\System32\CSCDLL.dll
C:\WINDOWS\System32\cscui.dll
C:\WINDOWS\System32\davclnt.dll
C:\WINDOWS\system32\DEVMGR.DLL
C:\WINDOWS\system32\diskcopy.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\System32\drprov.dll
C:\WINDOWS\system32\DUSER.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\icm32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LINKINFO.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MFC42.DLL
C:\WINDOWS\system32\midimap.dll
C:\WINDOWS\system32\MLANG.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\msadp32.acm
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\mscms.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSGINA.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\MSIMG32.dll
C:\WINDOWS\system32\mslbui.dll
C:\WINDOWS\system32\msutb.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\MSVCP71.dll
C:\WINDOWS\system32\MSVCR71.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mydocs.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\System32\NETRAP.dll
C:\WINDOWS\system32\NETSHELL.dll
C:\WINDOWS\System32\NETUI0.dll
C:\WINDOWS\System32\NETUI1.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\System32\ntlanman.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ntshrui.dll
C:\WINDOWS\system32\nvcpl.dll
C:\WINDOWS\system32\nvshell.dll
C:\WINDOWS\system32\ODBC32.dll
C:\WINDOWS\system32\odbcint.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEACC.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PortableDeviceApi.dll
C:\WINDOWS\system32\PortableDeviceTypes.dll
C:\WINDOWS\system32\POWRPROF.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\shdoclc.dll
C:\WINDOWS\system32\SHDOCVW.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\stobject.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\themeui.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\wdmaud.drv
C:\WINDOWS\system32\webcheck.dll
C:\WINDOWS\system32\WINHTTP.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WMASF.DLL
C:\WINDOWS\system32\WMI.dll
C:\WINDOWS\system32\WMVCore.DLL
C:\WINDOWS\system32\wpdshext.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\WTSAPI32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

[C:\WINDOWS\system32\ctfmon.exe (25)]
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSUTB.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\WINDOWS\system32\devldr32.exe (32)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\DEVCON32.DLL
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\midimap.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SFMAN32.DLL
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\wdmaud.drv
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\WINDOWS\system32\lsass.exe (59)]
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\AUTHZ.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\dssenh.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\ipsecsvc.dll
C:\WINDOWS\system32\kerberos.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\LSASRV.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msprivs.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\netlogon.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTDSAPI.dll
C:\WINDOWS\system32\oakley.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\psbase.dll
C:\WINDOWS\system32\pstorsvc.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\SAMSRV.dll
C:\WINDOWS\system32\scecli.dll
C:\WINDOWS\system32\schannel.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\w32time.dll
C:\WINDOWS\system32\wdigest.dll
C:\WINDOWS\system32\WINIPSEC.DLL
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\WINDOWS\system32\nvsvc32.exe (31)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\POWRPROF.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\wtsapi32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\WINDOWS\system32\services.exe (34)]
C:\WINDOWS\AppPatch\AcAdProc.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\AUTHZ.dll
C:\WINDOWS\system32\Cabinet.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\eventlog.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NCObjAPI.DLL
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SCESRV.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\umpnpmgr.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\wtsapi32.dll

[C:\WINDOWS\System32\smss.exe (1)]
C:\WINDOWS\system32\ntdll.dll

[C:\WINDOWS\system32\spoolsv.exe (56)]
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\cnbjmon.dll
C:\WINDOWS\system32\CNMLM3m.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\inetpp.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\localspl.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\mdimon.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\mswsock.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\NETRAP.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTDSAPI.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\pjlmon.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\sfc_os.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD3m.DLL
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll
C:\WINDOWS\system32\SPOOLSS.DLL
C:\WINDOWS\system32\tcpmon.dll
C:\WINDOWS\system32\usbmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\win32spl.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\winspool.drv
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\WINDOWS\System32\svchost.exe (147)]
C:\WINDOWS\AppPatch\AcGenral.DLL
c:\windows\pchealth\helpctr\binaries\pchsvc.dll
C:\WINDOWS\System32\ACTIVEDS.dll
C:\WINDOWS\system32\ACTXPRXY.DLL
C:\WINDOWS\System32\adsldpc.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
c:\windows\system32\ATL.DLL
c:\windows\system32\audiosrv.dll
c:\windows\system32\browser.dll
C:\WINDOWS\System32\Cabinet.dll
c:\windows\system32\certcli.dll
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\System32\CLUSAPI.DLL
C:\WINDOWS\system32\colbact.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\system32\comsvcs.dll
c:\windows\system32\credui.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\System32\cryptdll.dll
c:\windows\system32\cryptsvc.dll
C:\WINDOWS\system32\CRYPTUI.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dmserver.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\ersvc.dll
c:\windows\system32\es.dll
c:\windows\system32\ESENT.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\System32\h323.tsp
C:\WINDOWS\System32\HID.DLL
C:\WINDOWS\System32\hidphone.tsp
C:\WINDOWS\System32\hnetcfg.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\System32\ipconf.tsp
c:\windows\system32\iphlpapi.dll
C:\WINDOWS\system32\kerberos.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\kmddsp.tsp
C:\WINDOWS\System32\LPK.DLL
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\System32\MPRAPI.dll
C:\WINDOWS\System32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\System32\msi.dll
C:\WINDOWS\System32\MSIDLE.DLL
C:\WINDOWS\System32\mspatcha.dll
C:\WINDOWS\system32\msv1_0.dll
c:\windows\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\MTXCLU.DLL
C:\WINDOWS\system32\NCObjAPI.DLL
C:\WINDOWS\System32\ndptsp.tsp
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\netcfgx.dll
c:\windows\system32\netman.dll
c:\windows\system32\netshell.dll
C:\WINDOWS\system32\ntdll.dll
c:\windows\system32\NTDSAPI.dll
C:\WINDOWS\System32\ntlsapi.dll
C:\WINDOWS\System32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
c:\windows\system32\POWRPROF.dll
c:\windows\system32\PSAPI.DLL
c:\windows\system32\qmgr.dll
C:\WINDOWS\System32\rasadhlp.dll
c:\windows\system32\RASAPI32.dll
C:\WINDOWS\System32\raschap.dll
C:\WINDOWS\System32\RASDLG.dll
c:\windows\system32\rasman.dll
C:\WINDOWS\System32\rasmans.dll
C:\WINDOWS\System32\rasppp.dll
C:\WINDOWS\System32\rastapi.dll
C:\WINDOWS\System32\rastls.dll
C:\WINDOWS\System32\RESUTILS.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\rsaenh.dll
C:\WINDOWS\System32\rtutils.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\System32\SCHANNEL.dll
c:\windows\system32\schedsvc.dll
c:\windows\system32\seclogon.dll
c:\windows\system32\Secur32.dll
c:\windows\system32\sens.dll
C:\WINDOWS\System32\SETUPAPI.dll
C:\WINDOWS\System32\sfc.dll
C:\WINDOWS\System32\sfc_os.dll
C:\WINDOWS\system32\SHELL32.dll
c:\windows\system32\SHFOLDER.dll
C:\WINDOWS\System32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\srsvc.dll
c:\windows\system32\srvsvc.dll
C:\WINDOWS\system32\SSDPAPI.dll
C:\WINDOWS\System32\SXS.DLL
c:\windows\system32\TAPI32.dll
c:\windows\system32\tapisrv.dll
c:\windows\system32\trkwks.dll
C:\WINDOWS\System32\unimdm.tsp
C:\WINDOWS\System32\uniplat.dll
C:\WINDOWS\system32\upnp.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\USP10.dll
C:\WINDOWS\System32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\VSSAPI.DLL
c:\windows\system32\w32time.dll
C:\WINDOWS\System32\Wbem\esscli.dll
C:\WINDOWS\System32\Wbem\FastProx.dll
C:\WINDOWS\system32\wbem\ncprov.dll
C:\WINDOWS\system32\wbem\repdrvfs.dll
C:\WINDOWS\system32\wbem\wbemcomn.dll
C:\WINDOWS\System32\Wbem\wbemcore.dll
C:\WINDOWS\system32\wbem\wbemess.dll
C:\WINDOWS\system32\wbem\wbemsvc.dll
C:\WINDOWS\system32\wbem\wmiprvsd.dll
c:\windows\system32\wbem\wmisvc.dll
C:\WINDOWS\system32\wbem\wmiutils.dll
C:\WINDOWS\System32\WINHTTP.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\System32\WINIPSEC.DLL
C:\WINDOWS\System32\WINMM.dll
C:\WINDOWS\System32\WinSCard.dll
C:\WINDOWS\System32\WINSPOOL.DRV
C:\WINDOWS\System32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
c:\windows\system32\wkssvc.dll
C:\WINDOWS\system32\WLDAP32.dll
c:\windows\system32\WMI.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WSOCK32.dll
c:\windows\system32\WTSAPI32.dll
C:\WINDOWS\system32\wuaueng.dll
c:\windows\system32\wuauserv.dll
C:\WINDOWS\system32\wups2.dll
c:\windows\system32\WZCSAPI.DLL
c:\windows\system32\WZCSvc.DLL
C:\WINDOWS\System32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\WINDOWS\system32\svchost.exe (39)]
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ACTXPRXY.DLL
C:\WINDOWS\system32\ADVAPI32.dll
c:\windows\system32\CFGMGR32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
c:\windows\system32\mscms.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\setupapi.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\sti.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
c:\windows\system32\wiaservc.dll
C:\WINDOWS\system32\WINMM.dll
c:\windows\system32\WINSPOOL.DRV
c:\windows\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\WINDOWS\system32\svchost.exe (49)]
C:\WINDOWS\AppPatch\AcGenral.DLL
c:\windows\system32\ACTIVEDS.dll
c:\windows\system32\adsldpc.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
c:\windows\system32\ATL.DLL
c:\windows\system32\AUTHZ.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
c:\windows\system32\ICAAPI.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
c:\windows\system32\mstlsapi.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\REGAPI.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\SAMLIB.dll
c:\windows\system32\Secur32.dll
c:\windows\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
c:\windows\system32\termsrv.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\WINDOWS\system32\WgaTray.exe (48)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\cryptnet.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\msxml3.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTDSAPI.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\SensApi.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\userenv.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\wbem\fastprox.dll
C:\WINDOWS\system32\wbem\wbemcomn.dll
C:\WINDOWS\system32\wbem\wbemprox.dll
C:\WINDOWS\system32\wbem\wbemsvc.dll
C:\WINDOWS\system32\WINHTTP.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\wsock32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\WINDOWS\system32\winlogon.exe (66)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\AUTHZ.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\cscdll.dll
C:\WINDOWS\system32\cscui.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\midimap.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSGINA.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NDdeApi.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ODBC32.dll
C:\WINDOWS\system32\odbcint.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PROFMAP.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\REGAPI.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\sfc.dll
C:\WINDOWS\system32\sfc_os.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SHSVCS.dll
C:\WINDOWS\system32\sxs.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\wdmaud.drv
C:\WINDOWS\system32\WgaLogon.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSCARD.DLL
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WlNotify.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WTSAPI32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\WINDOWS\system32\wuauclt.exe (34)]
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Cabinet.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\MSIMG32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\wucltui.dll
C:\WINDOWS\system32\wups2.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

--------------------

Autostart folders:

[Startup (1)]
desktop.ini

[User Startup (1)]
desktop.ini

[Common Startup (2)]
Adobe Gamma Loader.lnk
desktop.ini

[User Common Startup (2)]
Adobe Gamma Loader.lnk
desktop.ini

--------------------

Task Scheduler jobs (1):

Norton Internet Security - Run Full System Scan - Ong B.job

--------------------

IniMapping values:

System NT shell = Explorer.exe
User screensaver = C:\WINDOWS\system32\logon.scr

--------------------

Autostarting batch files:

[autoexec.nt]
@echo off
lh %SystemRoot%\system32\mscdexnt.exe
lh %SystemRoot%\system32\redir
lh %SystemRoot%\system32\dosx
SET BLASTER=A220 I5 D1 P330 T3

[config.nt]
dos=high, umb
device=%SystemRoot%\system32\himem.sys
files=40

--------------------

On-reboot actions:

BootExecute = autocheck autochk *

--------------------

Shell commands:

.bat - MS-DOS Batch File - "%1" %*
.cmd - Windows NT Command Script - "%1" %*
.com - MS-DOS Application - "%1" %*
.exe - Application - "%1" %*
.hta - HTML Application - C:\WINDOWS\system32\mshta.exe "%1" %*
.js - JScript Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.jse - JScript Encoded Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.pif - Shortcut to MS-DOS Program - "%1" %*
.scr - Screen Saver - "%1" /S
.txt - Text Document - C:\WINDOWS\system32\NOTEPAD.EXE %1
.vbe - VBScript Encoded Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.vbs - VBScript Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.wsf - Windows Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.wsh - Windows Script Host Settings File - C:\WINDOWS\System32\WScript.exe "%1" %*

--------------------

Services:

[NT Services (43)]
Automatic LiveUpdate Scheduler = "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
Automatic Updates = C:\WINDOWS\system32\svchost.exe -k netsvcs
Computer Browser = C:\WINDOWS\system32\svchost.exe -k netsvcs
Cryptographic Services = C:\WINDOWS\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher = C:\WINDOWS\system32\svchost -k DcomLaunch
DHCP Client = C:\WINDOWS\system32\svchost.exe -k netsvcs
Distributed Link Tracking Client = C:\WINDOWS\system32\svchost.exe -k netsvcs
DNS Client = C:\WINDOWS\system32\svchost.exe -k NetworkService
Error Reporting Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
Event Log = C:\WINDOWS\system32\services.exe
GhostStartService = C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
Help and Support = C:\WINDOWS\System32\svchost.exe -k netsvcs
IPSEC Services = C:\WINDOWS\system32\lsass.exe
LiveUpdate Notice Service = "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
LiveUpdate Notice Service Ex = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Logical Disk Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs
Machine Debug Manager = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
NVIDIA Display Driver Service = C:\WINDOWS\system32\nvsvc32.exe
P4P Service = C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
Plug and Play = C:\WINDOWS\system32\services.exe
Print Spooler = C:\WINDOWS\system32\spoolsv.exe
Protected Storage = C:\WINDOWS\system32\lsass.exe
Remote Procedure Call (RPC) = C:\WINDOWS\system32\svchost -k rpcss
Remote Registry = C:\WINDOWS\system32\svchost.exe -k LocalService
Secondary Logon = C:\WINDOWS\System32\svchost.exe -k netsvcs
Security Accounts Manager = C:\WINDOWS\system32\lsass.exe
Server = C:\WINDOWS\system32\svchost.exe -k netsvcs
Shell Hardware Detection = C:\WINDOWS\System32\svchost.exe -k netsvcs
Symantec AppCore Service = "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"
Symantec Event Manager = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Symantec Lic NetConnect service = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon
Symantec Settings Manager = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
System Event Notification = C:\WINDOWS\system32\svchost.exe -k netsvcs
System Restore Service = C:\WINDOWS\system32\svchost.exe -k netsvcs
Task Scheduler = C:\WINDOWS\System32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper = C:\WINDOWS\system32\svchost.exe -k LocalService
Themes = C:\WINDOWS\System32\svchost.exe -k netsvcs
WebClient = C:\WINDOWS\system32\svchost.exe -k LocalService
Windows Audio = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Image Acquisition (WIA) = C:\WINDOWS\system32\svchost.exe -k imgsvc
Windows Management Instrumentation = C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Time = C:\WINDOWS\System32\svchost.exe -k netsvcs
Workstation = C:\WINDOWS\system32\svchost.exe -k netsvcs

[SafeBoot services (Minimal boot)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
dmboot.sys
dmio.sys
dmload.sys
sermouse.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
PCI Configuration
PNP Filter
Primary disk
SCSI Class
System Bus Extender

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AppMgmt
CryptSvc
DcomLaunch
dmadmin
dmserver
EventLog
HelpSvc
Netlogon
PlugPlay
RpcSs
SRService
WinMgmt

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}


[SafeBoot services (Minimal boot + network support)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
dmboot.sys
dmio.sys
dmload.sys
ip6fw.sys
ipnat.sys
rdpcdd.sys
rdpdd.sys
rdpwd.sys
sermouse.sys
tdpipe.sys
tdtcp.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
NDIS
NDIS Wrapper
NetBIOSGroup
NetDDEGroup
Network
NetworkProvider
PCI Configuration
PNP Filter
PNP_TDI
Primary disk
SCSI Class
Streams Drivers
System Bus Extender
TDI

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* Net *
{4D36E972-E325-11CE-BFC1-08002BE10318}

* NetClient *
{4D36E973-E325-11CE-BFC1-08002BE10318}

* NetService *
{4D36E974-E325-11CE-BFC1-08002BE10318}

* NetTrans *
{4D36E975-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AFD
AppMgmt
Browser
CryptSvc
DcomLaunch
Dhcp
dmadmin
dmserver
DnsCache
EventLog
HelpSvc
LanmanServer
LanmanWorkstation
LmHosts
Messenger
Ndisuio
NetBIOS
NetBT
Netlogon
NetMan
NtLmSsp
PlugPlay
rdsessmgr
RpcSs
SharedAccess
SRService
Tcpip
termservice
WinMgmt
WZCSVC

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}


[SafeBoot: Alternate shell]
cmd.exe (not enabled)

--------------------

Driver filters:

[Class filters]
* Disk drives *
- Upper filters
PartMgr.sys

* DVD/CD-ROM drives *
- Lower filters
ASAPIW2k.sys

* Infrared devices *
- Upper filters
IRENUM.sys

* Keyboards *
- Upper filters
kbdclass.sys

* Mice and other pointing devices *
- Upper filters
mouclass.sys

* Storage volumes *
- Upper filters
VolSnap.sys



[Device filters]
* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* Communications Port *
- Upper filters
serenum.sys

* Communications Port *
- Upper filters
serenum.sys

* Creative SBLive! Gameport *
- Lower filters
ctljystk.sys

* Creative SBLive! Gameport *
- Lower filters
ctljystk.sys

* Direct Parallel *
- Lower filters
PtiLink.sys

* Logitech Virtual Bus Enumerator *
- Upper filters
WmXlCore.sys

* Sony Camcorder *
- Lower filters
SONYPVU1.sys

* Sony DSC *
- Lower filters
SONYPVU1.sys

* Sony DSC *
- Lower filters
SONYPVU1.sys

* Terminal Server Keyboard Driver *
- Upper filters
kbdclass.sys

* Terminal Server Mouse Driver *
- Upper filters
mouclass.sys

* VIA CPU to AGP Controller *
- Upper filters
UAGP35.sys

* WAN Miniport (IP) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPPOE) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPTP) *
- Lower filters
NdisTapi.sys



--------------------

Print monitors (7):

BJ Language Monitor - cnbjmon.dll
Canon BJ Language Monitor S520 - CNMLM3m.DLL
Local Port - localspl.dll
Microsoft Document Imaging Writer Monitor - mdimon.dll
PJL Language Monitor - pjlmon.dll
Standard TCP/IP Port - tcpmon.dll
USB Monitor - usbmon.dll

--------------------

WinLogon autoruns:

UserInit = C:\WINDOWS\system32\userinit.exe,
VmApplet = rundll32 shell32,Control_RunDLL "sysdm.cpl"
AppInit_DLLs = C:\WINDOWS\system32\SoDAHK.DLL

[Notify (10)]
crypt32chain = crypt32.dll
cryptnet = cryptnet.dll
cscdll = cscdll.dll
ScCertProp = wlnotify.dll
Schedule = wlnotify.dll
sclgntfy = sclgntfy.dll
SensLogn = WlNotify.dll
termsrv = wlnotify.dll
WgaLogon = WgaLogon.dll
wlballoon = wlnotify.dll

[Group policy extensions (12)]
Wireless = gptext.dll
Folder Redirection = fdeploy.dll
Microsoft Disk Quota = dskquota.dll
QoS Packet Scheduler = gptext.dll
Scripts = gptext.dll
Internet Explorer Zonemapping = iedkcs32.dll
Security = scecli.dll
Internet Explorer Branding = iedkcs32.dll
EFS recovery = scecli.dll
Microsoft Offline Files = %SystemRoot%\System32\cscui.dll
Software Installation = appmgmts.dll
IP Security = gptext.dll

--------------------

Policies:

[This user]
* Alternate policies *
- Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1)
NoDriveTypeAutoRun = dword: 145



[All users]
* Primary policies *
- Software\Policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems (72)
tWhiteList = Close
GeneralInfo
Quit
FirstPage
PrevPage
NextPage
LastPage
ActualSize
FitPage
FitWidth
FitHeight
SinglePage
OneColumn
TwoPages
TwoColumns
ZoomViewIn
ZoomViewOut
ShowHideBookmarks
ShowHideThumbnails
Print
GoToPage
ZoomTo
GeneralPrefs
SaveAs
FullScreen
OpenOrganizer
Scan
Web2PDF:OpnURL
AcroSendMail:SendMail
Spelling:Check Spelling
PageSetup
Find
FindSearch
GoBack
GoForward
FitVisible
ShowHideToolbarEditing
ShowHideToolbarCommenting
ShowHideToolbarEdit
ShowHideToolbarFile
ShowHideToolbarFind
ShowHideToolbarForms
ShowHideToolbarMeasuring
ShowHideToolbarData
ShowHideToolbarPageDisplay
ShowHideToolbarNavigation
ShowHideToolbarPrintProduction
ShowHideToolbarRedaction
ShowHideToolbarBasicTools
ShowHideToolbarTasks
ShowHideToolbarTypewriter
PropertyToolbar
ShowHideArticles
ShowHideFileAttachment
ShowHideAnnotManager
ShowHideFields
ShowHideOptCont
ShowHideModelTree
ShowHideSignatures
InsertPages
ExtractPages
ReplacePages
DeletePages
CropPages
RotatePages
AddFileAttachment
FindCurrentBookmark
BookmarkShowLocation
GoBackDoc
GoForwardDoc
HelpUserGuide
HelpReader

- Software\Policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms (94)
tBuiltInPermList = version:1
.ade:3
.adp:3
.app:3
.asp:3
.bas:3
.bat:3
.bz:3
.bz2:3
.chm:3
.class:3
.cmd:3
.com:3
.command:3
.cpl:3
.crt:3
.csh:3
.desktop:3
.exe:3
.fxp:3
.gz:3
.hex:3
.hlp:3
.hqx:3
.hta:3
.inf:3
.ini:3
.ins:3
.isp:3
.its:3
.job:3
.js:3
.jse:3
.ksh:3
.lnk:3
.lzh:3
.mad:3
.maf:3
.mag:3
.mam:3
.maq:3
.mar:3
.mas:3
.mat:3
.mau:3
.mav:3
.maw:3
.mda:3
.mde:3
.mdt:3
.mdw:3
.mdz:3
.msc:3
.msi:3
.msp:3
.mst:3
.ocx:3
.ops:3
.pcd:3
.pi:3
.pif:3
.prf:3
.prg:3
.pst:3
.rar:3
.reg:3
.scf:3
.scr:3
.sct:3
.sea:3
.shb:3
.shs:3
.sit:3
.tar:3
.tgz:3
.tmp:3
.url:3
.vb:3
.vbe:3
.vbs:3
.vsmacros:3
.vss:3
.vst:3
.vsw:3
.webloc:3
.ws:3
.wsc:3
.wsf:3
.wsh:3
.zip:3
.zlo:3
.zoo:3
.pdf:2
.fdf:2

- Software\Policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms (18)
tSchemePerms = version:1
shell:3
hcp:3
ms-help:3
ms-its:3
ms-itss:3
its:3
mk:3
mhtml:3
help:3
disk:3
afp:3
disks:3
telnet:3
ssh:3
acrobat:2
mailto:2
file:1

- Software\Policies\Microsoft\Windows\Installer (1)
EnableAdminTSRemote = dword: 1

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000} (7)
ClassName = ipsecFilter
description = Matches all ICMP packets between this computer and any other computer.
name = ipsecFilter{72385235-70fa-11d1-864c-14a300000000}
ipsecName = All ICMP Traffic
ipsecID = {72385235-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115029123

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000} (7)
ClassName = ipsecFilter
description = Matches all IP packets from this computer to any other computer, except broadcast, multicast, Kerberos, RSVP and ISAKMP (IKE).
name = ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}
ipsecName = All IP Traffic
ipsecID = {7238523a-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115029123

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}
ipsecID = {72385231-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115029123

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}
ipsecID = {72385234-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115029123

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}
ipsecID = {72385237-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115029123

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}
ipsecID = {7238523d-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115029123

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{068d9e27-35ab-4ffa-9cc8-11354941b37f} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{068d9e27-35ab-4ffa-9cc8-11354941b37f}
ipsecID = {068d9e27-35ab-4ffa-9cc8-11354941b37f}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115029123

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{3f74aadc-88da-44f2-bc8c-b48ddb24c845} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{3f74aadc-88da-44f2-bc8c-b48ddb24c845}
ipsecID = {3f74aadc-88da-44f2-bc8c-b48ddb24c845}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115029123

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Accepts unsecured communication, but requests clients to establish trust and security methods. Will communicate insecurely to untrusted clients if they do not respond to request.
name = ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}
ipsecName = Request Security (Optional)
ipsecID = {72385233-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {3f91a81a-7647-11d1-864d-d46a00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115029123

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Permit unsecured IP packets to pass through.
name = ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
ipsecName = Permit
ipsecID = {7238523b-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {8a171dd2-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115029123

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients.
name = ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}
ipsecName = Require Security
ipsecID = {7238523f-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {3f91a81a-7647-11d1-864d-d46a00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115029123

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{92bb3961-ffd8-4a1d-9b6a-8a0ae886703a} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{92bb3961-ffd8-4a1d-9b6a-8a0ae886703a}
ipsecID = {92bb3961-ffd8-4a1d-9b6a-8a0ae886703a}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1115029123

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{13ce00c4-21ae-4a31-a310-6dcae74acfd2} (8)
ClassName = ipsecNFA
name = ipsecNFA{13ce00c4-21ae-4a31-a310-6dcae74acfd2}
ipsecName = Request Security (Optional) Rule
description = For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request.
ipsecID = {13ce00c4-21ae-4a31-a310-6dcae74acfd2}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115029123

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{5d0dd05d-e1a3-4a9b-b87f-910be8f578b4} (6)
ClassName = ipsecNFA
name = ipsecNFA{5d0dd05d-e1a3-4a9b-b87f-910be8f578b4}
ipsecID = {5d0dd05d-e1a3-4a9b-b87f-910be8f578b4}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{92bb3961-ffd8-4a1d-9b6a-8a0ae886703a}
whenChanged = dword: 1115029123

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{61f36d8b-04b7-4433-aeb9-ce32843542e1} (8)
ClassName = ipsecNFA
name = ipsecNFA{61f36d8b-04b7-4433-aeb9-ce32843542e1}
ipsecName = Permit unsecure ICMP packets to pass through.
description = Permit unsecure ICMP packets to pass through.
ipsecID = {61f36d8b-04b7-4433-aeb9-ce32843542e1}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115029123

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{7ca99eb7-045b-412b-b3d6-2ed4256e5f1c} (6)
ClassName = ipsecNFA
name = ipsecNFA{7ca99eb7-045b-412b-b3d6-2ed4256e5f1c}
ipsecID = {7ca99eb7-045b-412b-b3d6-2ed4256e5f1c}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{3f74aadc-88da-44f2-bc8c-b48ddb24c845}
whenChanged = dword: 1115029123

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{818e3bf7-0b60-4e78-b5ad-1aea418288bb} (8)
ClassName = ipsecNFA
name = ipsecNFA{818e3bf7-0b60-4e78-b5ad-1aea418288bb}
ipsecName = Permit unsecure ICMP packets to pass through.
description = Permit unsecure ICMP packets to pass through.
ipsecID = {818e3bf7-0b60-4e78-b5ad-1aea418288bb}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115029123

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{aa3b73eb-4646-41a5-a908-6f8eee3ad5b3} (6)
ClassName = ipsecNFA
name = ipsecNFA{aa3b73eb-4646-41a5-a908-6f8eee3ad5b3}
ipsecID = {aa3b73eb-4646-41a5-a908-6f8eee3ad5b3}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{068d9e27-35ab-4ffa-9cc8-11354941b37f}
whenChanged = dword: 1115029123

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{bb682ebc-29a5-4859-a204-6b33f02c44bd} (8)
ClassName = ipsecNFA
name = ipsecNFA{bb682ebc-29a5-4859-a204-6b33f02c44bd}
ipsecName = Require Security
description = Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients.
ipsecID = {bb682ebc-29a5-4859-a204-6b33f02c44bd}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115029123

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request.
name = ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}
ipsecName = Server (Request Security)
ipsecID = {72385230-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115029123

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = Communicate normally (unsecured). Use the default response rule to negotiate with servers that request security. Only the requested protocol and port traffic with that server is secured.
name = ipsecPolicy{72385236-70fa-11d1-864c-14a300000000}
ipsecName = Client (Respond Only)
ipsecID = {72385236-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115029123

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = For all IP traffic, always require security using Kerberos trust. Do NOT allow unsecured communication with untrusted clients.
name = ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}
ipsecName = Secure Server (Require Security)
ipsecID = {7238523c-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1115029123

- Software\Policies\Microsoft\Windows\RTC\PortRange (1)
Enabled = dword: 0

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers (4)
TransparentEnabled = dword: 1
DefaultLevel = dword: 262144
AuthenticodeEnabled = dword: 0
PolicyScope = dword: 0

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} (4)
Description = Stop the download of this file
FriendlyName = Mdac11.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} (4)
Description = Stop the download of this file
FriendlyName = mdac20.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} (4)
Description = Stop the download of this file
FriendlyName = mdac20_a.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} (4)
Description = Stop the download of this file
FriendlyName = _msadc10.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} (4)
Description = Stop the download of this file
FriendlyName = msadc11.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} (2)
Description =
SaferFlags = dword: 0

* Alternate policies *
- Software\Microsoft\Windows\CurrentVersion\policies\NonEnum (3)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = dword: 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = dword: 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = dword: 32

- Software\Microsoft\Windows\CurrentVersion\policies\system (5)
dontdisplaylastusername = dword: 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = dword: 1
undockwithoutlogon = dword: 1



--------------------

Browser Helper Objects (6):

(no name) = {1E8A6170-7264-4D0F-BEAE-D42A53123C75} = C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
Adobe PDF Reader Link Helper = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
Google Toolbar Helper = {AA58ED58-01DD-4d91-8333-CF10577473F7} = c:\program files\google\googletoolbar3.dll
Megaupload Toolbar = {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} = C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
SohuDAIEHelper = {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} = C:\Program Files\P4P\sodaie.dll
SSVHelper Class = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

--------------------

ActiveX objects (13):

BASEIE40_W2K - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe
BRANDING.CAB - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
IE4Shell_NT - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
IEACCESS - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
MailNews - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
Messenger - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
NetMeeting - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
OEACCESS - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
Theme Component - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
WAB - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
Windows Marketplace Link - {4b218e3e-bc98-4770-93d3-2731b9329278} - C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 C:\WINDOWS\inf\ie.inf
WMPACCESS - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

--------------------

Internet Explorer toolbars:

[All users (2)]
??11??? - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} - C:\Program Files\P4P\ToolBar.dll
NCO Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

[This user]
* ShellBrowser (4) *
&Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll
(no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
(no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
&Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

* WebBrowser (5) *
&Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll
&Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - (no file)
&Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL


--------------------

Internet Explorer buttons/tools (4):

Sun Java Console - {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
?μ????? - {8755CE6E-0BF7-4441-8751-FB728941B0B4} - C:\Program Files\P4P\rss.dll
Research - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

--------------------

Internet Explorer menu extensions:

[This user (4)]
E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
使用搜狗直通车下载 - C:\Program Files\P4P\dl.htm
发送图片到手机 - C:\Program Files\P4P\cx.htm
添加到我的订阅 - C:\Program Files\P4P\rss.htm

--------------------

Internet Explorer Bands (10):

??11??? - {08B13A8E-EB71-4421-B417-4EC0995D5BFC} - C:\Program Files\P4P\ToolBar.dll
Search Band - {30D02401-6A81-11d0-8274-00C04FD5AE38} - C:\WINDOWS\system32\browseui.dll
&Tip of the Day - {4D5C8C25-D075-11d0-B416-00C04FB90376} - C:\WINDOWS\system32\shdocvw.dll
?μ????? - {8755CE6E-0BF7-4441-8751-FB728941B0B4} - C:\Program Files\P4P\rss.dll
&Discuss - {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} - shdocvw.dll
File Search Explorer Band - {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - C:\WINDOWS\system32\SHELL32.dll
Favorites Band - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
History Band - {EFA24E62-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
Explorer Band - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
&Research - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

--------------------

Downloaded Program Files (17):

Checkers Class - {00B71CFB-6864-4346-A978-C0A14556272C} - C:\WINDOWS\Downloaded Program Files\msgrchkr.dll - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
Musicnotes Viewer - {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - C:\WINDOWS\Downloaded Program Files\mnviewer.dll - http://www.musicnotes.com/download/mnviewer.cab
Shockwave ActiveX Control - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\WINDOWS\system32\macromed\Director\SwDir.dll - http://download.macromedia.com/pub/shockwa...director/sw.cab
Windows Genuine Advantage Validation Tool - {17492023-C23A-453E-A040-C7C580BBF700} - C:\WINDOWS\system32\LegitCheckControl.DLL - http://go.microsoft.com/fwlink/?linkid=39204
Minesweeper Flags Class - {2917297F-F02B-4B9D-81DF-494B6333150B} - C:\WINDOWS\Downloaded Program Files\minesweeper.dll - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
WebGameLoader Class - {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - C:\WINDOWS\Downloaded Program Files\ReflexiveWebGameLoader.dll - http://www.miniclip.com/games/ricochet-los...bGameLoader.cab
WUWebControl Class - {6414512B-B978-451D-A0D8-FCFDF33E833C} - C:\WINDOWS\system32\wuweb.dll - http://v5.windowsupdate.microsoft.com/v5co...b?1115031816750
Java Runtime Environment 1.5.0 - {8AD9C840-044E-11D1-B3E9-00805F499D93} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
MessengerStatsClient Class - {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
SAXFile ActiveX Control - {C3A57B60-C117-11D2-BD9B-00105A0A7E89} - C:\WINDOWS\system32\Softartisans\SAXFile\saxfile.dll - http://web.lead.com.sg/SchoolDNA/Common/saxfile.cab
Java Runtime Environment 1.5.0 - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
Java Runtime Environment 1.5.0 - {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
Java Runtime Environment 1.5.0 - {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
get_atlcom Class - {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - C:\WINDOWS\Downloaded Program Files\gp.ocx - http://www.adobe.com/products/acrobat/nos/gp.cab
Shockwave Flash Object - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
MC3LibControl.TclControl - {E7F2A7C5-E0FA-48F7-9893-DF78DDF131F2} - C:\WINDOWS\system32\MC3Lib.ocx - http://www.jeppesen.com/wlcs/services/char...in/mc3-1300.cab
Solitaire Showdown Class - {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

--------------------

URL search hooks:

[This user (1)]
SgUrlSearHook Class - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - C:\WINDOWS\system32\socul.dll

--------------------

Explorer clones:

C:\WINDOWS\explorer.exe

--------------------

Image File Execution Options (1):

Your Image File Name Here without a path = ntsd -d

--------------------

ContextMenuHandlers:

[* (6)]
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll
Open With = {09799AFB-AD67-11d1-ABCD-00C04FC30936} = C:\WINDOWS\system32\SHELL32.dll
Open With EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = C:\WINDOWS\system32\SHELL32.dll
Start Menu Pin = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = C:\WINDOWS\system32\SHELL32.dll
Symantec.Norton.Antivirus.IEContextMenu = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll
WinZip = {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[Drive (7)]
Disk Copy Extension = {59099400-57FF-11CE-BD94-0020AF85B590} = diskcopy.dll
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll
Portable Devices Menu = {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} = C:\WINDOWS\system32\wpdshext.dll
Portable Media Devices Menu = {cc86590a-b60a-48e6-996b-41d25ed39a1e} = C:\WINDOWS\system32\Audiodev.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
ShellFolder for CD Burning = {fbeb8a05-beee-4442-804e-409d6c4515e9} = C:\WINDOWS\system32\SHELL32.dll
Symantec.Norton.Antivirus.IEContextMenu = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll

[Folder (2)]
Symantec.Norton.Antivirus.IEContextMenu = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll
WinZip = {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[CompressedFolder (1)]
Compressed (zipped) Folder Context Menu = {b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} = C:\WINDOWS\system32\zipfldr.dll

[Directory (4)]
EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = C:\WINDOWS\system32\SHELL32.dll
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinZip = {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[Directory\Background (3)]
00nView = {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll
New = {D969A300-E7FF-11d0-A93B-00A0C90F2719} = C:\WINDOWS\system32\SHELL32.dll
NvCplDesktopContext = {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll

[file (1)]
Symantec.Norton.Antivirus.IEContextMenu = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll

[ChannelShortcut (1)]
Channel Menu Handler Object = {f3da0dc0-9cc8-11d0-a599-00c04fd64437} = C:\WINDOWS\system32\cdfview.dll

[InternetShortcut (1)]
Internet Shortcut = {FBF23B40-E3F0-101B-8488-00AA003E56F8} = shdocvw.dll

[AllFileSystemObjects (1)]
Send To = {7BA4C740-9E81-11CF-99D3-00AA004AE837} = C:\WINDOWS\system32\SHELL32.dll

--------------------

ColumnHandlers (5):

(no name) - {0D2E74C4-3C34-11d2-A27E-00C04FC30871} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {24F14F01-7B1C-11d1-838f-0000F80461CF} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {24F14F02-7B1C-11d1-838f-0000F80461CF} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {66742402-F9B9-11D1-A202-0000F81FEDEE} - C:\WINDOWS\system32\SHELL32.dll
PDF Shell Extension - {F9DB5320-233E-11D1-9F84-707F02C10627} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

--------------------

ShellExecuteHooks (1):

URL Exec Hook = {AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

--------------------

Approved Shell Extensions:

[All users (191)]
%DESC_PublishDropTarget% - {60fd46de-f830-4894-a628-6fa81bc0190d} - C:\WINDOWS\system32\photowiz.dll
&Address - {01E04581-4EEE-11d0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll
.CAB file viewer - {0CD7A5C0-9F37-11CE-AE65-08002B2E1262} - cabview.dll
Accessible - {7e653215-fa25-46bd-a339-34a2790f3cb7} - C:\WINDOWS\system32\browseui.dll
ActiveX Cache Folder - {88C6C381-2E85-11D0-94DE-444553540000} - C:\WINDOWS\system32\occache.dll
Address EditBox - {A08C11D2-A228-11d0-825B-00AA005B4383} - C:\WINDOWS\system32\browseui.dll
Administrative Tools - {D20EA4E1-3957-11d2-A40B-0C5020524153} - C:\WINDOWS\system32\shdocvw.dll
Audio Media Properties Handler - {875CB1A1-0F29-45de-A1AE-CFB4950D0B78} - C:\WINDOWS\system32\shmedia.dll
Augmented Shell Folder - {91EA3F8B-C99B-11d0-9815-00C04FD91972} - C:\WINDOWS\system32\browseui.dll
Augmented Shell Folder 2 - {6413BA2C-B461-11d1-A18A-080036B11A03} - C:\WINDOWS\system32\browseui.dll
Auto Update Property Sheet Extension - {5F327514-6C5E-4d60-8F16-D07FA08A78ED} - C:\WINDOWS\system32\wuaucpl.cpl
Autoplay for SlideShow - {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} -
Avi Properties Handler - {87D62D94-71B3-4b9a-9489-5FE6850DC73E} - C:\WINDOWS\system32\shmedia.dll
BandProxy - {F61FFEC1-754F-11d0-80CA-00AA005B4383} - C:\WINDOWS\system32\browseui.dll
Briefcase - {85BBD920-42A0-1069-A2E4-08002B30309D} - syncui.dll
CDF Extension Copy Hook - {67EA19A0-CCEF-11d0-8024-00C04FD75D13} - C:\WINDOWS\system32\shdocvw.dll
Channel File - {f39a0dc0-9cc8-11d0-a599-00c04fd64433} - C:\WINDOWS\system32\cdfview.dll
Channel Handler Object - {f3ba0dc0-9cc8-11d0-a599-00c04fd64435} - C:\WINDOWS\system32\cdfview.dll
Channel Menu - {f3da0dc0-9cc8-11d0-a599-00c04fd64437} - C:\WINDOWS\system32\cdfview.dll
Channel Properties - {f3ea0dc0-9cc8-11d0-a599-00c04fd64438} - C:\WINDOWS\system32\cdfview.dll
Channel Shortcut - {f3aa0dc0-9cc8-11d0-a599-00c04fd64434} - C:\WINDOWS\system32\cdfview.dll
Code Download Agent - {7D559C10-9FE9-11d0-93F7-00AA0059CE02} - C:\WINDOWS\system32\webcheck.dll
Compatibility Page - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} - SlayerXP.dll
Compressed (zipped) Folder - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} - C:\WINDOWS\system32\zipfldr.dll
Compressed (zipped) Folder Right Drag Handler - {BD472F60-27FA-11cf-B8B4-444553540000} - C:\WINDOWS\system32\zipfldr.dll
Compressed (zipped) Folder SendTo Target - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} - C:\WINDOWS\system32\zipfldr.dll
ConnectionAgent - {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} - C:\WINDOWS\system32\webcheck.dll
Crypto PKO Extension - {7444C717-39BF-11D1-8CD9-00C04FC29D45} - C:\WINDOWS\system32\cryptext.dll
Crypto Sign Extension - {7444C719-39BF-11D1-8CD9-00C04FC29D45} - C:\WINDOWS\system32\cryptext.dll
Custom MRU AutoCompleted List - {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} - C:\WINDOWS\system32\browseui.dll
Darwin App Publisher - {CFCCC7A0-A282-11D1-9082-006008059382} - C:\WINDOWS\system32\appwiz.cpl
Desktop Explorer - {1CDB2949-8F65-4355-8456-263E7C208A5D} - C:\WINDOWS\system32\nvshell.dll
Desktop Explorer Menu - {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - C:\WINDOWS\system32\nvshell.dll
DfsShell - {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} - C:\WINDOWS\system32\dfsshlex.dll
Directory Context Menu Verbs - {62AE1F9A-126A-11D0-A14B-0800361B1103} - C:\WINDOWS\system32\dsuiext.dll
Directory Object Find - {163FDC20-2ABC-11d0-88F0-00A024AB2DBB} - C:\WINDOWS\system32\dsquery.dll
Directory Property UI - {0D45D530-764B-11d0-A1CA-00AA00C16E65} - C:\WINDOWS\system32\dsuiext.dll
Directory Query UI - {8A23E65E-31C2-11d0-891C-00A024AB2DBB} - C:\WINDOWS\system32\dsquery.dll
Directory Start/Search Find - {F020E586-5264-11d1-A532-0000F8757D7E} - C:\WINDOWS\system32\dsquery.dll
Disk Copy Extension - {59099400-57FF-11CE-BD94-0020AF85B590} - diskcopy.dll
Disk Quota UI - {7988B573-EC89-11cf-9C00-00AA00A14F56} - dskquoui.dll
Display Adapter CPL Extension - {42071712-76d4-11d1-8b24-00a0c9068ff3} - deskadp.dll
Display Monitor CPL Extension - {42071713-76d4-11d1-8b24-00a0c9068ff3} - deskmon.dll
Display Panning CPL Extension - {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll
Display TroubleShoot CPL Extension - {f92e8c40-3d33-11d2-b1aa-080036a75b03} - deskperf.dll
Download Status - {22BF0C20-6DA7-11D0-B373-00A0C9034938} - C:\WINDOWS\system32\browseui.dll
DS Security Page - {4E40F770-369C-11d0-8922-00A024AB2DBB} - dssec.dll
E-mail - {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Encryption Context Menu - {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} -
Explorer Band - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
Extensions Manager Folder - {692F0339-CBAA-47e6-B5B5-3B84DB604E87} - C:\WINDOWS\system32\extmgr.dll
Favorites Band - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
Fonts - {BD84B380-8CA2-1069-AB1D-08000948F534} - fontext.dll
Fonts - {D20EA4E1-3957-11d2-A40B-0C5020524152} - C:\WINDOWS\system32\shdocvw.dll
For &People... - {32714800-2E5F-11d0-8B85-00AA0044F941} - C:\Program Files\Outlook Express\wabfind.dll
FTP Folders Webview - {63da6ec0-2e98-11cf-8d82-444553540000} - C:\WINDOWS\system32\msieftp.dll
GDI+ file thumbnail extractor - {3F30C968-480A-4C6C-862D-EFC0897BB84B} - C:\WINDOWS\system32\shimgvw.dll
Get a Passport Wizard - {58f1f272-9240-4f51-b6d4-fd63d1618591} - C:\WINDOWS\system32\netplwiz.dll
Ghost Shell Extension - {57C51AF9-DEF7-11D3-A801-00C04F163490} - C:\Program Files\Symantec\Norton Ghost 2003\GhoShExt.dll
Global Folder Settings - {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} - C:\WINDOWS\system32\browseui.dll
Help and Support - {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Help and Support - {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
History - {FF393560-C2A7-11CF-BFF4-444553540000} - C:\WINDOWS\system32\shdocvw.dll
HTML Thumbnail Extractor - {EAB841A0-9550-11cf-8C16-00805F1408F3} - C:\WINDOWS\system32\shimgvw.dll
HyperTerminal Icon Ext - {88895560-9AA2-1069-930E-00AA0030EBC8} - C:\WINDOWS\system32\hticons.dll
ICC Profile - {DBCE2480-C732-101B-BE72-BA78E9AD5B27} - C:\WINDOWS\system32\icmui.dll
ICM Monitor Management - {5DB2625A-54DF-11D0-B6C4-0800091AA605} - C:\WINDOWS\System32\icmui.dll
ICM Printer Management - {675F097E-4C4D-11D0-B6C1-0800091AA605} - C:\WINDOWS\system32\icmui.dll
ICM Scanner Management - {176d6597-26d3-11d1-b350-080036a75b03} - icmui.dll
IE4 Suite Splash Screen - {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\system32\shdocvw.dll
In-pane search - {169A0691-8DF9-11d1-A1C4-00C04FD75D13} - C:\WINDOWS\system32\browseui.dll
Installed Apps Enumerator - {0B124F8F-91F0-11D1-B8B5-006008059382} - C:\WINDOWS\system32\appwiz.cpl
Internet - {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Internet Name Space - {871C5380-42A0-1069-A2EA-08002B30309D} - C:\WINDOWS\system32\shdocvw.dll
InternetShortcut - {FBF23B40-E3F0-101B-8488-00AA003E56F8} - shdocvw.dll
ISFBand OC - {131A6951-7F78-11D0-A979-00C04FD705A2} - C:\WINDOWS\system32\shdocvw.dll
Microsoft Agent Character Property Sheet Handler - {143A62C8-C33B-11D1-84FE-00C04FA34A14} - C:\WINDOWS\msagent\agentpsh.dll
Microsoft AutoComplete - {00BB2763-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\system32\browseui.dll
Microsoft Browser Architecture - {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} - C:\WINDOWS\system32\shdocvw.dll
Microsoft BrowserBand - {7BA4C742-9E81-11CF-99D3-00AA004AE837} - C:\WINDOWS\system32\browseui.dll
Microsoft Data Link - {2206CDB2-19C1-11D1-89E0-00C04FD7A829} - C:\Program Files\Common Files\System\Ole DB\oledb32.dll
Microsoft DocProp Inplace Calendar Control - {6A205B57-2567-4A2C-B881-F787FAB579A3} - C:\WINDOWS\system32\docprop2.dll
Microsoft DocProp Inplace Droplist Combo Control - {0EEA25CC-4362-4A12-850B-86EE61B0D3EB} - C:\WINDOWS\system32\docprop2.dll
Microsoft DocProp Inplace Edit Box Control - {A9CF0EAE-901A-4739-A481-E35B73E47F6D} - C:\WINDOWS\system32\docprop2.dll
Microsoft DocProp Inplace ML Edit Box Control - {8EE97210-FD1F-4B19-91DA-67914005F020} - C:\WINDOWS\system32\docprop2.dll
Microsoft DocProp Inplace Time Control - {28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} - C:\WINDOWS\system32\docprop2.dll
Microsoft DocProp Shell Ext - {883373C3-BF89-11D1-BE35-080036B11A03} - C:\WINDOWS\system32\docprop2.dll
Microsoft History AutoComplete List - {00BB2764-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\system32\browseui.dll
Microsoft Internet Toolbar - {5E6AB780-7743-11CF-A12B-00AA004AE837} - C:\WINDOWS\system32\browseui.dll
Microsoft Multiple AutoComplete List Container - {00BB2765-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\system32\browseui.dll
Microsoft Office HTML Icon Handler - {42042206-2D85-11D3-8CFF-005004838597} - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
Microsoft Office Outlook Custom Icon Handler - {0006F045-0000-0000-C000-000000000046} - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
Microsoft Office Outlook Desktop Icon Handler - {00020D75-0000-0000-C000-000000000046} - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
Microsoft Shell Folder AutoComplete List - {03C036F1-A186-11D0-824A-00AA005B4383} - C:\WINDOWS\system32\browseui.dll
Microsoft Url History Service - {3C374A40-BAE4-11CF-BF7D-00AA006946EE} - C:\WINDOWS\system32\shdocvw.dll
Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll
Midi Properties Handler - {A6FD9E45-6E44-43f9-8644-08598F5A74D9} - C:\WINDOWS\system32\shmedia.dll
MMC Icon Handler - {7A80E4A8-8005-11D2-BCF8-00C04F72C717} - C:\WINDOWS\System32\mmcshext.dll
MRU AutoComplete List - {6756A641-DE71-11d0-831B-00AA005B4383} - C:\WINDOWS\system32\browseui.dll
Multimedia File Property Sheet - {00022613-0000-0000-C000-000000000046} - mmsys.cpl
MyDocs Copy Hook - {ECF03A33-103D-11d2-854D-006008059367} - C:\WINDOWS\system32\mydocs.dll
MyDocs Drop Target - {ECF03A32-103D-11d2-854D-006008059367} - C:\WINDOWS\system32\mydocs.dll
MyDocs Properties - {4a7ded0a-ad25-11d0-98a8-0800361b1103} - C:\WINDOWS\system32\mydocs.dll
Network Connections - {7007ACC7-3202-11D1-AAD2-00805FC1270E} - C:\WINDOWS\system32\NETSHELL.dll
Network Connections - {992CFFA0-F557-101A-88EC-00DD010CCC48} - C:\WINDOWS\system32\NETSHELL.dll
NTFS Security Page - {1F2E5C40-9550-11CE-99D2-00AA006E086C} - rshx32.dll
NvCpl DesktopContext Class - {A70C977A-BF00-412C-90B7-034C51DA2439} - C:\WINDOWS\system32\nvcpl.dll
nView Desktop Context Menu - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - C:\WINDOWS\system32\nvshell.dll
Offline Files Folder - {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} - C:\WINDOWS\System32\cscui.dll
Offline Files Folder Options - {10CFC467-4392-11d2-8DB4-00C04FA31A66} - C:\WINDOWS\System32\cscui.dll
Offline Files Menu - {750fdf0e-2a26-11d1-a3ea-080036587f03} - C:\WINDOWS\System32\cscui.dll
OLE Docfile Property Page - {3EA48300-8CF6-101B-84FB-666CCB9BCD32} - docprop.dll
Play on my TV helper - {FFB699E0-306A-11d3-8BD1-00104B6F7516} - C:\WINDOWS\system32\nvcpl.dll
PlusPack CPL Extension - {41E300E0-78B6-11ce-849B-444553540000} - C:\WINDOWS\system32\themeui.dll
Portable Devices - {35786D3C-B075-49b9-88DD-029876E11C01} - C:\WINDOWS\system32\wpdshext.dll
Portable Devices Menu - {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} - C:\WINDOWS\system32\wpdshext.dll
Portable Media Devices - {640167b4-59b0-47a6-b335-a6b3c0695aea} - C:\WINDOWS\system32\Audiodev.dll
Portable Media Devices Menu - {cc86590a-b60a-48e6-996b-41d25ed39a1e} - C:\WINDOWS\system32\Audiodev.dll
PostAgent - {D8BD2030-6FC9-11D0-864F-00AA006809D9} - C:\WINDOWS\system32\webcheck.dll
Previous Versions - {9DB7A13C-F208-4981-8353-73CC61AE2783} - C:\WINDOWS\system32\twext.dll
Previous Versions Property Page - {596AB062-B4D2-4215-9F74-E9109B0A8153} - C:\WINDOWS\system32\twext.dll
Print Ordering via the Web - {add36aa8-751a-4579-a266-d66f5202ccbb} - C:\WINDOWS\system32\netplwiz.dll
Printers Security Page - {F37C5810-4D3F-11d0-B4BF-00AA00BBB723} - rshx32.dll
Registry Tree Options Utility - {AF4F6510-F982-11d0-8595-00AA004CD6D8} - C:\WINDOWS\system32\browseui.dll
Remote Sessions CPL Extension - {F0152790-D56E-4445-850E-4F3117DB740C} - C:\WINDOWS\system32\remotepg.dll
Run... - {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Scanners & Cameras - {3F953603-1008-4f6e-A73A-04AAC7A992F1} - wiashext.dll
Scanners & Cameras - {83bbcbf3-b28a-4919-a5aa-73027445d672} - wiashext.dll
Scanners & Cameras - {905667aa-acd6-11d2-8080-00805f6596d2} - wiashext.dll
Scanners & Cameras - {E211B736-43FD-11D1-9EFB-0000F8757FCD} - wiashext.dll
Scanners & Cameras - {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} - wiashext.dll
Scheduled Tasks - {D6277990-4C6A-11CF-8D87-00AA0060F5BF} - C:\WINDOWS\system32\mstask.dll
Search - {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Search Assistant OC - {9461b922-3c5a-11d2-bf8b-00c04fb93661} - C:\WINDOWS\system32\shdocvw.dll
Search Band - {30D02401-6A81-11d0-8274-00C04FD5AE38} - C:\WINDOWS\system32\browseui.dll
Sendmail service - {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} - C:\WINDOWS\system32\sendmail.dll
Sendmail service - {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} - C:\WINDOWS\system32\sendmail.dll
Set Program Access and Defaults - {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Shell Application Manager - {352EC2B7-8B9A-11D1-B8AE-006008059382} - C:\WINDOWS\system32\appwiz.cpl
Shell Automation Inproc Service - {0A89A860-D7B1-11CE-8350-444553540000} - C:\WINDOWS\system32\shdocvw.dll
Shell Band Site Menu - {ECD4FC4E-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
Shell DeskBar - {ECD4FC4C-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
Shell DeskBarApp - {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} - C:\WINDOWS\system32\browseui.dll
Shell DocObject Viewer - {E7E4BC40-E76A-11CE-A9BB-00AA004AE837} - C:\WINDOWS\system32\shdocvw.dll
Shell extensions for file compression - {764BF0E1-F219-11ce-972D-00AA00A14F56} -
Shell extensions for Microsoft Windows Network objects - {59be4990-f85c-11ce-aff7-00aa003ca9f6} - ntlanui2.dll
Shell extensions for sharing - {40dd6e20-7c17-11ce-a804-00aa003ca9f6} - ntshrui.dll
Shell extensions for sharing - {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} - ntshrui.dll
Shell extensions for Windows Script Host - {60254CA5-953B-11CF-8C96-00AA00B8708C} - C:\WINDOWS\system32\wshext.dll
Shell Image Data Factory - {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} - C:\WINDOWS\system32\shimgvw.dll
Shell Image Property Handler - {eb9b1153-3b57-4e68-959a-a3266bc3d7fe} - C:\WINDOWS\system32\shimgvw.dll
Shell Image Verbs - {e84fda7c-1d6a-45f6-b725-cb260c236066} - C:\WINDOWS\system32\shimgvw.dll
Shell properties for a DS object - {9E51E0D0-6E0F-11d2-9601-00C04FA31A86} - C:\WINDOWS\system32\dsquery.dll
Shell Publishing Wizard Object - {6b33163c-76a5-4b6c-bf21-45de9cd503a1} - C:\WINDOWS\system32\netplwiz.dll
Shell Rebar BandSite - {ECD4FC4D-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
Shell Scrap DataHandler - {56117100-C0CD-101B-81E2-00AA004AE837} - shscrap.dll
Shell Search Band - {21569614-B795-46b1-85F4-E737A8DC09AD} - C:\WINDOWS\system32\browseui.dll
SmartFTP Shell Extension DLL - {B8323370-FF27-11D2-97B6-204C4F4F5020} - C:\Program Files\SmartFTP Client 2.0\smarthook.dll
Subscription Folder - {F5175861-2688-11d0-9C5E-00AA00A45957} - C:\WINDOWS\system32\webcheck.dll
Subscription Mgr - {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} - C:\WINDOWS\system32\webcheck.dll
Summary Info Thumbnail handler (DOCFILES) - {9DBD2C50-62AD-11d0-B806-00C04FD706EC} - C:\WINDOWS\system32\shimgvw.dll
Taskbar and Start Menu - {0DF44EAA-FF21-4412-828E-260A8728E7F1} -
Tasks Folder Icon Handler - {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} - C:\WINDOWS\system32\mstask.dll
Tasks Folder Shell Extension - {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} - C:\WINDOWS\system32\mstask.dll
Temporary Internet Files - {7BD29E00-76C1-11CF-9DD0-00A0C9034933} - C:\WINDOWS\system32\shdocvw.dll
Temporary Internet Files - {7BD29E01-76C1-11CF-9DD0-00A0C9034933} - C:\WINDOWS\system32\shdocvw.dll
The Internet - {3DC7A020-0ACD-11CF-A9BB-00AA004AE837} - C:\WINDOWS\system32\shdocvw.dll
Track Popup Bar - {acf35015-526e-4230-9596-becbe19f0ac9} - C:\WINDOWS\system32\browseui.dll
TrayAgent - {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} - C:\WINDOWS\system32\webcheck.dll
TridentImageExtractor - {7376D660-C583-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\system32\browseui.dll
User Accounts - {7A9D77BD-5403-11d2-8785-2E0420524153} -
User Assist - {DD313E04-FEFF-11d1-8ECD-0000F87A470C} - C:\WINDOWS\system32\browseui.dll
Video Media Properties Handler - {40C3D757-D6E4-4b49-BB41-0E5BBEA28817} - C:\WINDOWS\system32\shmedia.dll
Video Thumbnail Extractor - {c5a40261-cd64-4ccf-84cb-c394da41d590} - C:\WINDOWS\system32\shmedia.dll
Wav Properties Handler - {E4B29F9D-D390-480b-92FD-7DDB47101D71} - C:\WINDOWS\system32\shmedia.dll
Web Folders - {BDEADF00-C265-11D0-BCED-00A0C90AB50F} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
Web Printer Shell Extension - {77597368-7b15-11d0-a0c2-080036af3f03} - printui.dll
Web Publishing Wizard - {CC6EEFFB-43F6-46c5-9619-51D571967F7D} - C:\WINDOWS\system32\netplwiz.dll
Web Search - {07798131-AF23-11d1-9111-00A0C98BA67D} - C:\WINDOWS\system32\browseui.dll
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
WebCheck SyncMgr Handler - {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} - C:\WINDOWS\system32\webcheck.dll
WebCheckChannelAgent - {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} - C:\WINDOWS\system32\webcheck.dll
WebCheckWebCrawler - {08165EA0-E946-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
Windows Media Player Add to Playlist Context Menu Handler - {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} - C:\WINDOWS\system32\wmpshell.dll
Windows Media Player Burn Audio CD Context Menu Handler - {8DD448E6-C188-4aed-AF92-44956194EB1F} - C:\WINDOWS\system32\wmpshell.dll
Windows Media Player Play as Playlist Context Menu Handler - {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} - C:\WINDOWS\system32\wmpshell.dll
WinZip - {E0D79304-84BE-11CE-9641-444553540000} - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
WinZip - {E0D79305-84BE-11CE-9641-444553540000} - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
WinZip - {E0D79306-84BE-11CE-9641-444553540000} - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
WinZip - {E0D79307-84BE-11CE-9641-444553540000} - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
ZEN Neeon 2 Media Explorer - {40A925DA-C9AF-4CEB-A221-87D2F72C387A} - C:\Program Files\Creative\Creative ZEN Neeon 2\ZEN Neeon 2 Media Explorer\CTMVNSu.Dll

[This user (1)]
Web Folders - {BDEADF00-C265-11d0-BCED-00A0C90AB50F} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

--------------------

Registry 'Run' keys:

[User Run]
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
updateMgr = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[System Run]
Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Audio Driver = C:\WINDOWS\system32\audise.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
GhostStartTrayApp = C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
nwiz = nwiz.exe /install
osCheck = "C:\Program Files\Norton Internet Security\osCheck.exe"
PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PinnacleDriverCheck = C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
SunJavaUpdateSched = "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
Symantec PIF AlertEng = "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

--------------------

Registry 'Run' subkeys:

[System Run]
* OptionalComponents *
@ =


--------------------

Protocols:

[Pluggable MIME filters (6)]
Class Install Handler = {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} = C:\WINDOWS\system32\urlmon.dll
deflate = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\system32\urlmon.dll
gzip = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\system32\urlmon.dll
lzdhtml = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml = {733AC4CB-F1A4-11d0-B951-00A0C90312E1} = C:\WINDOWS\system32\SHELL32.dll
text/xml = {807553E5-5146-11D5-A672-00B0D022E945} = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

[Protocol handlers (24)]
about = {3050F406-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\system32\mshtml.dll
cdl = {3dd53d40-7b8b-11D0-b013-00aa0059ce02} = C:\WINDOWS\system32\urlmon.dll
dvd = {12D51199-0DB5-46FE-A120-47A3D7D937CC} = C:\WINDOWS\system32\msvidctl.dll
file = {79eac9e7-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
ftp = {79eac9e3-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
gopher = {79eac9e4-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
http = {79eac9e2-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
https = {79eac9e5-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
its = {9D148291-B9C8-11D0-A4CC-0000F80149F6} = C:\WINDOWS\system32\itss.dll
javascript = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\system32\mshtml.dll
local = {79eac9e7-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
mailto = {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\system32\mshtml.dll
mhtml = {05300401-BCBC-11d0-85E3-00C04FD85AB4} = C:\WINDOWS\system32\inetcomm.dll
mk = {79eac9e6-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
ms-its = {9D148291-B9C8-11D0-A4CC-0000F80149F6} = C:\WINDOWS\system32\itss.dll
ms-itss = {0A9007C0-4076-11D3-8789-0000F8105754} = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim = {828030A1-22C1-4009-854F-8E305202313F} = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
mso-offdap = {3D9F03FA-7A94-11D3-BE81-0050048385D1} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11 = {32505114-5902-49B2-880A-1F7738E5A384} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
res = {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\system32\mshtml.dll
sysimage = {76E67A63-06E9-11D2-A840-006008059382} = C:\WINDOWS\system32\mshtml.dll
tv = {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} = C:\WINDOWS\system32\msvidctl.dll
vbscript = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\system32\mshtml.dll
wia = {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} = C:\WINDOWS\system32\wiascr.dll

--------------------

WOW compatibility:

cmdline = C:\WINDOWS\system32\ntvdm.exe
wowcmdline = C:\WINDOWS\system32\ntvdm.exe -a C:\WINDOWS\system32\krnl386

[KnownDlls (16-bit) (40)]
avicap.dll
avifile.dll
comm.drv
commdlg.dll
compobj.dll
ctl3dv2.dll
ddeml.dll
keyboard.drv
lanman.drv
mapi.dll
mciavi.drv
mciseq.drv
mciwave.drv
mmsystem.dll
mouse.drv
msacm.dll
msvideo.dll
netapi.dll
ole2.dll
ole2disp.dll
ole2nls.dll
olecli.dll
olesvr.dll
pmspl.dll
progman.exe
rasapi16.dll
shell.dll
sound.drv
storage.dll
system.drv
timer.drv
toolhelp.dll
typelib.dll
vga.drv
wfwnet.drv
win87em.dll
winoldap.mod
winsock.dll
winspool.exe
wowdeb.exe

[KnownDlls (32-bit) (20)]
advapi32.dll
comdlg32.dll
gdi32.dll
imagehlp.dll
kernel32.dll
lz32.dll
ole32.dll
oleaut32.dll
olecli32.dll
olecnv32.dll
olesvr32.dll
olethk32.dll
rpcrt4.dll
shell32.dll
url.dll
urlmon.dll
user32.dll
version.dll
wininet.dll
wldap32.dll

--------------------

ShellServiceObjectDelayLoad:

[All users (5)]
CDBurn = {fbeb8a05-beee-4442-804e-409d6c4515e9} = C:\WINDOWS\system32\SHELL32.dll
PostBootReminder = {7849596a-48ea-486e-8937-a2a3009f31a9} = C:\WINDOWS\system32\SHELL32.dll
SysTray = {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll
WPDShServiceObj = {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------

SharedTaskScheduler (2):

Browseui preloader = {438755C2-A8BA-11D1-B96B-00A0C90312E1} = C:\WINDOWS\system32\browseui.dll
Component Categories cache daemon = {8C7461EF-2B13-11d2-BE35-3078302C2030} = C:\WINDOWS\system32\browseui.dll

--------------------

Winsock LSP:

[Protocols (14)]
MSAFD Tcpip [TCP/IP] - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD Tcpip [UDP/IP] - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
RSVP UDP Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\WINDOWS\system32\rsvpsp.dll
RSVP TCP Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\WINDOWS\system32\rsvpsp.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{0D749A00-8867-43CF-9005-DA0BAD021916}] SEQPACKET 4 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{0D749A00-8867-43CF-9005-DA0BAD021916}] DATAGRAM 4 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5428CB0A-8791-49EF-9EA2-2DC63E9BF07E}] SEQPACKET 0 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5428CB0A-8791-49EF-9EA2-2DC63E9BF07E}] DATAGRAM 0 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{84F33313-F2B8-48B3-8B8F-7191EE5533F9}] SEQPACKET 1 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{84F33313-F2B8-48B3-8B8F-7191EE5533F9}] DATAGRAM 1 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{00768A7F-A832-46C8-BBF6-1D07AED7D2D6}] SEQPACKET 2 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{00768A7F-A832-46C8-BBF6-1D07AED7D2D6}] DATAGRAM 2 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A85DDFBD-7624-4B1D-A4FA-E52D2F823C3B}] SEQPACKET 3 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A85DDFBD-7624-4B1D-A4FA-E52D2F823C3B}] DATAGRAM 3 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll

[Namespace Providers (3)]
Tcpip - {22059D40-7E9E-11CF-AE5A-00AA00A7112B} - C:\WINDOWS\System32\mswsock.dll
NTDS - {3B2637EE-E580-11CF-A555-00C04FD8D4AC} - C:\WINDOWS\System32\winrnr.dll
Network Location Awareness (NLA) Namespace - {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} - C:\WINDOWS\System32\mswsock.dll

--------------------

Hijack points:

[Reset web settings URLs]
SearchAssistant =
CustomizeSearch =
START_PAGE_URL =
SEARCH_PAGE_URL =
MS_START_PAGE_URL =

[Internet Explorer URLs]
* This user *
- Internet Explorer\Main (4)
Local Page = C:\WINDOWS\system32\blank.htm
Search Bar = http://www.google.com/ie
Search Page = http://www.google.com
Start Page = http://www.msn.com/

- Internet Explorer\Desktop\General (2)
BackupWallpaper = %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Wallpaper = %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

* All users *
- Internet Explorer\Main (5)
Default_Page_Url = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
Default_Search_Url = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Local Page = %SystemRoot%\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

- Internet Explorer\Search (2)
CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchAssistant = http://www.google.com/ie

- Internet Explorer\AboutURLs (6)
blank = res://mshtml.dll/blank.htm
DesktopItemNavigationFailure = res://shdoclc.dll/navcancl.htm
NavigationCanceled = res://shdoclc.dll/navcancl.htm
NavigationFailure = res://shdoclc.dll/navcancl.htm
OfflineInformation = res://shdoclc.dll/offcancl.htm
PostNotCached = res://mshtml.dll/repost.htm



[Default URL prefixes]
default = http://
ftp = ftp://
gopher = gopher://
home = http://
mosaic = http://
www = http://

[Hosts file location]
DatabasePath = C:\WINDOWS\System32\drivers\etc\hosts

--------------------

Protection & disabled items:

[Hosts file (1)]
* 127.0.0.1 *
localhost


[ActiveX killbits (227)]
&Address - {01E04581-4EEE-11d0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll
&Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
(no name) - {111C85E9-BB62-4528-A806-F0BE908E02F0} - "C:\PROGRA~1\MSNMES~1\msgsc.dll"
(no name) - {25B0F91C-D23D-11D0-9B85-00C04FC2F51D} - C:\WINDOWS\system32\danim.dll
(no name) - {283807B5-2C60-11D0-A31D-00AA00B92C03} - C:\WINDOWS\system32\danim.dll
(no name) - {283807b8-2c60-11d0-a31d-00aa00b92c03} - C:\WINDOWS\system32\danim.dll
(no name) - {323C0F99-820A-4e0b-B714-57942C6D9678} - "C:\PROGRA~1\MSNMES~1\msgsc.dll"
(no name) - {50B4791F-4731-11D0-8912-00C04FC2A0CA} - C:\WINDOWS\system32\danim.dll
(no name) - {542FB453-5003-11CF-92A2-00AA00B8A733} - C:\WINDOWS\system32\danim.dll
(no name) - {5DFB2651-9668-11D0-B17B-00C04FC2A0CA} - C:\WINDOWS\system32\danim.dll
(no name) - {6FBF8DD5-9E03-4af5-B779-FEBEF6754712} - "C:\PROGRA~1\MSNMES~1\msgsc.dll"
(no name) - {98cb4060-d3e7-42a1-8d65-949d34ebfe14} - C:\Program Files\Microsoft Office\OFFICE11\SOA.DLL
(no name) - {9CDE7341-3C20-11D0-A330-00AA00B92C03} - C:\WINDOWS\system32\danim.dll
(no name) - {AF868304-AB0B-11D0-876A-00C04FC29D46} - C:\WINDOWS\system32\danim.dll
(no name) - {b4b3aecb-dfd6-11d1-9daa-00805f85cfe3} - C:\WINDOWS\system32\CLBCatQ.DLL
(no name) - {C46C1BC1-3C52-11D0-9200-848C1D000000} - C:\WINDOWS\system32\danim.dll
(no name) - {C46C1BC4-3C52-11D0-9200-848C1D000000} - C:\WINDOWS\system32\danim.dll
(no name) - {C46C1BC6-3C52-11D0-9200-848C1D000000} - C:\WINDOWS\system32\danim.dll
(no name) - {C46C1BC8-3C52-11D0-9200-848C1D000000} - C:\WINDOWS\system32\danim.dll
(no name) - {C46C1BCA-3C52-11D0-9200-848C1D000000} - C:\WINDOWS\system32\danim.dll
(no name) - {C46C1BCC-3C52-11D0-9200-848C1D000000} - C:\WINDOWS\system32\danim.dll
(no name) - {C46C1BCE-3C52-11D0-9200-848C1D000000} - C:\WINDOWS\system32\danim.dll
(no name) - {C46C1BD0-3C52-11D0-9200-848C1D000000} - C:\WINDOWS\system32\danim.dll
(no name) - {C46C1BD2-3C52-11D0-9200-848C1D000000} - C:\WINDOWS\system32\danim.dll
(no name) - {C46C1BD4-3C52-11D0-9200-848C1D000000} - C:\WINDOWS\system32\danim.dll
(no name) - {C46C1BD6-3C52-11D0-9200-848C1D000000} - C:\WINDOWS\system32\danim.dll
(no name) - {C46C1BD8-3C52-11D0-9200-848C1D000000} - C:\WINDOWS\system32\danim.dll
(no name) - {C46C1BDA-3C52-11D0-9200-848C1D000000} - C:\WINDOWS\system32\danim.dll
(no name) - {C46C1BDC-3C52-11D0-9200-848C1D000000} - C:\WINDOWS\system32\danim.dll
(no name) - {C46C1BDE-3C52-11D0-9200-848C1D000000} - C:\WINDOWS\system32\danim.dll
(no name) - {C46C1BE0-3C52-11D0-9200-848C1D000000} - C:\WINDOWS\system32\danim.dll
(no name) - {C46C1BE2-3C52-11D0-9200-848C1D000000} - C:\WINDOWS\system32\danim.dll
(no name) - {C46C1BE4-3C52-11D0-9200-848C1D000000} - C:\WINDOWS\system32\danim.dll
(no name) - {C46C1BE6-3C52-11D0-9200-848C1D000000} - C:\WINDOWS\system32\danim.dll
(no name) - {C46C1BEC-3C52-11D0-9200-848C1D000000} - C:\WINDOWS\system32\danim.dll
(no name) - {C46C1BEE-3C52-11D0-9200-848C1D000000} - C:\WINDOWS\system32\danim.dll
(no name) - {C46C1BF0-3C52-11D0-9200-848C1D000000} - C:\WINDOWS\system32\danim.dll
(no name) - {C46C1BF2-3C52-11D0-9200-848C1D000000} - C:\WINDOWS\system32\danim.dll
(no name) - {C46C1BF4-3C52-11D0-9200-848C1D000000} - C:\WINDOWS\system32\danim.dll
(no name) - {D17506C3-6B26-11D0-8914-00C04FC2A0CA} - C:\WINDOWS\system32\danim.dll
(no name) - {e846f0a0-d367-11d1-8286-00a0c9231c29} - C:\WINDOWS\system32\clbcatex.dll
(no name) - {F4C30BB5-D7FC-4d60-9D49-7C6B67C3592D} - "C:\PROGRA~1\MSNMES~1\msgsc.dll"
(no name) - {f5078f26-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll
(no name) - {F5F545A6-39C4-40b5-814D-B45040A89FB5} - "C:\PROGRA~1\MSNMES~1\msgsc.dll"
(no name) - {F81CD990-910B-4bbf-9CB3-6A77F3D697B3} - "C:\PROGRA~1\MSNMES~1\msgsc.dll"
9x8Resize - {BC0D69A8-0923-4EEE-9375-9239F5A38B92} - C:\Program Files\Movie Maker\wmm2filt.dll
ACM Class Manager - {33d9a761-90c8-11d0-bd43-00a0c911ce86} - C:\WINDOWS\system32\devenum.dll
ActiveMovie Filter Class Manager - {083863F1-70DE-11d0-BD40-00A0C911CE86} - C:\WINDOWS\system32\devenum.dll
ActiveXPlugin Object - {06DD38D3-D187-11CF-A80D-00C04FD74AD8} - C:\WINDOWS\system32\plugin.ocx
ADODB.Stream - {00000566-0000-0010-8000-00AA006D2EA4} - C:\Program Files\Common Files\System\ado\msado15.dll
AEPlugIn Class - {E8C31D11-6FD2-4659-AD75-155FA143F42B} - C:\PROGRA~1\MOVIEM~1\wmm2ae.dll
Allocator Fix - {C0D076C5-E4C6-4561-8BF4-80DA8DB819D7} - C:\Program Files\Movie Maker\wmm2filt.dll
AsyncMHandler Class - {3DA2AA3E-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx
Bitmap - {4F3E50BD-A9D7-4721-B0E1-00CB42A0A747} - C:\Program Files\Movie Maker\wmm2filt.dll
BlnSetUser Proxy - {261F6572-578B-40A7-B72E-61B7261D9F0C} - C:\Program Files\Microsoft Office\OFFICE11\BLNMGR.DLL
BlnUser Proxy - {E56CCB42-598C-462D-9AD8-4FD5B4498C5D} - C:\Program Files\Microsoft Office\OFFICE11\BLNMGR.DLL
Briefcase - {85bbd920-42a0-1069-a2e4-08002b30309d} - syncui.dll
CEnroll Class - {43F8F289-7A20-11D0-8F06-00C04FC295E1} - C:\WINDOWS\system32\xenroll.dll
Certificate Class - {E38FD381-6404-4041-B5E9-B2739258941F} - C:\WINDOWS\system32\capicom.dll
Certificates Class - {17E3A1C3-EA8A-4970-AF29-7F54610B1D4C} - C:\WINDOWS\system32\capicom.dll
Certificates Class - {FBAB033B-CDD0-4C5E-81AB-AEA575CD1338} - C:\WINDOWS\system32\capicom.dll
cfw Class - {ecabafc0-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll
Chain Class - {65104D73-BA60-4160-A95A-4B4782E7AA62} - C:\WINDOWS\system32\capicom.dll
CLSID_ApprenticeICW - {8ee42293-c315-11d0-8d6f-00a0c9a06e1f} - C:\WINDOWS\system32\inetcfg.dll
CLSID_CCommAcctImport - {1aa06ba1-0e88-11d1-8391-00c04fbd7c09} - C:\WINDOWS\system32\msoeacct.dll
CLSID_CDIDeviceActionConfigPage - {18ab439e-fcf4-40d4-90da-f79baa3b0655} - C:\WINDOWS\system32\diactfrm.dll
CommunicationManager - {67dcc487-aa48-11d1-8f4f-00c04fb611c7} - C:\WINDOWS\system32\msdtctm.dll
DirectControl Class - {39A2C2A6-4778-11D2-9BDB-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx
DirectX Transform Wrapper Property Page - {1B544C24-FD0B-11CE-8C63-00AA0044B520} - C:\Program Files\Movie Maker\wmm2filt.dll
DiskManagement.Connection - {fd78d554-4c6e-11d0-970d-00a0c9191601} - C:\WINDOWS\System32\dmdskmgr.dll
Dutch_Dutch Stemmer - {860d28d0-8bf4-11ce-be59-00aa0051fe20} - infosoft.dll
English_UK Stemmer - {d99f7670-7f1a-11ce-be57-00aa0051fe20} - infosoft.dll
English_US Stemmer - {eeed4c20-7f1b-11ce-be57-00aa0051fe20} - infosoft.dll
Frame Eater - {6C68955E-F965-4249-8E18-F0977B1D2899} - C:\Program Files\Movie Maker\wmm2filt.dll
Free Threaded XML DOM Document 2.6 - {f5078f1c-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll
French_French Stemmer - {2a6eb050-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll
FTP Folder Web View Automation - {210DA8A2-7445-11D1-91F7-006097DF5BD4} - C:\WINDOWS\system32\msieftp.dll
German_German Stemmer - {510a4910-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll
H323MSP Class - {0F1BE7F8-45CA-11D2-831F-00A0244D2298} - C:\WINDOWS\system32\h323msp.dll
HHCtrl Object - {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} - C:\WINDOWS\system32\hhctrl.ocx
HHCtrl Object - {ADB880A6-D8FF-11CF-9377-00AA003B7A11} - C:\WINDOWS\system32\hhctrl.ocx
HTML Inline Movie Control - {8422DAE7-9929-11CF-B8D3-004033373DA8} - C:\Program Files\Microsoft Office\OFFICE11\HTML\HTMLMM.OCX
HTML Inline Sound Control - {8422DAE3-9929-11CF-B8D3-004033373DA8} - C:\Program Files\Microsoft Office\OFFICE11\HTML\HTMLMM.OCX
IAVIStream & IAVIFile Proxy - {0002000D-0000-0000-C000-000000000046} - avifil32.dll
ICM Class Manager - {33d9a760-90c8-11d0-bd43-00a0c911ce86} - C:\WINDOWS\system32\devenum.dll
ImeSingleKanjiDict - {BE4191FB-59EF-4825-AEFC-109727951E42} - C:\WINDOWS\IME\CHTIME\APPLETS\CHTSKDIC.DLL
IndexServer Simple Command Creator - {c7b6c04a-cbb5-11d0-bb4c-00c04fc2f410} - C:\WINDOWS\system32\query.dll
InstallEngineCtl Object - {6E449683-C509-11CF-AAFA-00AA00B6015C} - C:\WINDOWS\system32\asctrls.ocx
IPConfMSP Class - {0F1BE7F7-45CA-11D2-831F-00A0244D2298} - C:\WINDOWS\system32\confmsp.dll
Italian_Italian Stemmer - {6d36ce10-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll
LexRefBilingualTextContext Class - {75C11604-5C51-48B2-B786-DF5E51D10EC9} - C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.DLL
LexRefStEsObject Class - {4CFB5280-800B-4367-848F-5A13EBF27F1D} - C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.DLL
LexRefStFrObject Class - {B3E0E785-BD78-4366-9560-B7DABE2723BE} - C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.DLL
LM Auto Effect Behaivor - {BB339A46-7C49-11d2-9BF3-00C04FA34789} - C:\WINDOWS\system32\lmrt.dll
LM Behavior Factory - {B1549E58-3894-11D2-BB7F-00A0C999C4C1} - C:\WINDOWS\system32\lmrt.dll
LM Runtime Control - {183C259A-0480-11d1-87EA-00C04FC29D46} - C:\WINDOWS\system32\lmrt.dll
Marquee Control - {250770f3-6af2-11cf-a915-008029e31fcd} - C:\Program Files\Microsoft Office\OFFICE11\HTML\HTMLMARQ.OCX
MarshalableTI Class - {466d66fa-9616-11d2-9342-0000f875ae17} - C:\WINDOWS\system32\msconf.dll
mbcontent Class - {52ca3bcf-3b9b-419e-a3d6-5d28c0b0b50c} - C:\WINDOWS\system32\browsewm.dll
Media Streaming Dynamic Terminal - {AED6483F-3304-11D2-86F1-006008B0E5D2} - C:\WINDOWS\system32\termmgr.dll
MessageMover Class - {ecabb0bf-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll
Microsoft Agent Control 1.5 - {F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5} - C:\WINDOWS\msagent\agentctl.dll
Microsoft Common Browser Architecture - {AF604EFE-8897-11D1-B944-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
Microsoft DDS Generic Class - {4faab301-cef6-477c-9f58-f601039e9b78} - C:\Program Files\Common Files\Microsoft Shared\MSDesigners7\MSDDS.DLL
Microsoft DDS Library Shape Control - {ec444cb6-3e7e-4865-b1c3-0de72ef39b3f} - C:\Program Files\Common Files\Microsoft Shared\MSDesigners7\MSDDS.DLL
Microsoft DDS Picture Shape Control - {6cbe0382-a879-4d2a-8ec3-1f2a43611ba8} - C:\Program Files\Common Files\Microsoft Shared\MSDesigners7\MSDDS.DLL
Microsoft DirectAnimation Control - {B6FFC24C-7E13-11D0-9B47-00C04FC2F51D} - C:\WINDOWS\system32\danim.dll
Microsoft DirectAnimation Path - {D7A7D7C3-D47F-11D0-89D3-00A0C90833E6} - C:\WINDOWS\system32\daxctle.ocx
Microsoft DirectAnimation Sequence - {4F241DB1-EE9F-11D0-9824-006097C99E51} - C:\WINDOWS\system32\daxctle.ocx
Microsoft DirectAnimation Sequencer - {B0A6BAE2-AAF0-11D0-A152-00A0C908DB96} - C:\WINDOWS\system32\daxctle.ocx
Microsoft DirectAnimation Sprite - {FD179533-D86E-11D0-89D6-00A0C90833E6} - C:\WINDOWS\system32\daxctle.ocx
Microsoft DirectAnimation Structured Graphics - {369303C2-D7AC-11D0-89D5-00A0C90833E6} - C:\WINDOWS\system32\daxctle.ocx
Microsoft DirectAnimation Windowed Control - {69AD90EF-1C20-11d1-8801-00C04FC29D46} - C:\WINDOWS\system32\danim.dll
Microsoft DocHost User Interface Handler - {7057e952-bd1b-11d1-8919-00c04fc2c836} - C:\WINDOWS\system32\shdocvw.dll
Microsoft HTA Document 6.0 - {3050F5C8-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
Microsoft Html Document for Popup Window - {3050F67D-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
Microsoft Html Popup Window - {3050f667-98b5-11cf-bb82-00aa00bdce0b} - C:\WINDOWS\system32\mshtml.dll
Microsoft HTML Window Security Proxy - {3050F391-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
Microsoft IME SingleKanjiDictionary interface - {6E3197A3-BBC3-11D4-84C0-00C04F7A06E5} - C:\WINDOWS\IME\imjp8_1\Applets\IMSKDIC.DLL
Microsoft Index Server Scope Administration Object - {3bc4f3a7-652a-11d1-b4d4-00c04fc2db8d} - C:\WINDOWS\system32\ciodm.dll
Microsoft Movie Maker Age Filter - {ADEADEB8-E54B-11D1-9A72-0000F875EADE} - C:\PROGRA~1\MOVIEM~1\wmm2fxa.dll
Microsoft MovieMaker Fade In Fade Out - {EC85D8F1-1C4E-46E4-A748-7AA04E7C0496} - C:\PROGRA~1\MOVIEM~1\wmm2fxa.dll
Microsoft MPEG-4 Video Decompressor Property page - {598eba02-b49a-11d2-a1c1-00609778ea66} - C:\WINDOWS\system32\mpg4ds32.ax
Microsoft MS Audio Decompressor Control Property page - {8FE7E181-BB96-11D2-A1CB-00609778EA66} - C:\WINDOWS\system32\msadds32.ax
Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
Microsoft Office Chart 10.0 - {0002E556-0000-0000-C000-000000000046} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
Microsoft Office Data Source Control 10.0 - {0002E553-0000-0000-C000-000000000046} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
Microsoft Office Free/Busy Registration - {f28d867a-ddb1-11d3-b8e8-00a0c981aeeb} - C:\PROGRA~1\MICROS~2\OFFICE11\MSOSVFBR.DLL
Microsoft Office PivotTable 10.0 - {0002E552-0000-0000-C000-000000000046} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
Microsoft Office Spreadsheet 10.0 - {0002E551-0000-0000-C000-000000000046} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
Microsoft Visual Database Tools Database Designer V7.0 - {03cb9467-fd9d-42a8-82f9-8615b4223e6e} - C:\Program Files\Common Files\Microsoft Shared\Visual Database Tools\VDT70.DLL
Microsoft Visual Database Tools Query Designer V7.0 - {2c10a98f-d64f-43b4-bed6-dd0e1bf2074c} - C:\Program Files\Common Files\Microsoft Shared\Visual Database Tools\VDT70.DLL
Microsoft WBEM Event Subsystem - {5d08b586-343a-11d0-ad46-00c04fd8fdff} - C:\WINDOWS\system32\wbem\wbemess.dll
MidiOut Class Manager - {4efe2452-168a-11d1-bc76-00c04fb9453b} - C:\WINDOWS\system32\devenum.dll
MMStream Class - {49C47CE5-9BA4-11D0-8212-00C04FC32C45} - C:\WINDOWS\system32\amstream.dll
Movie Maker Special Effect 1 Input - {B4DC8DD9-2CC1-4081-9B2B-20D7030234EF} - C:\PROGRA~1\MOVIEM~1\wmm2fxa.dll
Movie Maker Special Effect 2 Inputs - {C63344D8-70D3-4032-9B32-7A3CAD5091A5} - C:\PROGRA~1\MOVIEM~1\wmm2fxa.dll
Movie Maker Special Effect Inplace 1 Input - {353359C1-39E1-491b-9951-464FD8AB071C} - C:\PROGRA~1\MOVIEM~1\wmm2fxa.dll
Movie Maker Video Adjustments - {5A20FD6F-F8FE-4A22-9EE7-307D72D09E6E} - C:\PROGRA~1\MOVIEM~1\wmm2fxa.dll
MSP Class - {4DDB6D36-3BC1-11D2-86F2-006008B0E5D2} - C:\WINDOWS\system32\wavemsp.dll
MSVDTDDGridCtrl7 Object - {6f9f3481-84dd-4b14-b09c-6b4288eccde8} - C:\Program Files\Common Files\Microsoft Shared\Visual Database Tools\VDT70.DLL
MTSEvents Class - {ecabb0ab-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll
Multimedia File Property Sheet - {00022613-0000-0000-c000-000000000046} - mmsys.cpl
NDFXArtEffects - {E673DCF2-C316-4C6F-AA96-4E4DC6DC291E} - C:\PROGRA~1\MOVIEM~1\wmm2fxb.dll
Network Connections - {7007acc7-3202-11d1-aad2-00805fc1270e} - C:\WINDOWS\system32\NETSHELL.dll
Network Connections - {992cffa0-f557-101a-88ec-00dd010ccc48} - C:\WINDOWS\system32\NETSHELL.dll
Network Connections Tray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} - C:\WINDOWS\system32\NETSHELL.dll
Outlook Express Address Book - {233A9694-667E-11D1-9DFB-006097D50408} - %ProgramFiles%\Outlook Express\msoe.dll
Outlook Progress Ctl - {0006F071-0000-0000-C000-000000000046} - C:\PROGRA~1\MICROS~2\OFFICE11\OUTLLIB.DLL
PostBootReminder object - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll
PSDispatch - {00020420-0000-0000-c000-000000000046} - oleaut32.dll
PSEnumVariant - {00020421-0000-0000-C000-000000000046} - oleaut32.dll
PSOAInterface - {00020424-0000-0000-c000-000000000046} - oleaut32.dll
PSSupportErrorInfo - {DF0B3D60-548F-101B-8E65-08002B2BD119} - oleaut32.dll
PSTypeComp - {00020425-0000-0000-C000-000000000046} - oleaut32.dll
PSTypeInfo - {00020422-0000-0000-C000-000000000046} - oleaut32.dll
PSTypeLib - {00020423-0000-0000-C000-000000000046} - oleaut32.dll
Queued Components Recorder - {ecabafc2-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll
Record Queue - {5B4B05EB-1F63-446B-AAD1-E10A34D650E0} - C:\Program Files\Movie Maker\wmm2filt.dll
Redirect - {42B07B28-2280-4937-B035-0293FB812781} - C:\WINDOWS\system32\dxtmsft.dll
RegWizCtrl - {50E5E3D1-C07E-11D0-B9FD-00A0249F6B00} - C:\WINDOWS\system32\regwizc.dll
SafeWia Class - {0DAD5531-BF31-43AC-A513-1F8926BBF5EC} - C:\WINDOWS\system32\wiascr.dll
Script Encoder Object - {32DA2B15-CFED-11D1-B747-00C04FC2B085} - C:\WINDOWS\system32\scrrun.dll
SdpConferenceBlob Class - {9B2719DD-B696-11D0-A489-00C04FD91AC0} - C:\WINDOWS\system32\sdpblb.dll
Search Assistant Control - {47c6c527-6204-4f91-849d-66e234dee015} - c:\windows\srchasst\srchui.dll
ShellFolder for CD Burning - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll
Shockwave ActiveX Control - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\WINDOWS\system32\macromed\Director\SwDir.dll
Shortcut - {00021401-0000-0000-c000-000000000046} - shell32.dll
ShotDetect - {CFFB1FC7-270D-4986-B299-FECF3F0E42DB} - C:\Program Files\Movie Maker\wmm2filt.dll
Snapshot Viewer Control 11.0 - {F0E42D60-368C-11D0-AD81-00A0C90DC8D9} - C:\Program Files\Common Files\Microsoft Shared\Snapshot Viewer\SNAPVIEW.OCX
Spanish_Modern Stemmer - {b0516ff0-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll
Start Menu - {4622ad11-ff23-11d0-8d34-00a0c90f2719} - C:\WINDOWS\system32\SHELL32.dll
Stetch - {F44BB2D0-F070-463E-9433-B0CCF3CFD627} - C:\Program Files\Movie Maker\wmm2filt.dll
Store Class - {78E61E52-0E57-4456-A2F2-517492BCBF8F} - C:\WINDOWS\system32\capicom.dll
Swedish_Default Stemmer - {9478f640-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll
System Monitor Source Properties - {0CF32AA1-7571-11D0-93C4-00AA00A3DDEA} - C:\WINDOWS\system32\sysmon.ocx
SysTray - {35cec8a3-2be6-11d2-8773-92e220524153} - C:\WINDOWS\system32\stobject.dll
SysTrayInvoker - {730f6cdc-2c86-11d2-8773-92e220524153} - C:\WINDOWS\system32\stobject.dll
TipGW Init - {F117831B-C052-11d1-B1C0-00C04FC2F3EF} - C:\WINDOWS\system32\msdtctm.dll
Trident HTMLEditor - {3050f4f5-98b5-11cf-bb82-00aa00bdce0b} - C:\WINDOWS\system32\mshtmled.dll
VFW Capture Class Manager - {860bb310-5d01-11d0-bd3b-00a0c911ce86} - C:\WINDOWS\system32\devenum.dll
Video Effect (1 input) Class Manager - {cc7bfb42-f175-11d1-a392-00e0291f3959} - C:\WINDOWS\system32\qedit.dll
Video Effect (2 input) Class Manager - {cc7bfb43-f175-11d1-a392-00e0291f3959} - C:\WINDOWS\system32\qedit.dll
Video Mixing Renderer 9 - {51b4abf3-748f-4e3b-a276-c828330e926a} - C:\WINDOWS\system32\quartz.dll
Video Render Dynamic Terminal - {AED6483E-3304-11D2-86F1-006008B0E5D2} - C:\WINDOWS\system32\termmgr.dll
VideoPort Object - {ce292861-fc88-11d0-9e69-00c04fd7c15b} - C:\WINDOWS\system32\qdvd.dll
VMR Allocator Presenter 9 - {2d2e24cb-0cd5-458f-86ea-3e6fa22c8e64} - C:\WINDOWS\system32\quartz.dll
VMR ImageSync 9 - {e4979309-7a32-495e-8a92-7b014aad4961} - C:\WINDOWS\system32\quartz.dll
WaveIn Class Manager - {33D9A762-90C8-11d0-BD43-00A0C911CE86} - C:\WINDOWS\system32\devenum.dll
WaveOut and DSound Class Manager - {e0f158e1-cb04-11d0-bd4e-00a0c911ce86} - C:\WINDOWS\system32\devenum.dll
Wbem Scripting Object Path - {172BDDF8-CEEA-11D1-8B05-00600806D9B6} - C:\WINDOWS\system32\wbem\wbemdisp.dll
WDM Instance Provider - {d2d588b5-d081-11d0-99e0-00c04fc2f8ec} - C:\WINDOWS\system32\wbem\wmiprov.dll
WIA FileSystem USD - {d2923b86-15f1-46ff-a19a-de825f919576} - C:\WINDOWS\system32\fsusd.dll
WIA Video Preview Class - {457A23DF-6F2A-4684-91D0-317FB768D87C} - C:\WINDOWS\system32\camocx.dll
Windows Media Video Decompressor Property page - {9AADA567-04E0-11D4-9148-00C04F610D24} - C:\WINDOWS\system32\wmv8ds32.ax
WM Color Converter Filter - {CC45B0B0-72D8-4652-AE5F-5E3E266BE7ED} - C:\Program Files\Movie Maker\wmm2filt.dll
WM TV Out Smooth Picture Filter - {41D2B841-7692-4C83-AFD3-F60E845341AF} - C:\Program Files\Movie Maker\wmm2filt.dll
WM VIH2 Fix - {586FB486-5560-4FF3-96DF-1118C96AF456} - C:\Program Files\Movie Maker\wmm2filt.dll
WMI ADSI Extension - {f0975afe-5c7f-11d2-8b74-00104b2afb41} - C:\WINDOWS\system32\wbem\wbemads.dll
WMT Audio Analyzer - {1CB1623E-BBEC-4E8D-B2DF-DC08C6F4627C} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Black Frame Generator - {2EA10031-0033-450E-8072-E27D9E768142} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT DeInterlace Filter - {C8F209F8-480E-454C-94A4-5392D88EBA0F} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT DeInterlace Prop Page - {A2EDA89A-0966-4B91-9C18-AB69F098187F} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT DirectX Transform Wrapper - {AECF5D2E-7A18-4DD2-BDCD-29B6F615B448} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT DV Extract Filter - {E476CBFF-E229-4524-B6B7-228A3129D1C7} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT FormatConversion - {2D20D4BB-B47E-4FB7-83BD-E3C2EE250D26} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT FormatConversion Prop Page - {E188F7A3-A04E-413E-99D1-D79A45F70305} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Import Filter - {4D4C9FEF-ED80-47EA-A3FA-3215FDBB33AB} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Interlacer - {C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Log Filter - {92883667-E95C-443D-AC96-4CACA27BEB6E} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT MuxDeMux Filter - {01002B17-5D93-4551-81E4-831FEF780A53} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Sample Info Filter - {7F1232EE-44D7-4494-AB8B-CC61B10E21A5} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Screen capture Filter - {31087270-d348-432c-899e-2d2f38ff29a0} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Screen Capture Filter Task Page - {679E132F-561B-42F8-846C-A70DBDC62999} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Switch Filter - {EF105BC3-C064-45F1-AD53-6D8A8578D01B} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Virtual Renderer - {930FD02C-BBE7-4EB9-91CF-FC45CC91E3E6} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Virtual Source - {C44C65C7-FDF1-453D-89A5-BCC28F5D69F9} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Volume - {EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C} - C:\Program Files\Movie Maker\wmm2filt.dll
XML Data Source Object 2.6 - {f5078f1f-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll
XML Document 2.6 - {f5078f22-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll
XML Document 2.6 - {f5078f28-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll
XML DOM Document 2.6 - {f5078f1b-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll
XML HTTP 2.6 - {f5078f1e-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll
XML Moniker 2.6 - {f5078f29-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll
XML Parser 2.6 - {f5078f20-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll
XML Schema Cache 2.6 - {f5078f1d-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll
XSL Template 2.6 - {f5078f21-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll

[Stopped/disabled NT Services]
* Stopped (46) *
Application Layer Gateway Service = C:\WINDOWS\System32\alg.exe
Application Management = C:\WINDOWS\system32\svchost.exe -k netsvcs
Background Intelligent Transfer Service = C:\WINDOWS\system32\svchost.exe -k netsvcs
COM Host = "C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe"
COM+ Event System = C:\WINDOWS\system32\svchost.exe -k netsvcs
COM+ System Application = C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Distributed Transaction Coordinator = C:\WINDOWS\system32\msdtc.exe
Fast User Switching Compatibility = C:\WINDOWS\System32\svchost.exe -k netsvcs
Google Updater Service = "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
HTTP SSL = C:\WINDOWS\System32\svchost.exe -k HTTPFilter
IMAPI CD-Burning COM Service = C:\WINDOWS\system32\imapi.exe
Indexing Service = C:\WINDOWS\system32\cisvc.exe
InstallDriver Table Manager = "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
LiveUpdate = "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
Logical Disk Manager Administrative Service = C:\WINDOWS\System32\dmadmin.exe /com
MS Software Shadow Copy Provider = C:\WINDOWS\system32\dllhost.exe /Processid:{39680EA1-ACE1-4D37-9183-6C92E1E282F9}
Net Logon = C:\WINDOWS\system32\lsass.exe
NetMeeting Remote Desktop Sharing = C:\WINDOWS\system32\mnmsrvc.exe
Network Connections = C:\WINDOWS\System32\svchost.exe -k netsvcs
Network Location Awareness (NLA) = C:\WINDOWS\system32\svchost.exe -k netsvcs
Network Provisioning Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
NT LM Security Support Provider = C:\WINDOWS\system32\lsass.exe
Office Source Engine = "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Performance Logs and Alerts = C:\WINDOWS\system32\smlogsvc.exe
Portable Media Serial Number Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
QoS RSVP = C:\WINDOWS\system32\rsvp.exe
Remote Access Auto Connection Manager = C:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Access Connection Manager = C:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Desktop Help Session Manager = C:\WINDOWS\system32\sessmgr.exe
Remote Procedure Call (RPC) Locator = C:\WINDOWS\system32\locator.exe
Removable Storage = C:\WINDOWS\system32\svchost.exe -k netsvcs
Smart Card = C:\WINDOWS\System32\SCardSvr.exe
SSDP Discovery Service = C:\WINDOWS\system32\svchost.exe -k LocalService
Symantec Core LC = "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
Symantec IS Password Validation = "C:\Program Files\Norton Internet Security\isPwdSvc.exe"
Telephony = C:\WINDOWS\System32\svchost.exe -k netsvcs
Telnet = C:\WINDOWS\system32\tlntsvr.exe
Terminal Services = C:\WINDOWS\System32\svchost -k DComLaunch
Uninterruptible Power Supply = C:\WINDOWS\System32\ups.exe
Universal Plug and Play Device Host = C:\WINDOWS\system32\svchost.exe -k LocalService
Volume Shadow Copy = C:\WINDOWS\System32\vssvc.exe
Windows Driver Foundation - User-mode Driver Framework = C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
Windows Installer = C:\WINDOWS\system32\msiexec.exe /V
Windows Management Instrumentation Driver Extensions = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Media Player Network Sharing Service = "C:\Program Files\Windows Media Player\WMPNetwk.exe"
WMI Performance Adapter = C:\WINDOWS\system32\wbem\wmiapsrv.exe

* Stopped & disabled (10) *
Alerter = C:\WINDOWS\system32\svchost.exe -k LocalService
ClipBook = C:\WINDOWS\system32\clipsrv.exe
Human Interface Device Access = C:\WINDOWS\System32\svchost.exe -k netsvcs
Messenger = C:\WINDOWS\system32\svchost.exe -k netsvcs
Network DDE = C:\WINDOWS\system32\netdde.exe
Network DDE DSDM = C:\WINDOWS\system32\netdde.exe
Routing and Remote Access = C:\WINDOWS\system32\svchost.exe -k netsvcs
Security Center = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Firewall/Internet Connection Sharing (ICS) = C:\WINDOWS\system32\svchost.exe -k netsvcs
Wireless Zero Configuration = C:\WINDOWS\System32\svchost.exe -k netsvcs


[Windows XP Security]
* Security Center *
- This user
FirstRun = dword: 1

- All users
FirstRunDisabled = dword: 1
AntiVirusDisableNotify = dword: 1
FirewallDisableNotify = dword: 1
UpdatesDisableNotify = dword: 0
AntiVirusOverride = dword: 0
FirewallOverride = dword: 0

* System Restore *
- All users
DisableSR = dword: 1
CreateFirstRunRp = dword: 1
DSMin = dword: 200
DSMax = dword: 400
RPSessionInterval = dword: 0
RPGlobalInterval = dword: 86400
RPLifeInterval = dword: 7776000
CompressionBurst = dword: 60
TimerInterval = dword: 120
DiskPercent = dword: 12
ThawInterval = dword: 900
RestoreDiskSpaceError = dword: 0



==================================================
= Other users on this computer: Default user =
==================================================
--------------------

Autostart folders:

[Startup]
desktop.ini

[User Startup]
desktop.ini

--------------------

IniMapping values:

User screensaver = logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145


--------------------

Internet Explorer menu extensions (1):

添加到我的订阅 - C:\Program Files\P4P\rss.htm

--------------------

Registry 'Run' keys:

[User RunOnce]
RunNarrator = Narrator.exe


==================================================
= Other users on this computer: LOCAL SERVICE =
==================================================
--------------------

Autostart folders:

[User Startup]
desktop.ini

--------------------

IniMapping values:

User screensaver = C:\WINDOWS\System32\logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145



==================================================
= Other users on this computer: NETWORK SERVICE =
==================================================
--------------------

Autostart folders:

[User Startup]
desktop.ini

--------------------

IniMapping values:

User screensaver = C:\WINDOWS\System32\logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145



==================================================
= Other users on this computer: SYSTEM =
==================================================
--------------------

Autostart folders:

[Startup]
desktop.ini

[User Startup]
desktop.ini

--------------------

IniMapping values:

User screensaver = logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145


--------------------

Internet Explorer menu extensions (1):

添加到我的订阅 - C:\Program Files\P4P\rss.htm

--------------------

Registry 'Run' keys:

[User RunOnce]
RunNarrator = Narrator.exe



==================================================
= Other hardware configurations: Last known good =
==================================================
--------------------

On-reboot actions:

BootExecute = autocheck autochk *

--------------------

Services:

[NT Services (43)]
Automatic LiveUpdate Scheduler = "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
Automatic Updates = C:\WINDOWS\system32\svchost.exe -k netsvcs
Computer Browser = C:\WINDOWS\system32\svchost.exe -k netsvcs
Cryptographic Services = C:\WINDOWS\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher = C:\WINDOWS\system32\svchost -k DcomLaunch
DHCP Client = C:\WINDOWS\system32\svchost.exe -k netsvcs
Distributed Link Tracking Client = C:\WINDOWS\system32\svchost.exe -k netsvcs
DNS Client = C:\WINDOWS\system32\svchost.exe -k NetworkService
Error Reporting Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
Event Log = C:\WINDOWS\system32\services.exe
GhostStartService = C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
Help and Support = C:\WINDOWS\System32\svchost.exe -k netsvcs
IPSEC Services = C:\WINDOWS\system32\lsass.exe
LiveUpdate Notice Service = "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
LiveUpdate Notice Service Ex = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Logical Disk Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs
Machine Debug Manager = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
NVIDIA Display Driver Service = C:\WINDOWS\system32\nvsvc32.exe
P4P Service = C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
Plug and Play = C:\WINDOWS\system32\services.exe
Print Spooler = C:\WINDOWS\system32\spoolsv.exe
Protected Storage = C:\WINDOWS\system32\lsass.exe
Remote Procedure Call (RPC) = C:\WINDOWS\system32\svchost -k rpcss
Remote Registry = C:\WINDOWS\system32\svchost.exe -k LocalService
Secondary Logon = C:\WINDOWS\System32\svchost.exe -k netsvcs
Security Accounts Manager = C:\WINDOWS\system32\lsass.exe
Server = C:\WINDOWS\system32\svchost.exe -k netsvcs
Shell Hardware Detection = C:\WINDOWS\System32\svchost.exe -k netsvcs
Symantec AppCore Service = "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"
Symantec Event Manager = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Symantec Lic NetConnect service = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon
Symantec Settings Manager = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
System Event Notification = C:\WINDOWS\system32\svchost.exe -k netsvcs
System Restore Service = C:\WINDOWS\system32\svchost.exe -k netsvcs
Task Scheduler = C:\WINDOWS\System32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper = C:\WINDOWS\system32\svchost.exe -k LocalService
Themes = C:\WINDOWS\System32\svchost.exe -k netsvcs
WebClient = C:\WINDOWS\system32\svchost.exe -k LocalService
Windows Audio = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Image Acquisition (WIA) = C:\WINDOWS\system32\svchost.exe -k imgsvc
Windows Management Instrumentation = C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Time = C:\WINDOWS\System32\svchost.exe -k netsvcs
Workstation = C:\WINDOWS\system32\svchost.exe -k netsvcs

[SafeBoot services (Minimal boot)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
dmboot.sys
dmio.sys
dmload.sys
sermouse.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
PCI Configuration
PNP Filter
Primary disk
SCSI Class
System Bus Extender

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AppMgmt
CryptSvc
DcomLaunch
dmadmin
dmserver
EventLog
HelpSvc
Netlogon
PlugPlay
RpcSs
SRService
WinMgmt

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}


[SafeBoot services (Minimal boot + network support)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
dmboot.sys
dmio.sys
dmload.sys
ip6fw.sys
ipnat.sys
rdpcdd.sys
rdpdd.sys
rdpwd.sys
sermouse.sys
tdpipe.sys
tdtcp.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
NDIS
NDIS Wrapper
NetBIOSGroup
NetDDEGroup
Network
NetworkProvider
PCI Configuration
PNP Filter
PNP_TDI
Primary disk
SCSI Class
Streams Drivers
System Bus Extender
TDI

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* Net *
{4D36E972-E325-11CE-BFC1-08002BE10318}

* NetClient *
{4D36E973-E325-11CE-BFC1-08002BE10318}

* NetService *
{4D36E974-E325-11CE-BFC1-08002BE10318}

* NetTrans *
{4D36E975-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AFD
AppMgmt
Browser
CryptSvc
DcomLaunch
Dhcp
dmadmin
dmserver
DnsCache
EventLog
HelpSvc
LanmanServer
LanmanWorkstation
LmHosts
Messenger
Ndisuio
NetBIOS
NetBT
Netlogon
NetMan
NtLmSsp
PlugPlay
rdsessmgr
RpcSs
SharedAccess
SRService
Tcpip
termservice
WinMgmt
WZCSVC

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}


[SafeBoot: Alternate shell]
cmd.exe (not enabled)

--------------------

Driver filters:

[Class filters]
* Infrared devices *
- Upper filters
IRENUM.sys

* Storage volumes *
- Upper filters
VolSnap.sys



[Device filters]
* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* Communications Port *
- Upper filters
serenum.sys

* Communications Port *
- Upper filters
serenum.sys

* Creative SBLive! Gameport *
- Lower filters
ctljystk.sys

* Creative SBLive! Gameport *
- Lower filters
ctljystk.sys

* Direct Parallel *
- Lower filters
PtiLink.sys

* Logitech Virtual Bus Enumerator *
- Upper filters
WmXlCore.sys

* Sony Camcorder *
- Lower filters
SONYPVU1.sys

* Sony DSC *
- Lower filters
SONYPVU1.sys

* Sony DSC *
- Lower filters
SONYPVU1.sys

* Terminal Server Keyboard Driver *
- Upper filters
kbdclass.sys

* Terminal Server Mouse Driver *
- Upper filters
mouclass.sys

* VIA CPU to AGP Controller *
- Upper filters
UAGP35.sys

* WAN Miniport (IP) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPPOE) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPTP) *
- Lower filters
NdisTapi.sys



--------------------

Print monitors (7):

BJ Language Monitor - cnbjmon.dll
Canon BJ Language Monitor S520 - CNMLM3m.DLL
Local Port - localspl.dll
Microsoft Document Imaging Writer Monitor - mdimon.dll
PJL Language Monitor - pjlmon.dll
Standard TCP/IP Port - tcpmon.dll
USB Monitor - usbmon.dll

--------------------

WOW compatibility:

cmdline = C:\WINDOWS\system32\ntvdm.exe
wowcmdline = C:\WINDOWS\system32\ntvdm.exe -a C:\WINDOWS\system32\krnl386

[KnownDlls (16-bit) (40)]
avicap.dll
avifile.dll
comm.drv
commdlg.dll
compobj.dll
ctl3dv2.dll
ddeml.dll
keyboard.drv
lanman.drv
mapi.dll
mciavi.drv
mciseq.drv
mciwave.drv
mmsystem.dll
mouse.drv
msacm.dll
msvideo.dll
netapi.dll
ole2.dll
ole2disp.dll
ole2nls.dll
olecli.dll
olesvr.dll
pmspl.dll
progman.exe
rasapi16.dll
shell.dll
sound.drv
storage.dll
system.drv
timer.drv
toolhelp.dll
typelib.dll
vga.drv
wfwnet.drv
win87em.dll
winoldap.mod
winsock.dll
winspool.exe
wowdeb.exe

[KnownDlls (32-bit) (20)]
advapi32.dll
comdlg32.dll
gdi32.dll
imagehlp.dll
kernel32.dll
lz32.dll
ole32.dll
oleaut32.dll
olecli32.dll
olecnv32.dll
olesvr32.dll
olethk32.dll
rpcrt4.dll
shell32.dll
url.dll
urlmon.dll
user32.dll
version.dll
wininet.dll
wldap32.dll


==================================================
= Other hardware configurations: Failed =
==================================================
--------------------

On-reboot actions:

BootExecute = autocheck autochk *

--------------------

Services:

[NT Services (43)]
Automatic LiveUpdate Scheduler = "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
Automatic Updates = C:\WINDOWS\system32\svchost.exe -k netsvcs
Computer Browser = C:\WINDOWS\system32\svchost.exe -k netsvcs
Cryptographic Services = C:\WINDOWS\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher = C:\WINDOWS\system32\svchost -k DcomLaunch
DHCP Client = C:\WINDOWS\system32\svchost.exe -k netsvcs
Distributed Link Tracking Client = C:\WINDOWS\system32\svchost.exe -k netsvcs
DNS Client = C:\WINDOWS\system32\svchost.exe -k NetworkService
Error Reporting Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
Event Log = C:\WINDOWS\system32\services.exe
GhostStartService = C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
Help and Support = C:\WINDOWS\System32\svchost.exe -k netsvcs
IPSEC Services = C:\WINDOWS\system32\lsass.exe
Logical Disk Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs
Machine Debug Manager = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
Norton AntiVirus Auto-Protect Service = "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"
NVIDIA Display Driver Service = C:\WINDOWS\system32\nvsvc32.exe
Plug and Play = C:\WINDOWS\system32\services.exe
Print Spooler = C:\WINDOWS\system32\spoolsv.exe
Protected Storage = C:\WINDOWS\system32\lsass.exe
Remote Procedure Call (RPC) = C:\WINDOWS\system32\svchost -k rpcss
Remote Registry = C:\WINDOWS\system32\svchost.exe -k LocalService
Secondary Logon = C:\WINDOWS\System32\svchost.exe -k netsvcs
Security Accounts Manager = C:\WINDOWS\system32\lsass.exe
Server = C:\WINDOWS\system32\svchost.exe -k netsvcs
Shell Hardware Detection = C:\WINDOWS\System32\svchost.exe -k netsvcs
Symantec Core LC = "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
Symantec Event Manager = "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
Symantec Network Drivers Service = "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
Symantec Network Proxy = "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
Symantec Settings Manager = "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
System Event Notification = C:\WINDOWS\system32\svchost.exe -k netsvcs
System Restore Service = C:\WINDOWS\system32\svchost.exe -k netsvcs
Task Scheduler = C:\WINDOWS\System32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper = C:\WINDOWS\system32\svchost.exe -k LocalService
Themes = C:\WINDOWS\System32\svchost.exe -k netsvcs
WebClient = C:\WINDOWS\system32\svchost.exe -k LocalService
Windows Audio = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Firewall/Internet Connection Sharing (ICS) = C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Image Acquisition (WIA) = C:\WINDOWS\system32\svchost.exe -k imgsvc
Windows Management Instrumentation = C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Time = C:\WINDOWS\System32\svchost.exe -k netsvcs
Workstation = C:\WINDOWS\system32\svchost.exe -k netsvcs

[SafeBoot services (Minimal boot)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
dmboot.sys
dmio.sys
dmload.sys
sermouse.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
PCI Configuration
PNP Filter
Primary disk
SCSI Class
System Bus Extender

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AppMgmt
CryptSvc
DcomLaunch
dmadmin
dmserver
EventLog
HelpSvc
Netlogon
PlugPlay
RpcSs
SRService
WinMgmt

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}


[SafeBoot services (Minimal boot + network support)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
dmboot.sys
dmio.sys
dmload.sys
ip6fw.sys
ipnat.sys
rdpcdd.sys
rdpdd.sys
rdpwd.sys
sermouse.sys
tdpipe.sys
tdtcp.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
NDIS
NDIS Wrapper
NetBIOSGroup
NetDDEGroup
Network
NetworkProvider
PCI Configuration
PNP Filter
PNP_TDI
Primary disk
SCSI Class
Streams Drivers
System Bus Extender
TDI

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* Net *
{4D36E972-E325-11CE-BFC1-08002BE10318}

* NetClient *
{4D36E973-E325-11CE-BFC1-08002BE10318}

* NetService *
{4D36E974-E325-11CE-BFC1-08002BE10318}

* NetTrans *
{4D36E975-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AFD
AppMgmt
Browser
CryptSvc
DcomLaunch
Dhcp
dmadmin
dmserver
DnsCache
EventLog
HelpSvc
LanmanServer
LanmanWorkstation
LmHosts
Messenger
Ndisuio
NetBIOS
NetBT
Netlogon
NetMan
NtLmSsp
PlugPlay
rdsessmgr
RpcSs
SharedAccess
SRService
Tcpip
termservice
WinMgmt
WZCSVC

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}


[SafeBoot: Alternate shell]
cmd.exe (not enabled)

--------------------

Driver filters:

[Class filters]
* Infrared devices *
- Upper filters
IRENUM.sys

* Storage volumes *
- Upper filters
VolSnap.sys



[Device filters]
* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* Communications Port *
- Upper filters
serenum.sys

* Communications Port *
- Upper filters
serenum.sys

* Creative SBLive! Gameport *
- Lower filters
ctljystk.sys

* Creative SBLive! Gameport *
- Lower filters
ctljystk.sys

* Direct Parallel *
- Lower filters
PtiLink.sys

* Logitech Virtual Bus Enumerator *
- Upper filters
WmXlCore.sys

* Sony Camcorder *
- Lower filters
SONYPVU1.sys

* Sony DSC *
- Lower filters
SONYPVU1.sys

* Sony DSC *
- Lower filters
SONYPVU1.sys

* Terminal Server Keyboard Driver *
- Upper filters
kbdclass.sys

* Terminal Server Mouse Driver *
- Upper filters
mouclass.sys

* VIA CPU to AGP Controller *
- Upper filters
UAGP35.sys

* WAN Miniport (IP) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPPOE) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPTP) *
- Lower filters
NdisTapi.sys



--------------------

Print monitors (7):

BJ Language Monitor - cnbjmon.dll
Canon BJ Language Monitor S520 - CNMLM3m.DLL
Local Port - localspl.dll
Microsoft Document Imaging Writer Monitor - mdimon.dll
PJL Language Monitor - pjlmon.dll
Standard TCP/IP Port - tcpmon.dll
USB Monitor - usbmon.dll

--------------------

WOW compatibility:

cmdline = C:\WINDOWS\system32\ntvdm.exe
wowcmdline = C:\WINDOWS\system32\ntvdm.exe -a C:\WINDOWS\system32\krnl386

[KnownDlls (16-bit) (40)]
avicap.dll
avifile.dll
comm.drv
commdlg.dll
compobj.dll
ctl3dv2.dll
ddeml.dll
keyboard.drv
lanman.drv
mapi.dll
mciavi.drv
mciseq.drv
mciwave.drv
mmsystem.dll
mouse.drv
msacm.dll
msvideo.dll
netapi.dll
ole2.dll
ole2disp.dll
ole2nls.dll
olecli.dll
olesvr.dll
pmspl.dll
progman.exe
rasapi16.dll
shell.dll
sound.drv
storage.dll
system.drv
timer.drv
toolhelp.dll
typelib.dll
vga.drv
wfwnet.drv
win87em.dll
winoldap.mod
winsock.dll
winspool.exe
wowdeb.exe

[KnownDlls (32-bit) (20)]
advapi32.dll
comdlg32.dll
gdi32.dll
imagehlp.dll
kernel32.dll
lz32.dll
ole32.dll
oleaut32.dll
olecli32.dll
olecnv32.dll
olesvr32.dll
olethk32.dll
rpcrt4.dll
shell32.dll
url.dll
urlmon.dll
user32.dll
version.dll
wininet.dll
wldap32.dll


--------------------------------------------------
End of report, 181,422 bytes

Commandline options:
/showempty - Show empty sections
/showcmts - Show comments in .bat files
/noshowclsids - Hide class IDs
/noshowprivate - Hide usernames and computer name
/noshowusers - Hide entries from other users
/noshowhardware - Hide entries from other hardware configurations
/showlargehosts - Show hosts file even when more than 1000 lines are in it
/showlargezones - Show Zones even when more than 1000 domains are in them
/autosave - Run hidden, automatically save a report and quit
/autosavepath: - Specify where to save log, when using /autosave.
Use surrounding quotes for paths with spaces.

#10 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:02:27 PM

Posted 27 August 2007 - 05:58 AM

qwerty9876

Could you please post this to your thread (and edit it out of this one)? This is a different problem, and the long listing makes it more difficult to read this thread to assist vomog1
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#11 qwerty9876

qwerty9876

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 27 August 2007 - 08:16 AM

So sorry. I dont think I can edit it anymore.. the edit button isnt there now. Could a moderator please delete it? Sorry for the inconvenience

#12 vomog1

vomog1
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 27 August 2007 - 02:21 PM

Thanks usasma
Not sure if this is what you want. But here goes:
StartupList report, 27/08/2007, 20:17:14
StartupList version 2.02.0
Started from: C:\Documents and Settings\John\My Documents\StartupList.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Logged on as 'John' to 'PRIVATE-3D7E097'
* Using default options (see end of log for possible options)
==================================================

Running processes (30):

[C:\Documents and Settings\John\My Documents\StartupList.exe (45)]
C:\Program Files\Caere\OmniPagePro90\ophook32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\asycfilt.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSCOMCTL.OCX
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\MSVBVM60.DLL
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTDSAPI.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\wbem\fastprox.dll
C:\WINDOWS\system32\wbem\wbemcomn.dll
C:\WINDOWS\system32\wbem\wbemdisp.dll
C:\WINDOWS\system32\wbem\wbemprox.dll
C:\WINDOWS\system32\wbem\wbemsvc.dll
C:\WINDOWS\system32\wbem\wmiutils.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (47)]
C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll
C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll
C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll
C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll
C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll
C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll
C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll
C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll
C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll
C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll
c:\program files\alwil software\avast4\ahruimai.dll
c:\program files\alwil software\avast4\ahruimes.dll
c:\program files\alwil software\avast4\ahruins.dll
c:\program files\alwil software\avast4\ahruiout.dll
c:\program files\alwil software\avast4\ahruip2p.dll
c:\program files\alwil software\avast4\ahruistd.dll
c:\program files\alwil software\avast4\ahruiws.dll
C:\Program Files\Alwil Software\Avast4\English\Base.dll
C:\Program Files\Alwil Software\Avast4\English\Lang.dll
C:\Program Files\Caere\OmniPagePro90\ophook32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\dbghelp.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MAPI32.dll
C:\WINDOWS\system32\MFC71.DLL
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSVCP71.dll
C:\WINDOWS\system32\MSVCR71.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll

[C:\PROGRA~1\Mozilla Firefox\firefox.exe (63)]
C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll
C:\PROGRA~1\Mozilla Firefox\components\jar50.dll
C:\PROGRA~1\Mozilla Firefox\components\myspell.dll
C:\PROGRA~1\Mozilla Firefox\components\spellchk.dll
C:\PROGRA~1\Mozilla Firefox\freebl3.dll
C:\PROGRA~1\Mozilla Firefox\js3250.dll
C:\PROGRA~1\Mozilla Firefox\nspr4.dll
C:\PROGRA~1\Mozilla Firefox\nss3.dll
C:\PROGRA~1\Mozilla Firefox\plc4.dll
C:\PROGRA~1\Mozilla Firefox\plds4.dll
C:\PROGRA~1\Mozilla Firefox\smime3.dll
C:\PROGRA~1\Mozilla Firefox\softokn3.dll
C:\PROGRA~1\Mozilla Firefox\ssl3.dll
C:\PROGRA~1\Mozilla Firefox\xpcom_compat.dll
C:\PROGRA~1\Mozilla Firefox\xpcom_core.dll
C:\Program Files\Caere\OmniPagePro90\ophook32.dll
C:\Program Files\Mozilla Firefox\nssckbi.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\appHelp.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\System32\CSCDLL.dll
C:\WINDOWS\System32\cscui.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msimg32.dll
C:\WINDOWS\system32\msimtf.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\serwvdrv.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\umdmxfrm.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll

[C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (50)]
C:\Program Files\Alwil Software\Avast4\Aavm4h.dll
C:\Program Files\Alwil Software\Avast4\AhResMai.dll
C:\Program Files\Alwil Software\Avast4\ashBase.dll
C:\Program Files\Alwil Software\Avast4\ashTask.dll
C:\Program Files\Alwil Software\Avast4\ashUInt.dll
C:\Program Files\Alwil Software\Avast4\aswAux.dll
C:\Program Files\Alwil Software\Avast4\aswCmnB.dll
C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll
C:\Program Files\Alwil Software\Avast4\aswCmnS.dll
C:\Program Files\Alwil Software\Avast4\aswEngin.dll
C:\Program Files\Alwil Software\Avast4\aswScan.dll
C:\Program Files\Alwil Software\Avast4\English\Base.dll
C:\Program Files\Alwil Software\Avast4\English\Lang.dll
C:\Program Files\Alwil Software\Avast4\English\langmai.dll
C:\Program Files\Alwil Software\Avast4\XT1922.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\dbghelp.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MFC71.DLL
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSVCP71.dll
C:\WINDOWS\system32\MSVCR71.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\mswsock.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RICHED20.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\Program Files\Alwil Software\Avast4\ashServ.exe (58)]
C:\Program Files\Alwil Software\Avast4\Aavm4h.dll
C:\Program Files\Alwil Software\Avast4\AhResMai.dll
C:\Program Files\Alwil Software\Avast4\ahResMes.dll
C:\Program Files\Alwil Software\Avast4\AhResNS.dll
C:\Program Files\Alwil Software\Avast4\AhResOut.dll
C:\Program Files\Alwil Software\Avast4\ahResP2P.dll
C:\Program Files\Alwil Software\Avast4\AhResStd.dll
C:\Program Files\Alwil Software\Avast4\AhResWS.dll
C:\Program Files\Alwil Software\Avast4\ashBase.dll
C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll
C:\Program Files\Alwil Software\Avast4\ashTask.dll
C:\Program Files\Alwil Software\Avast4\aswAux.dll
C:\Program Files\Alwil Software\Avast4\aswCmnB.dll
C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll
C:\Program Files\Alwil Software\Avast4\aswCmnS.dll
C:\Program Files\Alwil Software\Avast4\aswEngin.dll
C:\Program Files\Alwil Software\Avast4\aswIdle.dll
C:\Program Files\Alwil Software\Avast4\aswInteg.dll
C:\Program Files\Alwil Software\Avast4\aswScan.dll
C:\Program Files\Alwil Software\Avast4\English\Base.dll
C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\dbghelp.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\ICMP.DLL
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSVCP71.dll
C:\WINDOWS\system32\MSVCR71.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\mswsock.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\perfos.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\Wtsapi32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll

[C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (44)]
C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll
C:\Program Files\Alwil Software\Avast4\Aavm4h.dll
C:\Program Files\Alwil Software\Avast4\ashBase.dll
C:\Program Files\Alwil Software\Avast4\ashTask.dll
C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll
C:\Program Files\Alwil Software\Avast4\aswAux.dll
C:\Program Files\Alwil Software\Avast4\aswCmnB.dll
C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll
C:\Program Files\Alwil Software\Avast4\aswCmnS.dll
C:\Program Files\Alwil Software\Avast4\aswEngin.dll
C:\Program Files\Alwil Software\Avast4\aswScan.dll
C:\Program Files\Alwil Software\Avast4\English\Base.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\dbghelp.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\MSVCP71.dll
C:\WINDOWS\system32\MSVCR71.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEACC.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SECUR32.dll
C:\WINDOWS\system32\security.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (18)]
C:\Program Files\Alwil Software\Avast4\aswCmnB.dll
C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll
C:\Program Files\Alwil Software\Avast4\aswCmnS.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSVCP71.dll
C:\WINDOWS\system32\MSVCR71.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll

[C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32.EXE (16)]
C:\Program Files\Caere\OmniPagePro90\ophook32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll

[C:\Program Files\Caere\OmniPagePro90\opware32.exe (16)]
C:\Program Files\Caere\OmniPagePro90\ophook32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll

[C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (21)]
C:\Program Files\Caere\OmniPagePro90\ophook32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\Program Files\LimeWire\LimeWire.exe (73)]
C:\Program Files\Caere\OmniPagePro90\ophook32.dll
C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL
C:\Program Files\Java\jre1.6.0_02\bin\awt.dll
C:\Program Files\Java\jre1.6.0_02\bin\client\jvm.dll
C:\Program Files\Java\jre1.6.0_02\bin\fontmanager.dll
C:\Program Files\Java\jre1.6.0_02\bin\hpi.dll
C:\Program Files\Java\jre1.6.0_02\bin\java.dll
C:\Program Files\Java\jre1.6.0_02\bin\jawt.dll
C:\Program Files\Java\jre1.6.0_02\bin\management.dll
C:\Program Files\Java\jre1.6.0_02\bin\net.dll
C:\Program Files\Java\jre1.6.0_02\bin\nio.dll
C:\Program Files\Java\jre1.6.0_02\bin\sunmscapi.dll
C:\Program Files\Java\jre1.6.0_02\bin\verify.dll
C:\Program Files\Java\jre1.6.0_02\bin\zip.dll
C:\Program Files\LimeWire\lib\jdic.dll
C:\Program Files\LimeWire\lib\SystemUtilities.dll
C:\Program Files\LimeWire\lib\tray.dll
C:\WINDOWS\system32\ACTIVEDS.dll
C:\WINDOWS\system32\adsldpc.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\appHelp.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\browseui.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\System32\CSCDLL.dll
C:\WINDOWS\System32\cscui.dll
C:\WINDOWS\system32\DCIMAN32.dll
C:\WINDOWS\system32\ddraw.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MPRAPI.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSVCR71.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\mswsock.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\serwvdrv.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\umdmxfrm.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\Program Files\Messenger\msmsgs.exe (45)]
C:\Program Files\Caere\OmniPagePro90\ophook32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\credui.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\es.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSIMG32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\serwvdrv.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\umdmxfrm.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\wtsapi32.dll
C:\WINDOWS\system32\XPOB2RES.DLL
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

[C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe (42)]
C:\Program Files\Caere\OmniPagePro90\ophook32.dll
C:\Program Files\NETGEAR\WG311v3\AutoLinkLib.dll
C:\Program Files\NETGEAR\WG311v3\DNSAPI.dll
C:\Program Files\NETGEAR\WG311v3\Mrv8000x.dll
C:\Program Files\NETGEAR\WG311v3\MSVCP60.dll
C:\Program Files\NETGEAR\WG311v3\odSupp_M.dll
C:\Program Files\NETGEAR\WG311v3\WlanDll.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\DHCPCSVC.DLL
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\ICMP.DLL
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MFC42.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\oledlg.dll
C:\WINDOWS\system32\OLEPRO32.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\serwvdrv.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\umdmxfrm.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\Program Files\USB_HD\GPIOManager\GPIOManager.exe (24)]
C:\Program Files\Caere\OmniPagePro90\ophook32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\appHelp.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.DLL
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SETUPAPI.DLL
C:\WINDOWS\system32\SHELL32.DLL
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.DLL
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (62)]
C:\Program Files\Caere\OmniPagePro90\ophook32.dll
C:\Program Files\Zone Labs\ZoneAlarm\alert.zap
C:\Program Files\Zone Labs\ZoneAlarm\cam.zap
C:\Program Files\Zone Labs\ZoneAlarm\email.zap
C:\Program Files\Zone Labs\ZoneAlarm\filter.zap
C:\Program Files\Zone Labs\ZoneAlarm\firewall.zap
C:\Program Files\Zone Labs\ZoneAlarm\framewrk.dll
C:\Program Files\Zone Labs\ZoneAlarm\idlock.zap
C:\Program Files\Zone Labs\ZoneAlarm\imsecure.zap
C:\Program Files\Zone Labs\ZoneAlarm\privacy.zap
C:\Program Files\Zone Labs\ZoneAlarm\programs.zap
C:\Program Files\Zone Labs\ZoneAlarm\security.zap
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\appHelp.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\Crypt32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSIMG32.dll
C:\WINDOWS\system32\MSVCRT.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\vsdata.dll
C:\WINDOWS\system32\VSINIT.dll
C:\WINDOWS\system32\vsmonapi.dll
C:\WINDOWS\system32\VSPUBAPI.dll
C:\WINDOWS\system32\VSUTIL.dll
C:\WINDOWS\system32\vsxml.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\system32\zlcomm.dll
C:\WINDOWS\system32\ZLCommDB.dll
C:\WINDOWS\system32\ZoneLabs\av.dll
C:\WINDOWS\system32\ZoneLabs\camupd.dll
C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
C:\WINDOWS\system32\ZoneLabs\fbl.dll
C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyexpat.pyd
C:\WINDOWS\system32\ZoneLabs\lib\pyd\zpui.pyd
C:\WINDOWS\system32\ZoneLabs\scheduler.dll
C:\WINDOWS\system32\zpeng24.dll
C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll

[C:\WINDOWS\Explorer.EXE (113)]
C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
C:\Program Files\Caere\OmniPagePro90\ophook32.dll
C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\msagent\agentdp2.dll
c:\windows\srchasst\srchctls.dll
c:\windows\srchasst\srchui.dll
C:\WINDOWS\system32\ACTXPRXY.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\appHelp.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\BatMeter.dll
C:\WINDOWS\system32\browselc.dll
C:\WINDOWS\system32\BROWSEUI.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\credui.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\CRYPTUI.dll
C:\WINDOWS\System32\CSCDLL.dll
C:\WINDOWS\System32\cscui.dll
C:\WINDOWS\System32\davclnt.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\System32\drprov.dll
C:\WINDOWS\system32\DUSER.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\jscript.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LINKINFO.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\midimap.dll
C:\WINDOWS\system32\MLANG.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSGINA.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\MSIMG32.dll
C:\WINDOWS\system32\msutb.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\mswsock.dll
C:\WINDOWS\system32\msxml3.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\System32\NETRAP.dll
C:\WINDOWS\system32\NETSHELL.dll
C:\WINDOWS\System32\NETUI0.dll
C:\WINDOWS\System32\NETUI1.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\System32\ntlanman.dll
C:\WINDOWS\system32\ntshrui.dll
C:\WINDOWS\system32\ODBC32.dll
C:\WINDOWS\system32\odbcint.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEACC.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\POWRPROF.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RASAPI32.DLL
C:\WINDOWS\system32\rasman.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\sensapi.dll
C:\WINDOWS\system32\serwvdrv.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHDOCVW.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\stobject.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\TAPI32.dll
C:\WINDOWS\system32\themeui.dll
C:\WINDOWS\system32\umdmxfrm.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\wdmaud.drv
C:\WINDOWS\system32\webcheck.dll
C:\WINDOWS\system32\WINHTTP.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\WTSAPI32.dll
C:\WINDOWS\system32\wzcdlg.dll
C:\WINDOWS\system32\WZCSAPI.DLL
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\system32\zipfldr.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\Ati2evxx.exe (15)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Ati2edxx.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll

[C:\WINDOWS\system32\Ati2evxx.exe (20)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Ati2edxx.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\xpsp2res.dll

[C:\WINDOWS\system32\ctfmon.exe (28)]
C:\Program Files\Caere\OmniPagePro90\ophook32.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSUTB.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\serwvdrv.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\umdmxfrm.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\lsass.exe (61)]
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\AUTHZ.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\dssenh.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\ipsecsvc.dll
C:\WINDOWS\system32\kerberos.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\LSASRV.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msprivs.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\netlogon.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTDSAPI.dll
C:\WINDOWS\system32\oakley.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\psbase.dll
C:\WINDOWS\system32\pstorsvc.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\SAMSRV.dll
C:\WINDOWS\system32\scecli.dll
C:\WINDOWS\system32\schannel.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\serwvdrv.dll
C:\WINDOWS\system32\setupapi.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\umdmxfrm.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\w32time.dll
C:\WINDOWS\system32\wdigest.dll
C:\WINDOWS\system32\WINIPSEC.DLL
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\ntvdm.exe (27)]
C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
C:\Program Files\Caere\OmniPagePro90\ophook32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\appHelp.dll
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTVDMD.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\OLETHK32.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\tsappcmp.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WOW32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\services.exe (39)]
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\AUTHZ.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\eventlog.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NCObjAPI.DLL
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SCESRV.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\serwvdrv.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\umdmxfrm.dll
C:\WINDOWS\system32\umpnpmgr.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\wtsapi32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\System32\smss.exe (1)]
C:\WINDOWS\system32\ntdll.dll

[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE (21)]
C:\Program Files\Caere\OmniPagePro90\ophook32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\spoolsv.exe (55)]
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\cnbjmon.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\E_FLM9XE.DLL
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\inetpp.dll
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\localspl.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\mswsock.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\NETRAP.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTDSAPI.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\pjlmon.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\serwvdrv.dll
C:\WINDOWS\system32\sfc_os.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SPOOLSS.DLL
C:\WINDOWS\system32\tcpmon.dll
C:\WINDOWS\system32\umdmxfrm.dll
C:\WINDOWS\system32\usbmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\win32spl.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\winspool.drv
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\System32\svchost.exe (151)]
C:\WINDOWS\AppPatch\AcGenral.DLL
c:\windows\pchealth\helpctr\binaries\pchsvc.dll
C:\WINDOWS\System32\ACTIVEDS.dll
C:\WINDOWS\System32\adsldpc.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\ADVPACK.dll
C:\WINDOWS\system32\Apphelp.dll
c:\windows\system32\ATL.DLL
c:\windows\system32\audiosrv.dll
c:\windows\system32\AUTHZ.dll
c:\windows\system32\browser.dll
C:\WINDOWS\System32\Cabinet.dll
c:\windows\system32\certcli.dll
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\System32\CLUSAPI.DLL
C:\WINDOWS\system32\colbact.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\system32\comsvcs.dll
c:\windows\system32\credui.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\System32\cryptdll.dll
c:\windows\system32\cryptsvc.dll
C:\WINDOWS\system32\CRYPTUI.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dmserver.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\ersvc.dll
c:\windows\system32\es.dll
c:\windows\system32\ESENT.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\System32\h323.tsp
C:\WINDOWS\System32\HID.DLL
C:\WINDOWS\System32\hidphone.tsp
C:\WINDOWS\System32\HNETCFG.DLL
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\System32\ipconf.tsp
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ipnathlp.dll
C:\WINDOWS\system32\kerberos.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\kmddsp.tsp
C:\WINDOWS\System32\LPK.DLL
C:\WINDOWS\system32\mlang.dll
C:\WINDOWS\System32\MPRAPI.dll
C:\WINDOWS\System32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
c:\windows\system32\msi.dll
C:\WINDOWS\System32\MSIDLE.DLL
C:\WINDOWS\System32\mspatcha.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\System32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
c:\windows\system32\MSWSOCK.dll
C:\WINDOWS\system32\MTXCLU.DLL
C:\WINDOWS\system32\NCObjAPI.DLL
C:\WINDOWS\System32\ndptsp.tsp
C:\WINDOWS\system32\NETAPI32.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\netman.dll
c:\windows\system32\netshell.dll
C:\WINDOWS\system32\ntdll.dll
c:\windows\system32\NTDSAPI.dll
C:\WINDOWS\System32\ntlsapi.dll
C:\WINDOWS\System32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
c:\windows\system32\POWRPROF.dll
c:\windows\system32\PSAPI.DLL
C:\WINDOWS\System32\rasadhlp.dll
C:\WINDOWS\System32\RASAPI32.dll
C:\WINDOWS\System32\raschap.dll
C:\WINDOWS\System32\RASDLG.dll
C:\WINDOWS\System32\rasman.dll
c:\windows\system32\rasmans.dll
C:\WINDOWS\System32\rasppp.dll
C:\WINDOWS\System32\rastapi.dll
C:\WINDOWS\System32\rastls.dll
C:\WINDOWS\System32\RESUTILS.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\rsaenh.dll
c:\windows\system32\rtutils.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\System32\SCHANNEL.dll
c:\windows\system32\schedsvc.dll
c:\windows\system32\seclogon.dll
c:\windows\system32\Secur32.dll
c:\windows\system32\sens.dll
C:\WINDOWS\System32\serwvdrv.dll
C:\WINDOWS\System32\SETUPAPI.dll
C:\WINDOWS\System32\sfc.dll
C:\WINDOWS\System32\sfc_os.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\System32\SHFOLDER.dll
C:\WINDOWS\System32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\srsvc.dll
c:\windows\system32\srvsvc.dll
C:\WINDOWS\system32\SSDPAPI.dll
C:\WINDOWS\System32\SXS.DLL
C:\WINDOWS\System32\TAPI32.dll
c:\windows\system32\tapisrv.dll
c:\windows\system32\trkwks.dll
C:\WINDOWS\System32\umdmxfrm.dll
C:\WINDOWS\System32\unimdm.tsp
C:\WINDOWS\System32\uniplat.dll
C:\WINDOWS\system32\upnp.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\USP10.dll
C:\WINDOWS\System32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\VSSAPI.DLL
c:\windows\system32\w32time.dll
C:\WINDOWS\System32\Wbem\esscli.dll
C:\WINDOWS\System32\Wbem\FastProx.dll
C:\WINDOWS\system32\wbem\ncprov.dll
C:\WINDOWS\system32\wbem\repdrvfs.dll
C:\WINDOWS\system32\wbem\wbemcomn.dll
C:\WINDOWS\System32\Wbem\wbemcore.dll
C:\WINDOWS\system32\wbem\wbemess.dll
C:\WINDOWS\system32\wbem\wbemsvc.dll
C:\WINDOWS\system32\wbem\wmiprvsd.dll
c:\windows\system32\wbem\wmisvc.dll
C:\WINDOWS\system32\wbem\wmiutils.dll
C:\WINDOWS\System32\WINHTTP.dll
C:\WINDOWS\system32\WININET.dll
c:\windows\system32\WINIPSEC.DLL
C:\WINDOWS\System32\WINMM.dll
C:\WINDOWS\System32\WinSCard.dll
C:\WINDOWS\System32\WINSPOOL.DRV
C:\WINDOWS\System32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
c:\windows\system32\wkssvc.dll
C:\WINDOWS\system32\WLDAP32.dll
c:\windows\system32\WMI.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\wscsvc.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WSOCK32.dll
c:\windows\system32\WTSAPI32.dll
C:\WINDOWS\system32\wuaueng.dll
c:\windows\system32\wuauserv.dll
C:\WINDOWS\System32\WZCSAPI.DLL
c:\windows\system32\wzcsvc.dll
C:\WINDOWS\System32\xmlprovi.dll
C:\WINDOWS\System32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\svchost.exe (42)]
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ACTXPRXY.DLL
C:\WINDOWS\system32\ADVAPI32.dll
c:\windows\system32\CFGMGR32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\D125UFW.DLL
C:\WINDOWS\system32\D125UUD.DLL
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
c:\windows\system32\mscms.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\serwvdrv.dll
c:\windows\system32\setupapi.DLL
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\umdmxfrm.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
c:\windows\system32\wiaservc.dll
C:\WINDOWS\system32\WINMM.dll
c:\windows\system32\WINSPOOL.DRV
c:\windows\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\svchost.exe (51)]
C:\WINDOWS\AppPatch\AcGenral.DLL
c:\windows\system32\ACTIVEDS.dll
c:\windows\system32\adsldpc.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
c:\windows\system32\ATL.DLL
c:\windows\system32\AUTHZ.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
c:\windows\system32\ICAAPI.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
c:\windows\system32\mstlsapi.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\REGAPI.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\SAMLIB.dll
c:\windows\system32\Secur32.dll
C:\WINDOWS\system32\serwvdrv.dll
c:\windows\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
c:\windows\system32\termsrv.dll
C:\WINDOWS\system32\umdmxfrm.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\winlogon.exe (68)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\Ati2evxx.dll
C:\WINDOWS\system32\AUTHZ.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\cscdll.dll
C:\WINDOWS\system32\cscui.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\midimap.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSGINA.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NDdeApi.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ODBC32.dll
C:\WINDOWS\system32\odbcint.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PROFMAP.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\REGAPI.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\serwvdrv.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\sfc.dll
C:\WINDOWS\system32\sfc_os.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SHSVCS.dll
C:\WINDOWS\system32\sxs.dll
C:\WINDOWS\system32\umdmxfrm.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\wdmaud.drv
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSCARD.DLL
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WlNotify.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WTSAPI32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\ZoneLabs\vsmon.exe (93)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\Crypt32.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\MSVCRT.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTDSAPI.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\psapi.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\rasapi32.dll
C:\WINDOWS\system32\rasman.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\sensapi.dll
C:\WINDOWS\system32\serwvdrv.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\TAPI32.dll
C:\WINDOWS\system32\umdmxfrm.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\VSDATA.dll
C:\WINDOWS\system32\VSINIT.dll
C:\WINDOWS\system32\VSUTIL.dll
C:\WINDOWS\system32\vswmi.dll
C:\WINDOWS\system32\vsxml.dll
C:\WINDOWS\system32\wbem\fastprox.dll
C:\WINDOWS\system32\wbem\wbemcomn.dll
C:\WINDOWS\system32\wbem\wbemprox.dll
C:\WINDOWS\system32\wbem\wbemsvc.dll
C:\WINDOWS\system32\Wininet.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\system32\zlcomm.dll
C:\WINDOWS\system32\ZLCommDB.dll
C:\WINDOWS\system32\ZoneLabs\av.dll
C:\WINDOWS\system32\ZoneLabs\camupd.dll
C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
C:\WINDOWS\system32\ZoneLabs\fbl.dll
C:\WINDOWS\system32\ZoneLabs\imsecure.dll
C:\WINDOWS\system32\zonelabs\lib\pyd\_socket.pyd
C:\WINDOWS\system32\zonelabs\lib\pyd\pyexpat.pyd
C:\WINDOWS\system32\zonelabs\lib\pyd\pyvsinit.pyd
C:\WINDOWS\system32\zonelabs\lib\pyd\signedDll.pyd
C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
C:\WINDOWS\system32\ZoneLabs\qrbase.dll
C:\WINDOWS\system32\ZoneLabs\scheduler.dll
C:\WINDOWS\system32\ZoneLabs\srescan.dll
C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
C:\WINDOWS\system32\ZoneLabs\vsdb.dll
C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
C:\WINDOWS\system32\ZoneLabs\VSRULEDB.DLL
C:\WINDOWS\system32\ZoneLabs\vsvault.dll
C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
C:\WINDOWS\system32\ZoneLabs\zlsre.dll
C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
C:\WINDOWS\system32\zpeng24.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

--------------------

Autostart folders:

[Startup (5)]
desktop.ini
LimeWire On Startup.lnk
MOH.lnk
reminder-ScanSoft Product Registration.lnk
TA_Start.lnk

[User Startup (5)]
desktop.ini
LimeWire On Startup.lnk
MOH.lnk
reminder-ScanSoft Product Registration.lnk
TA_Start.lnk

[Common Startup (4)]
Adobe Gamma Loader.lnk
desktop.ini
Microsoft Office.lnk
NETGEAR WG311v3 Smart Wizard.lnk

[User Common Startup (4)]
Adobe Gamma Loader.lnk
desktop.ini
Microsoft Office.lnk
NETGEAR WG311v3 Smart Wizard.lnk

--------------------

Task Scheduler jobs (1):

AppleSoftwareUpdate.job

--------------------

IniMapping values:

System NT shell = Explorer.exe

--------------------

Autostarting batch files:

[autoexec.nt]
@echo off
lh %SystemRoot%\system32\mscdexnt.exe
lh %SystemRoot%\system32\redir
lh %SystemRoot%\system32\dosx
SET BLASTER=A220 I5 D1 P330 T3

[config.nt]
dos=high, umb
device=%SystemRoot%\system32\himem.sys
files=40
device=C:\PROGRA~1\ALWILS~1\Avast4\aswmonds.sys

--------------------

On-reboot actions:

[Wininit.ini]
[rename]

BootExecute = autocheck autochk *

--------------------

Shell commands:

.bat - MS-DOS Batch File - "%1" %*
.cmd - Windows NT Command Script - "%1" %*
.com - MS-DOS Application - "%1" %*
.exe - Application - "%1" %*
.hta - HTML Application - C:\WINDOWS\system32\mshta.exe "%1" %*
.js - JScript Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.jse - JScript Encoded Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.pif - Shortcut to MS-DOS Program - "%1" %*
.scr - Screen Saver - "%1" /S
.txt - Text Document - C:\WINDOWS\system32\NOTEPAD.EXE %1
.vbe - VBScript Encoded Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.vbs - VBScript Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.wsf - Windows Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.wsh - Windows Script Host Settings File - C:\WINDOWS\System32\WScript.exe "%1" %*

--------------------

Services:

[NT Services (40)]
Ati HotKey Poller = C:\WINDOWS\system32\Ati2evxx.exe
ATI Smart = C:\WINDOWS\system32\ati2sgag.exe
Automatic Updates = C:\WINDOWS\system32\svchost.exe -k netsvcs
avast! Antivirus = "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
avast! iAVS4 Control Service = "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
Computer Browser = C:\WINDOWS\system32\svchost.exe -k netsvcs
Cryptographic Services = C:\WINDOWS\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher = C:\WINDOWS\system32\svchost -k DcomLaunch
DHCP Client = C:\WINDOWS\system32\svchost.exe -k netsvcs
Distributed Link Tracking Client = C:\WINDOWS\system32\svchost.exe -k netsvcs
DNS Client = C:\WINDOWS\system32\svchost.exe -k NetworkService
Error Reporting Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
Event Log = C:\WINDOWS\system32\services.exe
Help and Support = C:\WINDOWS\System32\svchost.exe -k netsvcs
IPSEC Services = C:\WINDOWS\system32\lsass.exe
Logical Disk Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs
Plug and Play = C:\WINDOWS\system32\services.exe
Print Spooler = C:\WINDOWS\system32\spoolsv.exe
Protected Storage = C:\WINDOWS\system32\lsass.exe
Remote Procedure Call (RPC) = C:\WINDOWS\system32\svchost -k rpcss
Remote Registry = C:\WINDOWS\system32\svchost.exe -k LocalService
Secondary Logon = C:\WINDOWS\System32\svchost.exe -k netsvcs
Security Accounts Manager = C:\WINDOWS\system32\lsass.exe
Security Center = C:\WINDOWS\System32\svchost.exe -k netsvcs
Server = C:\WINDOWS\system32\svchost.exe -k netsvcs
Shell Hardware Detection = C:\WINDOWS\System32\svchost.exe -k netsvcs
System Event Notification = C:\WINDOWS\system32\svchost.exe -k netsvcs
System Restore Service = C:\WINDOWS\system32\svchost.exe -k netsvcs
Task Scheduler = C:\WINDOWS\System32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper = C:\WINDOWS\system32\svchost.exe -k LocalService
Themes = C:\WINDOWS\System32\svchost.exe -k netsvcs
TrueVector Internet Monitor = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
WebClient = C:\WINDOWS\system32\svchost.exe -k LocalService
Windows Audio = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Firewall/Internet Connection Sharing (ICS) = C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Image Acquisition (WIA) = C:\WINDOWS\system32\svchost.exe -k imgsvc
Windows Management Instrumentation = C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Time = C:\WINDOWS\System32\svchost.exe -k netsvcs
Wireless Zero Configuration = C:\WINDOWS\System32\svchost.exe -k netsvcs
Workstation = C:\WINDOWS\system32\svchost.exe -k netsvcs

[SafeBoot services (Minimal boot)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
dmboot.sys
dmio.sys
dmload.sys
sermouse.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
PCI Configuration
PNP Filter
Primary disk
SCSI Class
System Bus Extender

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AppMgmt
CryptSvc
DcomLaunch
dmadmin
dmserver
EventLog
HelpSvc
Netlogon
PlugPlay
RpcSs
SRService
WinMgmt

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}


[SafeBoot services (Minimal boot + network support)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
dmboot.sys
dmio.sys
dmload.sys
ip6fw.sys
ipnat.sys
rdpcdd.sys
rdpdd.sys
rdpwd.sys
sermouse.sys
tdpipe.sys
tdtcp.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
NDIS
NDIS Wrapper
NetBIOSGroup
NetDDEGroup
Network
NetworkProvider
PCI Configuration
PNP Filter
PNP_TDI
Primary disk
SCSI Class
Streams Drivers
System Bus Extender
TDI

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* Net *
{4D36E972-E325-11CE-BFC1-08002BE10318}

* NetClient *
{4D36E973-E325-11CE-BFC1-08002BE10318}

* NetService *
{4D36E974-E325-11CE-BFC1-08002BE10318}

* NetTrans *
{4D36E975-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AFD
AppMgmt
Browser
CryptSvc
DcomLaunch
Dhcp
dmadmin
dmserver
DnsCache
EventLog
HelpSvc
LanmanServer
LanmanWorkstation
LmHosts
Messenger
Ndisuio
NetBIOS
NetBT
Netlogon
NetMan
NtLmSsp
PlugPlay
rdsessmgr
RpcSs
SharedAccess
SRService
Tcpip
termservice
WinMgmt
WZCSVC

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}


[SafeBoot: Alternate shell]
cmd.exe (not enabled)

--------------------

Driver filters:

[Class filters]
* Disk drives *
- Upper filters
PartMgr.sys

* Infrared devices *
- Upper filters
IRENUM.sys

* Keyboards *
- Upper filters
kbdclass.sys

* Mice and other pointing devices *
- Upper filters
mouclass.sys

* Storage volumes *
- Upper filters
VolSnap.sys



[Device filters]
* CD-ROM Drive *
- Upper filters
redbook.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* Communications Port *
- Upper filters
serenum.sys

* Communications Port *
- Upper filters
serenum.sys

* Direct Parallel *
- Lower filters
PtiLink.sys

* Intel® 82845 Processor to AGP Controller - 1A31 *
- Upper filters
AGP440.sys

* Olitec Speed'Com USB V92 Ready *
- Lower filters
AgereSoftModem.sys

* Olitec Speed'Com USB V92 Ready *
- Lower filters
AgereSoftModem.sys

* Terminal Server Keyboard Driver *
- Upper filters
kbdclass.sys

* Terminal Server Mouse Driver *
- Upper filters
mouclass.sys

* WAN Miniport (IP) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPPOE) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPTP) *
- Lower filters
NdisTapi.sys



--------------------

Print monitors (6):

BJ Language Monitor - cnbjmon.dll
EPSON Stylus Photo R320 Series 2KMonitor5E - E_FLM9XE.DLL
Local Port - localspl.dll
PJL Language Monitor - pjlmon.dll
Standard TCP/IP Port - tcpmon.dll
USB Monitor - usbmon.dll

--------------------

WinLogon autoruns:

UserInit = C:\WINDOWS\system32\userinit.exe,
VmApplet = rundll32 shell32,Control_RunDLL "sysdm.cpl"

[Notify (10)]
AtiExtEvent = Ati2evxx.dll
crypt32chain = crypt32.dll
cryptnet = cryptnet.dll
cscdll = cscdll.dll
ScCertProp = wlnotify.dll
Schedule = wlnotify.dll
sclgntfy = sclgntfy.dll
SensLogn = WlNotify.dll
termsrv = wlnotify.dll
wlballoon = wlnotify.dll

[Group policy extensions (12)]
Wireless = gptext.dll
Folder Redirection = fdeploy.dll
Microsoft Disk Quota = dskquota.dll
QoS Packet Scheduler = gptext.dll
Scripts = gptext.dll
Internet Explorer Zonemapping = iedkcs32.dll
Security = scecli.dll
Internet Explorer Branding = iedkcs32.dll
EFS recovery = scecli.dll
Microsoft Offline Files = %SystemRoot%\System32\cscui.dll
Software Installation = appmgmts.dll
IP Security = gptext.dll

--------------------

Policies:

[This user]
* Alternate policies *
- Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1)
NoDriveTypeAutoRun = dword: 145



[All users]
* Primary policies *
- Software\Policies\Microsoft\Windows\Installer (1)
EnableAdminTSRemote = dword: 1

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000} (7)
ClassName = ipsecFilter
description = Matches all ICMP packets between this computer and any other computer.
name = ipsecFilter{72385235-70fa-11d1-864c-14a300000000}
ipsecName = All ICMP Traffic
ipsecID = {72385235-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1183042169

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000} (7)
ClassName = ipsecFilter
description = Matches all IP packets from this computer to any other computer, except broadcast, multicast, Kerberos, RSVP and ISAKMP (IKE).
name = ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}
ipsecName = All IP Traffic
ipsecID = {7238523a-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1183042169

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}
ipsecID = {72385231-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1183042169

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}
ipsecID = {72385234-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1183042169

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}
ipsecID = {72385237-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1183042169

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}
ipsecID = {7238523d-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1183042169

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Accepts unsecured communication, but requests clients to establish trust and security methods. Will communicate insecurely to untrusted clients if they do not respond to request.
name = ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}
ipsecName = Request Security (Optional)
ipsecID = {72385233-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {3f91a81a-7647-11d1-864d-d46a00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1183042169

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Permit unsecured IP packets to pass through.
name = ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
ipsecName = Permit
ipsecID = {7238523b-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {8a171dd2-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1183042169

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients.
name = ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}
ipsecName = Require Security
ipsecID = {7238523f-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {3f91a81a-7647-11d1-864d-d46a00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1183042169

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7607a9a5-bfba-485b-ba47-f5351214b256} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{7607a9a5-bfba-485b-ba47-f5351214b256}
ipsecID = {7607a9a5-bfba-485b-ba47-f5351214b256}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1183042169

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7ef2b52e-7f91-47fb-8662-049521a7f168} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{7ef2b52e-7f91-47fb-8662-049521a7f168}
ipsecID = {7ef2b52e-7f91-47fb-8662-049521a7f168}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1183042169

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{be6281dd-bfa1-4386-a977-1824736e037e} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{be6281dd-bfa1-4386-a977-1824736e037e}
ipsecID = {be6281dd-bfa1-4386-a977-1824736e037e}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1183042169

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{04a4732d-8bac-4d1a-95f4-2429f2a73ad0} (8)
ClassName = ipsecNFA
name = ipsecNFA{04a4732d-8bac-4d1a-95f4-2429f2a73ad0}
ipsecName = Permit unsecure ICMP packets to pass through.
description = Permit unsecure ICMP packets to pass through.
ipsecID = {04a4732d-8bac-4d1a-95f4-2429f2a73ad0}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1183042169

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{5d65d495-de2e-4521-ab40-7de4f0221f82} (6)
ClassName = ipsecNFA
name = ipsecNFA{5d65d495-de2e-4521-ab40-7de4f0221f82}
ipsecID = {5d65d495-de2e-4521-ab40-7de4f0221f82}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{be6281dd-bfa1-4386-a977-1824736e037e}
whenChanged = dword: 1183042169

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{67bf8103-c60a-4019-b38f-dcdc2a132bd3} (8)
ClassName = ipsecNFA
name = ipsecNFA{67bf8103-c60a-4019-b38f-dcdc2a132bd3}
ipsecName = Require Security
description = Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients.
ipsecID = {67bf8103-c60a-4019-b38f-dcdc2a132bd3}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1183042169

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{71e6db69-061e-4769-8d9a-b60a0f4a51dc} (6)
ClassName = ipsecNFA
name = ipsecNFA{71e6db69-061e-4769-8d9a-b60a0f4a51dc}
ipsecID = {71e6db69-061e-4769-8d9a-b60a0f4a51dc}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7ef2b52e-7f91-47fb-8662-049521a7f168}
whenChanged = dword: 1183042169

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{9b79763e-cee9-4493-9bdb-a6ee4464c2dd} (6)
ClassName = ipsecNFA
name = ipsecNFA{9b79763e-cee9-4493-9bdb-a6ee4464c2dd}
ipsecID = {9b79763e-cee9-4493-9bdb-a6ee4464c2dd}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7607a9a5-bfba-485b-ba47-f5351214b256}
whenChanged = dword: 1183042169

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{a10b3047-adca-4e25-9eb4-bfdca438568a} (8)
ClassName = ipsecNFA
name = ipsecNFA{a10b3047-adca-4e25-9eb4-bfdca438568a}
ipsecName = Request Security (Optional) Rule
description = For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request.
ipsecID = {a10b3047-adca-4e25-9eb4-bfdca438568a}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1183042169

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{b2acddea-cb1d-4359-91d8-edca7e7dcb21} (8)
ClassName = ipsecNFA
name = ipsecNFA{b2acddea-cb1d-4359-91d8-edca7e7dcb21}
ipsecName = Permit unsecure ICMP packets to pass through.
description = Permit unsecure ICMP packets to pass through.
ipsecID = {b2acddea-cb1d-4359-91d8-edca7e7dcb21}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1183042169

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request.
name = ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}
ipsecName = Server (Request Security)
ipsecID = {72385230-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1183042169

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = Communicate normally (unsecured). Use the default response rule to negotiate with servers that request security. Only the requested protocol and port traffic with that server is secured.
name = ipsecPolicy{72385236-70fa-11d1-864c-14a300000000}
ipsecName = Client (Respond Only)
ipsecID = {72385236-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1183042169

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = For all IP traffic, always require security using Kerberos trust. Do NOT allow unsecured communication with untrusted clients.
name = ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}
ipsecName = Secure Server (Require Security)
ipsecID = {7238523c-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1183042169

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers (4)
TransparentEnabled = dword: 1
DefaultLevel = dword: 262144
AuthenticodeEnabled = dword: 0
PolicyScope = dword: 0

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} (4)
Description = Stop the download of this file
FriendlyName = Mdac11.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} (4)
Description = Stop the download of this file
FriendlyName = mdac20.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} (4)
Description = Stop the download of this file
FriendlyName = mdac20_a.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} (4)
Description = Stop the download of this file
FriendlyName = _msadc10.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} (4)
Description = Stop the download of this file
FriendlyName = msadc11.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} (2)
Description =
SaferFlags = dword: 0

* Alternate policies *
- Software\Microsoft\Windows\CurrentVersion\policies\NonEnum (3)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = dword: 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = dword: 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = dword: 32

- Software\Microsoft\Windows\CurrentVersion\policies\system (5)
dontdisplaylastusername = dword: 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = dword: 1
undockwithoutlogon = dword: 1



--------------------

Browser Helper Objects (5):

Ask Search Assistant BHO = {9CB65201-89C4-402c-BA80-02D8C59F9B1D} = C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
Ask Toolbar BHO = {FE063DB1-4EC0-403e-8DD8-394C54984B2C} = C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
EpsonToolBandKicker Class = {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} = C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
IKatzu Class = {EA5159DF-E413-4878-8AE2-D921D41BB942} = C:\WINDOWS\system32\bkinwigk.dll
SSVHelper Class = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} = C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

--------------------

ActiveX objects (14):

BASEIE40_W2K - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe
BRANDING.CAB - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
DOTNETFRAMEWORKS - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
IE4Shell_NT - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
IEACCESS - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
MailNews - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
Messenger - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
NetMeeting - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
OEACCESS - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
Theme Component - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
WAB - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
Windows Marketplace Link - {4b218e3e-bc98-4770-93d3-2731b9329278} - C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 C:\WINDOWS\inf\ie.inf
WMPACCESS - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

--------------------

Internet Explorer toolbars:

[All users (1)]
Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

[This user]
* ShellBrowser (1) *
&Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll

* WebBrowser (4) *
&Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll
&Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll
EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
Ask Toolbar - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL


--------------------

Internet Explorer buttons/tools (1):

Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

--------------------

Internet Explorer Bands (8):

Search Band - {30D02401-6A81-11d0-8274-00C04FD5AE38} - C:\WINDOWS\system32\browseui.dll
&Tip of the Day - {4D5C8C25-D075-11d0-B416-00C04FB90376} - C:\WINDOWS\system32\shdocvw.dll
Ask PopSwatter - {72FE8681-0BFA-471b-9B2A-B37ED68DD09E} - C:\WINDOWS\system32\shdocvw.dll
&Discuss - {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} - shdocvw.dll
File Search Explorer Band - {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - C:\WINDOWS\system32\SHELL32.dll
Favorites Band - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
History Band - {EFA24E62-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
Explorer Band - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll

--------------------

Downloaded Program Files (4):

Java Runtime Environment 1.6.0 - {8AD9C840-044E-11D1-B3E9-00805F499D93} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
Java Runtime Environment 1.6.0 - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
Java Runtime Environment 1.6.0 - {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
Shockwave Flash Object - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

--------------------

URL search hooks:

[This user (2)]
(no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll

--------------------

Explorer clones:

C:\WINDOWS\explorer.exe

--------------------

Image File Execution Options (1):

Your Image File Name Here without a path = ntsd -d

--------------------

ContextMenuHandlers:

[* (7)]
avast = {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll
Open With = {09799AFB-AD67-11d1-ABCD-00C04FC30936} = C:\WINDOWS\system32\SHELL32.dll
Open With EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = C:\WINDOWS\system32\SHELL32.dll
Start Menu Pin = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = C:\WINDOWS\system32\SHELL32.dll
WinZip = {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
ZLAVShExt = {D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll

[Drive (4)]
Disk Copy Extension = {59099400-57FF-11CE-BD94-0020AF85B590} = diskcopy.dll
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
ShellFolder for CD Burning = {fbeb8a05-beee-4442-804e-409d6c4515e9} = C:\WINDOWS\system32\SHELL32.dll

[Folder (3)]
avast = {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
WinZip = {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
ZLAVShExt = {D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll

[CompressedFolder (1)]
Compressed (zipped) Folder Context Menu = {b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} = C:\WINDOWS\system32\zipfldr.dll

[Directory (4)]
EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = C:\WINDOWS\system32\SHELL32.dll
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinZip = {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[Directory\Background (1)]
New = {D969A300-E7FF-11d0-A93B-00A0C90F2719} = C:\WINDOWS\system32\SHELL32.dll

[ChannelShortcut (1)]
Channel Menu Handler Object = {f3da0dc0-9cc8-11d0-a599-00c04fd64437} = C:\WINDOWS\system32\cdfview.dll

[InternetShortcut (1)]
Internet Shortcut = {FBF23B40-E3F0-101B-8488-00AA003E56F8} = shdocvw.dll

[AllFileSystemObjects (1)]
Send To = {7BA4C740-9E81-11CF-99D3-00AA004AE837} = C:\WINDOWS\system32\SHELL32.dll

--------------------

ColumnHandlers (4):

(no name) - {0D2E74C4-3C34-11d2-A27E-00C04FC30871} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {24F14F01-7B1C-11d1-838f-0000F80461CF} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {24F14F02-7B1C-11d1-838f-0000F80461CF} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {66742402-F9B9-11D1-A202-0000F81FEDEE} - C:\WINDOWS\system32\SHELL32.dll

--------------------

ShellExecuteHooks (1):

URL Exec Hook = {AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

--------------------

Approved Shell Extensions:

[All users (178)]
%DESC_PublishDropTarget% - {60fd46de-f830-4894-a628-6fa81bc0190d} - C:\WINDOWS\system32\photowiz.dll
&Address - {01E04581-4EEE-11d0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll
.CAB file viewer - {0CD7A5C0-9F37-11CE-AE65-08002B2E1262} - cabview.dll
Accessible - {7e653215-fa25-46bd-a339-34a2790f3cb7} - C:\WINDOWS\system32\browseui.dll
ActiveX Cache Folder - {88C6C381-2E85-11D0-94DE-444553540000} - C:\WINDOWS\system32\occache.dll
Address EditBox - {A08C11D2-A228-11d0-825B-00AA005B4383} - C:\WINDOWS\system32\browseui.dll
Administrative Tools - {D20EA4E1-3957-11d2-A40B-0C5020524153} - C:\WINDOWS\system32\shdocvw.dll
Audio Media Properties Handler - {875CB1A1-0F29-45de-A1AE-CFB4950D0B78} - C:\WINDOWS\system32\shmedia.dll
Augmented Shell Folder - {91EA3F8B-C99B-11d0-9815-00C04FD91972} - C:\WINDOWS\system32\browseui.dll
Augmented Shell Folder 2 - {6413BA2C-B461-11d1-A18A-080036B11A03} - C:\WINDOWS\system32\browseui.dll
Auto Update Property Sheet Extension - {5F327514-6C5E-4d60-8F16-D07FA08A78ED} - C:\WINDOWS\system32\wuaucpl.cpl
Autoplay for SlideShow - {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} -
avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\Alwil Software\Avast4\ashShell.dll
Avi Properties Handler - {87D62D94-71B3-4b9a-9489-5FE6850DC73E} - C:\WINDOWS\system32\shmedia.dll
BandProxy - {F61FFEC1-754F-11d0-80CA-00AA005B4383} - C:\WINDOWS\system32\browseui.dll
Briefcase - {85BBD920-42A0-1069-A2E4-08002B30309D} - syncui.dll
CDF Extension Copy Hook - {67EA19A0-CCEF-11d0-8024-00C04FD75D13} - C:\WINDOWS\system32\shdocvw.dll
Channel File - {f39a0dc0-9cc8-11d0-a599-00c04fd64433} - C:\WINDOWS\system32\cdfview.dll
Channel Handler Object - {f3ba0dc0-9cc8-11d0-a599-00c04fd64435} - C:\WINDOWS\system32\cdfview.dll
Channel Menu - {f3da0dc0-9cc8-11d0-a599-00c04fd64437} - C:\WINDOWS\system32\cdfview.dll
Channel Properties - {f3ea0dc0-9cc8-11d0-a599-00c04fd64438} - C:\WINDOWS\system32\cdfview.dll
Channel Shortcut - {f3aa0dc0-9cc8-11d0-a599-00c04fd64434} - C:\WINDOWS\system32\cdfview.dll
Code Download Agent - {7D559C10-9FE9-11d0-93F7-00AA0059CE02} - C:\WINDOWS\system32\webcheck.dll
Compatibility Page - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} - SlayerXP.dll
Compressed (zipped) Folder - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} - C:\WINDOWS\system32\zipfldr.dll
Compressed (zipped) Folder Right Drag Handler - {BD472F60-27FA-11cf-B8B4-444553540000} - C:\WINDOWS\system32\zipfldr.dll
Compressed (zipped) Folder SendTo Target - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} - C:\WINDOWS\system32\zipfldr.dll
ConnectionAgent - {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} - C:\WINDOWS\system32\webcheck.dll
Crypto PKO Extension - {7444C717-39BF-11D1-8CD9-00C04FC29D45} - C:\WINDOWS\system32\cryptext.dll
Crypto Sign Extension - {7444C719-39BF-11D1-8CD9-00C04FC29D45} - C:\WINDOWS\system32\cryptext.dll
Custom MRU AutoCompleted List - {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} - C:\WINDOWS\system32\browseui.dll
Darwin App Publisher - {CFCCC7A0-A282-11D1-9082-006008059382} - C:\WINDOWS\system32\appwiz.cpl
DfsShell - {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} - C:\WINDOWS\system32\dfsshlex.dll
Directory Context Menu Verbs - {62AE1F9A-126A-11D0-A14B-0800361B1103} - C:\WINDOWS\system32\dsuiext.dll
Directory Object Find - {163FDC20-2ABC-11d0-88F0-00A024AB2DBB} - C:\WINDOWS\system32\dsquery.dll
Directory Property UI - {0D45D530-764B-11d0-A1CA-00AA00C16E65} - C:\WINDOWS\system32\dsuiext.dll
Directory Query UI - {8A23E65E-31C2-11d0-891C-00A024AB2DBB} - C:\WINDOWS\system32\dsquery.dll
Directory Start/Search Find - {F020E586-5264-11d1-A532-0000F8757D7E} - C:\WINDOWS\system32\dsquery.dll
Disk Copy Extension - {59099400-57FF-11CE-BD94-0020AF85B590} - diskcopy.dll
Disk Quota UI - {7988B573-EC89-11cf-9C00-00AA00A14F56} - dskquoui.dll
Display Adapter CPL Extension - {42071712-76d4-11d1-8b24-00a0c9068ff3} - deskadp.dll
Display Monitor CPL Extension - {42071713-76d4-11d1-8b24-00a0c9068ff3} - deskmon.dll
Display Panning CPL Extension - {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll
Display TroubleShoot CPL Extension - {f92e8c40-3d33-11d2-b1aa-080036a75b03} - deskperf.dll
Download Status - {22BF0C20-6DA7-11D0-B373-00A0C9034938} - C:\WINDOWS\system32\browseui.dll
DS Security Page - {4E40F770-369C-11d0-8922-00A024AB2DBB} - dssec.dll
E-mail - {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Encryption Context Menu - {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} -
Explorer Band - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
Extensions Manager Folder - {692F0339-CBAA-47e6-B5B5-3B84DB604E87} - C:\WINDOWS\system32\extmgr.dll
Favorites Band - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
Fonts - {BD84B380-8CA2-1069-AB1D-08000948F534} - fontext.dll
Fonts - {D20EA4E1-3957-11d2-A40B-0C5020524152} - C:\WINDOWS\system32\shdocvw.dll
For &People... - {32714800-2E5F-11d0-8B85-00AA0044F941} - C:\Program Files\Outlook Express\wabfind.dll
FTP Folders Webview - {63da6ec0-2e98-11cf-8d82-444553540000} - C:\WINDOWS\system32\msieftp.dll
Fusion Cache - {1D2680C9-0E2A-469d-B787-065558BC7D43} - C:\WINDOWS\system32\mscoree.dll
GDI+ file thumbnail extractor - {3F30C968-480A-4C6C-862D-EFC0897BB84B} - C:\WINDOWS\system32\shimgvw.dll
Get a Passport Wizard - {58f1f272-9240-4f51-b6d4-fd63d1618591} - C:\WINDOWS\system32\netplwiz.dll
Global Folder Settings - {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} - C:\WINDOWS\system32\browseui.dll
Help and Support - {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Help and Support - {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
History - {FF393560-C2A7-11CF-BFF4-444553540000} - C:\WINDOWS\system32\shdocvw.dll
HTML Thumbnail Extractor - {EAB841A0-9550-11cf-8C16-00805F1408F3} - C:\WINDOWS\system32\shimgvw.dll
HyperTerminal Icon Ext - {88895560-9AA2-1069-930E-00AA0030EBC8} - C:\WINDOWS\system32\hticons.dll
ICC Profile - {DBCE2480-C732-101B-BE72-BA78E9AD5B27} - C:\WINDOWS\system32\icmui.dll
ICM Monitor Management - {5DB2625A-54DF-11D0-B6C4-0800091AA605} - C:\WINDOWS\System32\icmui.dll
ICM Printer Management - {675F097E-4C4D-11D0-B6C1-0800091AA605} - C:\WINDOWS\system32\icmui.dll
ICM Scanner Management - {176d6597-26d3-11d1-b350-080036a75b03} - icmui.dll
IE4 Suite Splash Screen - {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\system32\shdocvw.dll
In-pane search - {169A0691-8DF9-11d1-A1C4-00C04FD75D13} - C:\WINDOWS\system32\browseui.dll
Installed Apps Enumerator - {0B124F8F-91F0-11D1-B8B5-006008059382} - C:\WINDOWS\system32\appwiz.cpl
Internet - {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Internet Name Space - {871C5380-42A0-1069-A2EA-08002B30309D} - C:\WINDOWS\system32\shdocvw.dll
InternetShortcut - {FBF23B40-E3F0-101B-8488-00AA003E56F8} - shdocvw.dll
ISFBand OC - {131A6951-7F78-11D0-A979-00C04FD705A2} - C:\WINDOWS\system32\shdocvw.dll
Microsoft Agent Character Property Sheet Handler - {143A62C8-C33B-11D1-84FE-00C04FA34A14} - C:\WINDOWS\msagent\agentpsh.dll
Microsoft AutoComplete - {00BB2763-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\system32\browseui.dll
Microsoft Browser Architecture - {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} - C:\WINDOWS\system32\shdocvw.dll
Microsoft BrowserBand - {7BA4C742-9E81-11CF-99D3-00AA004AE837} - C:\WINDOWS\system32\browseui.dll
Microsoft Data Link - {2206CDB2-19C1-11D1-89E0-00C04FD7A829} - C:\Program Files\Common Files\System\Ole DB\oledb32.dll
Microsoft DocProp Inplace Calendar Control - {6A205B57-2567-4A2C-B881-F787FAB579A3} - C:\WINDOWS\system32\docprop2.dll
Microsoft DocProp Inplace Droplist Combo Control - {0EEA25CC-4362-4A12-850B-86EE61B0D3EB} - C:\WINDOWS\system32\docprop2.dll
Microsoft DocProp Inplace Edit Box Control - {A9CF0EAE-901A-4739-A481-E35B73E47F6D} - C:\WINDOWS\system32\docprop2.dll
Microsoft DocProp Inplace ML Edit Box Control - {8EE97210-FD1F-4B19-91DA-67914005F020} - C:\WINDOWS\system32\docprop2.dll
Microsoft DocProp Inplace Time Control - {28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} - C:\WINDOWS\system32\docprop2.dll
Microsoft DocProp Shell Ext - {883373C3-BF89-11D1-BE35-080036B11A03} - C:\WINDOWS\system32\docprop2.dll
Microsoft History AutoComplete List - {00BB2764-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\system32\browseui.dll
Microsoft Internet Toolbar - {5E6AB780-7743-11CF-A12B-00AA004AE837} - C:\WINDOWS\system32\browseui.dll
Microsoft Multiple AutoComplete List Container - {00BB2765-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\system32\browseui.dll
Microsoft Outlook Custom Icon Handler - {0006F045-0000-0000-C000-000000000046} - C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
Microsoft Shell Folder AutoComplete List - {03C036F1-A186-11D0-824A-00AA005B4383} - C:\WINDOWS\system32\browseui.dll
Microsoft Url History Service - {3C374A40-BAE4-11CF-BF7D-00AA006946EE} - C:\WINDOWS\system32\shdocvw.dll
Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll
Midi Properties Handler - {A6FD9E45-6E44-43f9-8644-08598F5A74D9} - C:\WINDOWS\system32\shmedia.dll
MMC Icon Handler - {7A80E4A8-8005-11D2-BCF8-00C04F72C717} - C:\WINDOWS\System32\mmcshext.dll
MRU AutoComplete List - {6756A641-DE71-11d0-831B-00AA005B4383} - C:\WINDOWS\system32\browseui.dll
Multimedia File Property Sheet - {00022613-0000-0000-C000-000000000046} - mmsys.cpl
Multiscan - {D9872D13-7651-4471-9EEE-F0A00218BEBB} - C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
MyDocs Copy Hook - {ECF03A33-103D-11d2-854D-006008059367} - C:\WINDOWS\system32\mydocs.dll
MyDocs Drop Target - {ECF03A32-103D-11d2-854D-006008059367} - C:\WINDOWS\system32\mydocs.dll
MyDocs Properties - {4a7ded0a-ad25-11d0-98a8-0800361b1103} - C:\WINDOWS\system32\mydocs.dll
Network Connections - {7007ACC7-3202-11D1-AAD2-00805FC1270E} - C:\WINDOWS\system32\NETSHELL.dll
Network Connections - {992CFFA0-F557-101A-88EC-00DD010CCC48} - C:\WINDOWS\system32\NETSHELL.dll
NTFS Security Page - {1F2E5C40-9550-11CE-99D2-00AA006E086C} - rshx32.dll
Offline Files Folder - {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} - C:\WINDOWS\System32\cscui.dll
Offline Files Folder Options - {10CFC467-4392-11d2-8DB4-00C04FA31A66} - C:\WINDOWS\System32\cscui.dll
Offline Files Menu - {750fdf0e-2a26-11d1-a3ea-080036587f03} - C:\WINDOWS\System32\cscui.dll
OLE Docfile Property Page - {3EA48300-8CF6-101B-84FB-666CCB9BCD32} - docprop.dll
PlusPack CPL Extension - {41E300E0-78B6-11ce-849B-444553540000} - C:\WINDOWS\system32\themeui.dll
PostAgent - {D8BD2030-6FC9-11D0-864F-00AA006809D9} - C:\WINDOWS\system32\webcheck.dll
Previous Versions - {9DB7A13C-F208-4981-8353-73CC61AE2783} - C:\WINDOWS\system32\twext.dll
Previous Versions Property Page - {596AB062-B4D2-4215-9F74-E9109B0A8153} - C:\WINDOWS\system32\twext.dll
Print Ordering via the Web - {add36aa8-751a-4579-a266-d66f5202ccbb} - C:\WINDOWS\system32\netplwiz.dll
Printers Security Page - {F37C5810-4D3F-11d0-B4BF-00AA00BBB723} - rshx32.dll
Registry Tree Options Utility - {AF4F6510-F982-11d0-8595-00AA004CD6D8} - C:\WINDOWS\system32\browseui.dll
Remote Sessions CPL Extension - {F0152790-D56E-4445-850E-4F3117DB740C} - C:\WINDOWS\system32\remotepg.dll
Run... - {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Scanners & Cameras - {3F953603-1008-4f6e-A73A-04AAC7A992F1} - wiashext.dll
Scanners & Cameras - {83bbcbf3-b28a-4919-a5aa-73027445d672} - wiashext.dll
Scanners & Cameras - {905667aa-acd6-11d2-8080-00805f6596d2} - wiashext.dll
Scanners & Cameras - {E211B736-43FD-11D1-9EFB-0000F8757FCD} - wiashext.dll
Scanners & Cameras - {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} - wiashext.dll
Scheduled Tasks - {D6277990-4C6A-11CF-8D87-00AA0060F5BF} - C:\WINDOWS\system32\mstask.dll
Search - {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Search Assistant OC - {9461b922-3c5a-11d2-bf8b-00c04fb93661} - C:\WINDOWS\system32\shdocvw.dll
Search Band - {30D02401-6A81-11d0-8274-00C04FD5AE38} - C:\WINDOWS\system32\browseui.dll
Sendmail service - {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} - C:\WINDOWS\system32\sendmail.dll
Sendmail service - {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} - C:\WINDOWS\system32\sendmail.dll
Set Program Access and Defaults - {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Shell Application Manager - {352EC2B7-8B9A-11D1-B8AE-006008059382} - C:\WINDOWS\system32\appwiz.cpl
Shell Automation Inproc Service - {0A89A860-D7B1-11CE-8350-444553540000} - C:\WINDOWS\system32\shdocvw.dll
Shell Band Site Menu - {ECD4FC4E-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
Shell DeskBar - {ECD4FC4C-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
Shell DeskBarApp - {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} - C:\WINDOWS\system32\browseui.dll
Shell DocObject Viewer - {E7E4BC40-E76A-11CE-A9BB-00AA004AE837} - C:\WINDOWS\system32\shdocvw.dll
Shell extensions for file compression - {764BF0E1-F219-11ce-972D-00AA00A14F56} -
Shell extensions for Microsoft Windows Network objects - {59be4990-f85c-11ce-aff7-00aa003ca9f6} - ntlanui2.dll
Shell extensions for sharing - {40dd6e20-7c17-11ce-a804-00aa003ca9f6} - ntshrui.dll
Shell extensions for sharing - {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} - ntshrui.dll
Shell extensions for Windows Script Host - {60254CA5-953B-11CF-8C96-00AA00B8708C} - C:\WINDOWS\system32\wshext.dll
Shell Image Data Factory - {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} - C:\WINDOWS\system32\shimgvw.dll
Shell Image Property Handler - {eb9b1153-3b57-4e68-959a-a3266bc3d7fe} - C:\WINDOWS\system32\shimgvw.dll
Shell Image Verbs - {e84fda7c-1d6a-45f6-b725-cb260c236066} - C:\WINDOWS\system32\shimgvw.dll
Shell properties for a DS object - {9E51E0D0-6E0F-11d2-9601-00C04FA31A86} - C:\WINDOWS\system32\dsquery.dll
Shell Publishing Wizard Object - {6b33163c-76a5-4b6c-bf21-45de9cd503a1} - C:\WINDOWS\system32\netplwiz.dll
Shell Rebar BandSite - {ECD4FC4D-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
Shell Scrap DataHandler - {56117100-C0CD-101B-81E2-00AA004AE837} - shscrap.dll
Subscription Folder - {F5175861-2688-11d0-9C5E-00AA00A45957} - C:\WINDOWS\system32\webcheck.dll
Subscription Mgr - {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} - C:\WINDOWS\system32\webcheck.dll
Summary Info Thumbnail handler (DOCFILES) - {9DBD2C50-62AD-11d0-B806-00C04FD706EC} - C:\WINDOWS\system32\shimgvw.dll
Taskbar and Start Menu - {0DF44EAA-FF21-4412-828E-260A8728E7F1} -
Tasks Folder Icon Handler - {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} - C:\WINDOWS\system32\mstask.dll
Tasks Folder Shell Extension - {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} - C:\WINDOWS\system32\mstask.dll
Temporary Internet Files - {7BD29E00-76C1-11CF-9DD0-00A0C9034933} - C:\WINDOWS\system32\shdocvw.dll
Temporary Internet Files - {7BD29E01-76C1-11CF-9DD0-00A0C9034933} - C:\WINDOWS\system32\shdocvw.dll
The Internet - {3DC7A020-0ACD-11CF-A9BB-00AA004AE837} - C:\WINDOWS\system32\shdocvw.dll
Track Popup Bar - {acf35015-526e-4230-9596-becbe19f0ac9} - C:\WINDOWS\system32\browseui.dll
TrayAgent - {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} - C:\WINDOWS\system32\webcheck.dll
TridentImageExtractor - {7376D660-C583-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\system32\browseui.dll
User Accounts - {7A9D77BD-5403-11d2-8785-2E0420524153} -
User Assist - {DD313E04-FEFF-11d1-8ECD-0000F87A470C} - C:\WINDOWS\system32\browseui.dll
Video Media Properties Handler - {40C3D757-D6E4-4b49-BB41-0E5BBEA28817} - C:\WINDOWS\system32\shmedia.dll
Video Thumbnail Extractor - {c5a40261-cd64-4ccf-84cb-c394da41d590} - C:\WINDOWS\system32\shmedia.dll
Wav Properties Handler - {E4B29F9D-D390-480b-92FD-7DDB47101D71} - C:\WINDOWS\system32\shmedia.dll
Web Printer Shell Extension - {77597368-7b15-11d0-a0c2-080036af3f03} - printui.dll
Web Publishing Wizard - {CC6EEFFB-43F6-46c5-9619-51D571967F7D} - C:\WINDOWS\system32\netplwiz.dll
Web Search - {07798131-AF23-11d1-9111-00A0C98BA67D} - C:\WINDOWS\system32\browseui.dll
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
WebCheck SyncMgr Handler - {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} - C:\WINDOWS\system32\webcheck.dll
WebCheckChannelAgent - {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} - C:\WINDOWS\system32\webcheck.dll
WebCheckWebCrawler - {08165EA0-E946-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
Windows Media Player Add to Playlist Context Menu Handler - {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} - C:\WINDOWS\system32\wmpshell.dll
Windows Media Player Burn Audio CD Context Menu Handler - {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} - C:\WINDOWS\system32\wmpshell.dll
Windows Media Player Play as Playlist Context Menu Handler - {8DD448E6-C188-4aed-AF92-44956194EB1F} - C:\WINDOWS\system32\wmpshell.dll
WinZip - {E0D79304-84BE-11CE-9641-444553540000} - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
WinZip - {E0D79305-84BE-11CE-9641-444553540000} - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
WinZip - {E0D79306-84BE-11CE-9641-444553540000} - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
WinZip - {E0D79307-84BE-11CE-9641-444553540000} - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[This user (1)]
Web Folders - {BDEADF00-C265-11d0-BCED-00A0C90AB50F} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

--------------------

Registry 'Run' keys:

[User Run]
ArtChk = C:\WINDOWS\system32\artchker.exe
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

[System Run]
{A0-08-84-42-ZN} = C:\DOCUME~1\John\LOCALS~1\Temp\nsg3B.tmp P2D001
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
EPSON Stylus Photo R320 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
GPIO = C:\Program Files\USB_HD\GPIOManager\GPIOManager.exe
LtMoh = C:\Program Files\OLITEC\MOH\Ltmoh.exe
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
OmniPage = C:\Program Files\Caere\OmniPagePro90\opware32.exe
QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
ZoneAlarm Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

--------------------

Protocols:

[Pluggable MIME filters (8)]
application/octet-stream = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = C:\WINDOWS\system32\mscoree.dll
application/x-complus = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = C:\WINDOWS\system32\mscoree.dll
application/x-msdownload = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = C:\WINDOWS\system32\mscoree.dll
Class Install Handler = {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} = C:\WINDOWS\system32\urlmon.dll
deflate = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\system32\urlmon.dll
gzip = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\system32\urlmon.dll
lzdhtml = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml = {733AC4CB-F1A4-11d0-B951-00A0C90312E1} = C:\WINDOWS\system32\SHELL32.dll

[Protocol handlers (20)]
about = {3050F406-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\system32\mshtml.dll
cdl = {3dd53d40-7b8b-11D0-b013-00aa0059ce02} = C:\WINDOWS\system32\urlmon.dll
dvd = {12D51199-0DB5-46FE-A120-47A3D7D937CC} = C:\WINDOWS\system32\msvidctl.dll
file = {79eac9e7-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
ftp = {79eac9e3-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
gopher = {79eac9e4-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
http = {79eac9e2-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
https = {79eac9e5-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
its = {9D148291-B9C8-11D0-A4CC-0000F80149F6} = C:\WINDOWS\system32\itss.dll
javascript = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\system32\mshtml.dll
local = {79eac9e7-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
mailto = {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\system32\mshtml.dll
mhtml = {05300401-BCBC-11d0-85E3-00C04FD85AB4} = C:\WINDOWS\system32\inetcomm.dll
mk = {79eac9e6-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
ms-its = {9D148291-B9C8-11D0-A4CC-0000F80149F6} = C:\WINDOWS\system32\itss.dll
res = {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\system32\mshtml.dll
sysimage = {76E67A63-06E9-11D2-A840-006008059382} = C:\WINDOWS\system32\mshtml.dll
tv = {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} = C:\WINDOWS\system32\msvidctl.dll
vbscript = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\system32\mshtml.dll
wia = {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} = C:\WINDOWS\system32\wiascr.dll

--------------------

WOW compatibility:

cmdline = C:\WINDOWS\system32\ntvdm.exe
wowcmdline = C:\WINDOWS\system32\ntvdm.exe -a C:\WINDOWS\system32\krnl386

[KnownDlls (16-bit) (40)]
avicap.dll
avifile.dll
comm.drv
commdlg.dll
compobj.dll
ctl3dv2.dll
ddeml.dll
keyboard.drv
lanman.drv
mapi.dll
mciavi.drv
mciseq.drv
mciwave.drv
mmsystem.dll
mouse.drv
msacm.dll
msvideo.dll
netapi.dll
ole2.dll
ole2disp.dll
ole2nls.dll
olecli.dll
olesvr.dll
pmspl.dll
progman.exe
rasapi16.dll
shell.dll
sound.drv
storage.dll
system.drv
timer.drv
toolhelp.dll
typelib.dll
vga.drv
wfwnet.drv
win87em.dll
winoldap.mod
winsock.dll
winspool.exe
wowdeb.exe

[KnownDlls (32-bit) (20)]
advapi32.dll
comdlg32.dll
gdi32.dll
imagehlp.dll
kernel32.dll
lz32.dll
ole32.dll
oleaut32.dll
olecli32.dll
olecnv32.dll
olesvr32.dll
olethk32.dll
rpcrt4.dll
shell32.dll
url.dll
urlmon.dll
user32.dll
version.dll
wininet.dll
wldap32.dll

--------------------

ShellServiceObjectDelayLoad:

[All users (4)]
CDBurn = {fbeb8a05-beee-4442-804e-409d6c4515e9} = C:\WINDOWS\system32\SHELL32.dll
PostBootReminder = {7849596a-48ea-486e-8937-a2a3009f31a9} = C:\WINDOWS\system32\SHELL32.dll
SysTray = {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll

--------------------

SharedTaskScheduler (2):

Browseui preloader = {438755C2-A8BA-11D1-B96B-00A0C90312E1} = C:\WINDOWS\system32\browseui.dll
Component Categories cache daemon = {8C7461EF-2B13-11d2-BE35-3078302C2030} = C:\WINDOWS\system32\browseui.dll

--------------------

Winsock LSP:

[Protocols (18)]
MSAFD Tcpip [TCP/IP] - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD Tcpip [UDP/IP] - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
RSVP UDP Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\WINDOWS\system32\rsvpsp.dll
RSVP TCP Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\WINDOWS\system32\rsvpsp.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{DCFDB67A-D35C-43DD-A428-7B1DABB11560}] SEQPACKET 6 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{DCFDB67A-D35C-43DD-A428-7B1DABB11560}] DATAGRAM 6 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C8AC172D-9040-40CC-9F76-11C75F772689}] SEQPACKET 3 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C8AC172D-9040-40CC-9F76-11C75F772689}] DATAGRAM 3 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{016D0F2C-2902-40C2-A9F4-F9ADA4706186}] SEQPACKET 0 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{016D0F2C-2902-40C2-A9F4-F9ADA4706186}] DATAGRAM 0 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{222B51F3-45B8-4D6C-A209-CE057D7EF114}] SEQPACKET 1 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{222B51F3-45B8-4D6C-A209-CE057D7EF114}] DATAGRAM 1 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D43B000D-4310-4423-A90E-430A54E03EF8}] SEQPACKET 2 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D43B000D-4310-4423-A90E-430A54E03EF8}] DATAGRAM 2 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA8978EC-B02B-40F1-A82B-8D74E6FD7E96}] SEQPACKET 4 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA8978EC-B02B-40F1-A82B-8D74E6FD7E96}] DATAGRAM 4 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{EDE36D28-AD91-48F5-8EA6-1346C58280DC}] SEQPACKET 5 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{EDE36D28-AD91-48F5-8EA6-1346C58280DC}] DATAGRAM 5 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll

[Namespace Providers (3)]
Tcpip - {22059D40-7E9E-11CF-AE5A-00AA00A7112B} - C:\WINDOWS\System32\mswsock.dll
NTDS - {3B2637EE-E580-11CF-A555-00C04FD8D4AC} - C:\WINDOWS\System32\winrnr.dll
Network Location Awareness (NLA) Namespace - {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} - C:\WINDOWS\System32\mswsock.dll

--------------------

Hijack points:

[Reset web settings URLs]
SearchAssistant =
CustomizeSearch =
START_PAGE_URL =
SEARCH_PAGE_URL =
MS_START_PAGE_URL =

[Internet Explorer URLs]
* This user *
- Internet Explorer\Main (4)
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Start Page = http://www.tele2.fr/redirect/startpage/adsl/eng
Window Title = Microsoft Internet Explorer

- Internet Explorer\Desktop\General (2)
BackupWallpaper = %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
Wallpaper = %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper2.bmp

* All users *
- Internet Explorer\Main (5)
Default_Page_Url = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
Default_Search_Url = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Local Page = %SystemRoot%\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

- Internet Explorer\Search (2)
CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

- Internet Explorer\AboutURLs (6)
blank = res://mshtml.dll/blank.htm
DesktopItemNavigationFailure = res://shdoclc.dll/navcancl.htm
NavigationCanceled = res://shdoclc.dll/navcancl.htm
NavigationFailure = res://shdoclc.dll/navcancl.htm
OfflineInformation = res://shdoclc.dll/offcancl.htm
PostNotCached = res://mshtml.dll/repost.htm



[Default URL prefixes]
default = http://
ftp = ftp://
gopher = gopher://
home = http://
mosaic = http://
www = http://

[Hosts file location]
DatabasePath = C:\WINDOWS\System32\drivers\etc\hosts

--------------------

Protection & disabled items:

[Hosts file (1)]
* 127.0.0.1 *
localhost


[ActiveX killbits (26)]
ActiveXPlugin Object - {06DD38D3-D187-11CF-A80D-00C04FD74AD8} - C:\WINDOWS\system32\plugin.ocx
ADODB.Stream - {00000566-0000-0010-8000-00AA006D2EA4} - C:\Program Files\Common Files\System\ado\msado15.dll
CEnroll Class - {43F8F289-7A20-11D0-8F06-00C04FC295E1} - C:\WINDOWS\system32\xenroll.dll
FTP Folder Web View Automation - {210DA8A2-7445-11D1-91F7-006097DF5BD4} - C:\WINDOWS\system32\msieftp.dll
H323MSP Class - {0F1BE7F8-45CA-11D2-831F-00A0244D2298} - C:\WINDOWS\system32\h323msp.dll
HHCtrl Object - {ADB880A6-D8FF-11CF-9377-00AA003B7A11} - C:\WINDOWS\system32\hhctrl.ocx
InstallEngineCtl Object - {6E449683-C509-11CF-AAFA-00AA00B6015C} - C:\WINDOWS\system32\asctrls.ocx
IPConfMSP Class - {0F1BE7F7-45CA-11D2-831F-00A0244D2298} - C:\WINDOWS\system32\confmsp.dll
LM Runtime Control - {183C259A-0480-11d1-87EA-00C04FC29D46} - C:\WINDOWS\system32\lmrt.dll
Media Streaming Dynamic Terminal - {AED6483F-3304-11D2-86F1-006008B0E5D2} - C:\WINDOWS\system32\termmgr.dll
Microsoft HTA Document 6.0 - {3050F5C8-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
Microsoft Html Document for Popup Window - {3050F67D-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
Microsoft MS Audio Decompressor Control Property page - {8FE7E181-BB96-11D2-A1CB-00609778EA66} - C:\WINDOWS\system32\msadds32.ax
Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
MMStream Class - {49C47CE5-9BA4-11D0-8212-00C04FC32C45} - C:\WINDOWS\system32\amstream.dll
MSP Class - {4DDB6D36-3BC1-11D2-86F2-006008B0E5D2} - C:\WINDOWS\system32\wavemsp.dll
RegWizCtrl - {50E5E3D1-C07E-11D0-B9FD-00A0249F6B00} - C:\WINDOWS\system32\regwizc.dll
SafeWia Class - {0DAD5531-BF31-43AC-A513-1F8926BBF5EC} - C:\WINDOWS\system32\wiascr.dll
Script Encoder Object - {32DA2B15-CFED-11D1-B747-00C04FC2B085} - C:\WINDOWS\system32\scrrun.dll
SdpConferenceBlob Class - {9B2719DD-B696-11D0-A489-00C04FD91AC0} - C:\WINDOWS\system32\sdpblb.dll
Sky Software FileView ActiveX Control 6.1 - {A09AE68F-B14D-43ED-B713-BA413F034904} - C:\PROGRA~1\WinZip\WZFILVW.OCX
Sky Software FolderView ActiveX Control 6.1 - {F3834A2B-19CF-4A90-BE1D-ECC410D9DA09} - C:\PROGRA~1\WinZip\WZFLDVW.OCX
Video Render Dynamic Terminal - {AED6483E-3304-11D2-86F1-006008B0E5D2} - C:\WINDOWS\system32\termmgr.dll
Wbem Scripting Object Path - {172BDDF8-CEEA-11D1-8B05-00600806D9B6} - C:\WINDOWS\system32\wbem\wbemdisp.dll
WIA Video Preview Class - {457A23DF-6F2A-4684-91D0-317FB768D87C} - C:\WINDOWS\system32\camocx.dll
Windows Media Video Decompressor Property page - {9AADA567-04E0-11D4-9148-00C04F610D24} - C:\WINDOWS\system32\wmv8ds32.ax

[Stopped/disabled NT Services]
* Stopped (39) *
Application Layer Gateway Service = C:\WINDOWS\System32\alg.exe
Application Management = C:\WINDOWS\system32\svchost.exe -k netsvcs
ASP.NET State Service = C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
avast! Mail Scanner = "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
avast! Web Scanner = "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
Background Intelligent Transfer Service = C:\WINDOWS\system32\svchost.exe -k netsvcs
COM+ Event System = C:\WINDOWS\system32\svchost.exe -k netsvcs
COM+ System Application = C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Distributed Transaction Coordinator = C:\WINDOWS\system32\msdtc.exe
Fast User Switching Compatibility = C:\WINDOWS\System32\svchost.exe -k netsvcs
HTTP SSL = C:\WINDOWS\System32\svchost.exe -k HTTPFilter
IMAPI CD-Burning COM Service = C:\WINDOWS\system32\imapi.exe
Indexing Service = C:\WINDOWS\system32\cisvc.exe
Logical Disk Manager Administrative Service = C:\WINDOWS\System32\dmadmin.exe /com
MS Software Shadow Copy Provider = C:\WINDOWS\system32\dllhost.exe /Processid:{F84D1D58-18B9-4E34-8B39-DB48CB11282E}
Net Logon = C:\WINDOWS\system32\lsass.exe
NetMeeting Remote Desktop Sharing = C:\WINDOWS\system32\mnmsrvc.exe
Network Connections = C:\WINDOWS\System32\svchost.exe -k netsvcs
Network Location Awareness (NLA) = C:\WINDOWS\system32\svchost.exe -k netsvcs
Network Provisioning Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
NT LM Security Support Provider = C:\WINDOWS\system32\lsass.exe
Performance Logs and Alerts = C:\WINDOWS\system32\smlogsvc.exe
Portable Media Serial Number Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
QoS RSVP = C:\WINDOWS\system32\rsvp.exe
Remote Access Auto Connection Manager = C:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Access Connection Manager = C:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Desktop Help Session Manager = C:\WINDOWS\system32\sessmgr.exe
Remote Procedure Call (RPC) Locator = C:\WINDOWS\system32\locator.exe
Removable Storage = C:\WINDOWS\system32\svchost.exe -k netsvcs
Smart Card = C:\WINDOWS\System32\SCardSvr.exe
SSDP Discovery Service = C:\WINDOWS\system32\svchost.exe -k LocalService
Telephony = C:\WINDOWS\System32\svchost.exe -k netsvcs
Terminal Services = C:\WINDOWS\System32\svchost -k DComLaunch
Uninterruptible Power Supply = C:\WINDOWS\System32\ups.exe
Universal Plug and Play Device Host = C:\WINDOWS\system32\svchost.exe -k LocalService
Volume Shadow Copy = C:\WINDOWS\System32\vssvc.exe
Windows Installer = C:\WINDOWS\system32\msiexec.exe /V
Windows Management Instrumentation Driver Extensions = C:\WINDOWS\System32\svchost.exe -k netsvcs
WMI Performance Adapter = C:\WINDOWS\system32\wbem\wmiapsrv.exe

* Stopped & disabled (8) *
Alerter = C:\WINDOWS\system32\svchost.exe -k LocalService
ClipBook = C:\WINDOWS\system32\clipsrv.exe
Human Interface Device Access = C:\WINDOWS\System32\svchost.exe -k netsvcs
Messenger = C:\WINDOWS\system32\svchost.exe -k netsvcs
Network DDE = C:\WINDOWS\system32\netdde.exe
Network DDE DSDM = C:\WINDOWS\system32\netdde.exe
Routing and Remote Access = C:\WINDOWS\system32\svchost.exe -k netsvcs
Telnet = C:\WINDOWS\system32\tlntsvr.exe


[Windows XP Security]
* Security Center *
- This user
FirstRun = dword: 1

- All users
FirstRunDisabled = dword: 1
AntiVirusDisableNotify = dword: 1
FirewallDisableNotify = dword: 1
UpdatesDisableNotify = dword: 1
AntiVirusOverride = dword: 0
FirewallOverride = dword: 0

* System Restore *
- All users
DisableSR = dword: 0
CreateFirstRunRp = dword: 1
DSMin = dword: 200
DSMax = dword: 400
RPSessionInterval = dword: 0
RPGlobalInterval = dword: 86400
RPLifeInterval = dword: 7776000
CompressionBurst = dword: 60
TimerInterval = dword: 120
DiskPercent = dword: 12
ThawInterval = dword: 900
RestoreDiskSpaceError = dword: 0



==================================================
= Other users on this computer: Default user =
==================================================
--------------------

Autostart folders:

[Startup]
desktop.ini

[User Startup]
desktop.ini
LimeWire On Startup.lnk
MOH.lnk
reminder-ScanSoft Product Registration.lnk
TA_Start.lnk

--------------------

IniMapping values:

User screensaver = logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145


--------------------

Registry 'Run' keys:

[User Run]
CTFMON.EXE = C:\WINDOWS\system32\CTFMON.EXE


==================================================
= Other users on this computer: LOCAL SERVICE =
==================================================
--------------------

Autostart folders:

[User Startup]
desktop.ini
LimeWire On Startup.lnk
MOH.lnk
reminder-ScanSoft Product Registration.lnk
TA_Start.lnk

--------------------

IniMapping values:

User screensaver = C:\WINDOWS\System32\logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145


--------------------

Registry 'Run' keys:

[User Run]
CTFMON.EXE = C:\WINDOWS\system32\CTFMON.EXE


==================================================
= Other users on this computer: NETWORK SERVICE =
==================================================
--------------------

Autostart folders:

[User Startup]
desktop.ini
LimeWire On Startup.lnk
MOH.lnk
reminder-ScanSoft Product Registration.lnk
TA_Start.lnk

--------------------

IniMapping values:

User screensaver = C:\WINDOWS\System32\logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145


--------------------

Registry 'Run' keys:

[User Run]
CTFMON.EXE = C:\WINDOWS\system32\CTFMON.EXE


==================================================
= Other users on this computer: SYSTEM =
==================================================
--------------------

Autostart folders:

[Startup]
desktop.ini

[User Startup]
desktop.ini
LimeWire On Startup.lnk
MOH.lnk
reminder-ScanSoft Product Registration.lnk
TA_Start.lnk

--------------------

IniMapping values:

User screensaver = logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145


--------------------

Registry 'Run' keys:

[User Run]
CTFMON.EXE = C:\WINDOWS\system32\CTFMON.EXE



==================================================
= Other hardware configurations: Last known good =
==================================================
--------------------

On-reboot actions:

BootExecute = autocheck autochk *

--------------------

Services:

[NT Services (40)]
Ati HotKey Poller = C:\WINDOWS\system32\Ati2evxx.exe
ATI Smart = C:\WINDOWS\system32\ati2sgag.exe
Automatic Updates = C:\WINDOWS\system32\svchost.exe -k netsvcs
avast! Antivirus = "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
avast! iAVS4 Control Service = "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
Computer Browser = C:\WINDOWS\system32\svchost.exe -k netsvcs
Cryptographic Services = C:\WINDOWS\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher = C:\WINDOWS\system32\svchost -k DcomLaunch
DHCP Client = C:\WINDOWS\system32\svchost.exe -k netsvcs
Distributed Link Tracking Client = C:\WINDOWS\system32\svchost.exe -k netsvcs
DNS Client = C:\WINDOWS\system32\svchost.exe -k NetworkService
Error Reporting Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
Event Log = C:\WINDOWS\system32\services.exe
Help and Support = C:\WINDOWS\System32\svchost.exe -k netsvcs
IPSEC Services = C:\WINDOWS\system32\lsass.exe
Logical Disk Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs
Plug and Play = C:\WINDOWS\system32\services.exe
Print Spooler = C:\WINDOWS\system32\spoolsv.exe
Protected Storage = C:\WINDOWS\system32\lsass.exe
Remote Procedure Call (RPC) = C:\WINDOWS\system32\svchost -k rpcss
Remote Registry = C:\WINDOWS\system32\svchost.exe -k LocalService
Secondary Logon = C:\WINDOWS\System32\svchost.exe -k netsvcs
Security Accounts Manager = C:\WINDOWS\system32\lsass.exe
Security Center = C:\WINDOWS\System32\svchost.exe -k netsvcs
Server = C:\WINDOWS\system32\svchost.exe -k netsvcs
Shell Hardware Detection = C:\WINDOWS\System32\svchost.exe -k netsvcs
System Event Notification = C:\WINDOWS\system32\svchost.exe -k netsvcs
System Restore Service = C:\WINDOWS\system32\svchost.exe -k netsvcs
Task Scheduler = C:\WINDOWS\System32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper = C:\WINDOWS\system32\svchost.exe -k LocalService
Themes = C:\WINDOWS\System32\svchost.exe -k netsvcs
TrueVector Internet Monitor = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
WebClient = C:\WINDOWS\system32\svchost.exe -k LocalService
Windows Audio = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Firewall/Internet Connection Sharing (ICS) = C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Image Acquisition (WIA) = C:\WINDOWS\system32\svchost.exe -k imgsvc
Windows Management Instrumentation = C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Time = C:\WINDOWS\System32\svchost.exe -k netsvcs
Wireless Zero Configuration = C:\WINDOWS\System32\svchost.exe -k netsvcs
Workstation = C:\WINDOWS\system32\svchost.exe -k netsvcs

[SafeBoot services (Minimal boot)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
dmboot.sys
dmio.sys
dmload.sys
sermouse.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
PCI Configuration
PNP Filter
Primary disk
SCSI Class
System Bus Extender

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AppMgmt
CryptSvc
DcomLaunch
dmadmin
dmserver
EventLog
HelpSvc
Netlogon
PlugPlay
RpcSs
SRService
WinMgmt

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}


[SafeBoot services (Minimal boot + network support)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
dmboot.sys
dmio.sys
dmload.sys
ip6fw.sys
ipnat.sys
rdpcdd.sys
rdpdd.sys
rdpwd.sys
sermouse.sys
tdpipe.sys
tdtcp.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
NDIS
NDIS Wrapper
NetBIOSGroup
NetDDEGroup
Network
NetworkProvider
PCI Configuration
PNP Filter
PNP_TDI
Primary disk
SCSI Class
Streams Drivers
System Bus Extender
TDI

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* Net *
{4D36E972-E325-11CE-BFC1-08002BE10318}

* NetClient *
{4D36E973-E325-11CE-BFC1-08002BE10318}

* NetService *
{4D36E974-E325-11CE-BFC1-08002BE10318}

* NetTrans *
{4D36E975-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AFD
AppMgmt
Browser
CryptSvc
DcomLaunch
Dhcp
dmadmin
dmserver
DnsCache
EventLog
HelpSvc
LanmanServer
LanmanWorkstation
LmHosts
Messenger
Ndisuio
NetBIOS
NetBT
Netlogon
NetMan
NtLmSsp
PlugPlay
rdsessmgr
RpcSs
SharedAccess
SRService
Tcpip
termservice
WinMgmt
WZCSVC

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}


[SafeBoot: Alternate shell]
cmd.exe (not enabled)

--------------------

Driver filters:

[Class filters]
* Infrared devices *
- Upper filters
IRENUM.sys

* Storage volumes *
- Upper filters
VolSnap.sys



[Device filters]
* CD-ROM Drive *
- Upper filters
redbook.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* Communications Port *
- Upper filters
serenum.sys

* Communications Port *
- Upper filters
serenum.sys

* Direct Parallel *
- Lower filters
PtiLink.sys

* Intel® 82845 Processor to AGP Controller - 1A31 *
- Upper filters
AGP440.sys

* Olitec Speed'Com USB V92 Ready *
- Lower filters
AgereSoftModem.sys

* Olitec Speed'Com USB V92 Ready *
- Lower filters
AgereSoftModem.sys

* Terminal Server Keyboard Driver *
- Upper filters
kbdclass.sys

* Terminal Server Mouse Driver *
- Upper filters
mouclass.sys

* WAN Miniport (IP) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPPOE) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPTP) *
- Lower filters
NdisTapi.sys



--------------------

Print monitors (6):

BJ Language Monitor - cnbjmon.dll
EPSON Stylus Photo R320 Series 2KMonitor5E - E_FLM9XE.DLL
Local Port - localspl.dll
PJL Language Monitor - pjlmon.dll
Standard TCP/IP Port - tcpmon.dll
USB Monitor - usbmon.dll

--------------------

WOW compatibility:

cmdline = C:\WINDOWS\system32\ntvdm.exe
wowcmdline = C:\WINDOWS\system32\ntvdm.exe -a C:\WINDOWS\system32\krnl386

[KnownDlls (16-bit) (40)]
avicap.dll
avifile.dll
comm.drv
commdlg.dll
compobj.dll
ctl3dv2.dll
ddeml.dll
keyboard.drv
lanman.drv
mapi.dll
mciavi.drv
mciseq.drv
mciwave.drv
mmsystem.dll
mouse.drv
msacm.dll
msvideo.dll
netapi.dll
ole2.dll
ole2disp.dll
ole2nls.dll
olecli.dll
olesvr.dll
pmspl.dll
progman.exe
rasapi16.dll
shell.dll
sound.drv
storage.dll
system.drv
timer.drv
toolhelp.dll
typelib.dll
vga.drv
wfwnet.drv
win87em.dll
winoldap.mod
winsock.dll
winspool.exe
wowdeb.exe

[KnownDlls (32-bit) (20)]
advapi32.dll
comdlg32.dll
gdi32.dll
imagehlp.dll
kernel32.dll
lz32.dll
ole32.dll
oleaut32.dll
olecli32.dll
olecnv32.dll
olesvr32.dll
olethk32.dll
rpcrt4.dll
shell32.dll
url.dll
urlmon.dll
user32.dll
version.dll
wininet.dll
wldap32.dll


--------------------------------------------------
End of report, 130,719 bytes

Commandline options:
/showempty - Show empty sections
/showcmts - Show comments in .bat files
/noshowclsids - Hide class IDs
/noshowprivate - Hide usernames and computer name
/noshowusers - Hide entries from other users
/noshowhardware - Hide entries from other hardware configurations
/showlargehosts - Show hosts file even when more than 1000 lines are in it
/showlargezones - Show Zones even when more than 1000 domains are in them
/autosave - Run hidden, automatically save a report and quit
/autosavepath: - Specify where to save log, when using /autosave.
Use surrounding quotes for paths with spaces.

#13 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:02:27 PM

Posted 27 August 2007 - 06:24 PM

This looks to be the bugger!:

[System Run]
{A0-08-84-42-ZN} = C:\DOCUME~1\John\LOCALS~1\Temp\nsg3B.tmp P2D001


Try searching through Autoruns looking for the A0-08-84-42-ZN entry. You'll probably find it under this section of the Everything tab in Autoruns: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (on my copy it's the 3rd listing down from the top) - and it's most likely to be the first entry underneath it. If not, let us know and we'll see what else we can do.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#14 vomog1

vomog1
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 28 August 2007 - 07:53 AM

Thats great uasma
found it! Do I now delete the complete entry AO-08-84-42-ZN?
Vomog1

Edited by vomog1, 28 August 2007 - 02:53 PM.


#15 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:02:27 PM

Posted 30 August 2007 - 06:15 PM

In Autoruns you can uncheck the box that's to the left of the entry. That will disable it (but not remove it). Once you're sure that this is it, then you can delete the entry.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users