Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Looking For Confirmation Of Success In Malware Removal


  • This topic is locked This topic is locked
6 replies to this topic

#1 legolad

legolad

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 22 October 2007 - 11:37 PM

Greetings,

I was stupid and managed infect my PC with a boatload of trojans. After a lot of hours in this and other forums I think I am now close to being repaired. All the symptoms of infection appear to be gone and I see no trace of the old items in my registry.

Some of the items I cleared:
Downloader.Agent.ecz
TrackingCookie.Adbrite
TrackingCookie.Esomniture
TrackingCookie.Revsci
Virtumonde
Trojan-PWS.Tanspy
Win32:Agent-LAP [Trj]
Win32:Delf-FLP [Trj]
JS:Feebs family
Win32:Trojan-gen {Other}

In researching the names of each item I found and removed, I downloaded and used the latest versions of all the tools listed below. In each case, the tool found and fixed at least 1 item that the other tools missed or could not fix:
HijackThis
StartupList
Spybot Search and Destroy
AVG Anti-Spyware
Spyware Doctor
Avast!
AdAware
Smitfraudfix
Combofix
Vundofix

The most insidious infection of the lot was the one that spoofed the Windows spyware detection message bubbles. I didn't fall for it because I did not recognize the software names or the URLs, but man, that was both clever and evil. I think a lot of folks would fall for that.

Anyway, I'm down to the things that I don't recognize and can't find in a Google search.
Pasted here, for your examination, are my logs from various tools.
This post contains the HIJACKTHIS and STARTUP LIST logs. Other logs follow in related posts.
Any assistance you can provide in identifying the anything out of place would be greatly appreciated.

HIJACK THIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:38 AM, on 10/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
E:\Program Files\a-squared Anti-Malware\a2service.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Spyware Doctor\svcntaux.exe
E:\Program Files\Spyware Doctor\swdsvc.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\Explorer.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\Microsoft IntelliPoint\ipoint.exe
E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\QuickTime\QTTask.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
E:\Program Files\Logitech\QuickCam\Quickcam.exe
E:\Program Files\Spyware Doctor\SDTrayApp.exe
E:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\WINDOWS\system32\ctfmon.exe
E:\program files\steam\steam.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
E:\WINDOWS\system32\notepad.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts file is located at: E:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [IntelliPoint] "E:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [amd_dc_opt] E:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "E:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] E:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SDTray] "E:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [RegistryMechanic] E:\Program Files\Registry Mechanic\regmech.exe /S
O4 - HKLM\..\Run: [a-squared] "E:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "E:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://24.99.16.69/VatDec.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176335842061
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176335986092
O20 - Winlogon Notify: gijrrbkv - gijrrbkv.dll (file missing)
O20 - Winlogon Notify: jkkjghh - jkkjghh.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - E:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - E:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - E:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - E:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - E:\WINDOWS\system32\svchost.exm.exe (file missing)

--
End of file - 9511 bytes


STARTUP LIST
StartupList report, 10/24/2007, 12:36:50 AM
StartupList version 2.02.0
Started from: C:\SOFTWARE\APPs\regmechanic\StartupList.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Logged on as 'Legolad_g' to 'LEGOGAMER'
* Using default options (see end of log for possible options)
==================================================

Running processes (48):

[C:\SOFTWARE\APPs\regmechanic\StartupList.exe (48)]
E:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\apphelp.dll
E:\WINDOWS\system32\asycfilt.dll
E:\WINDOWS\system32\CLBCATQ.DLL
E:\WINDOWS\system32\COMCTL32.dll
E:\WINDOWS\system32\comdlg32.dll
E:\WINDOWS\system32\COMRes.dll
E:\WINDOWS\system32\DNSAPI.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\MSCOMCTL.OCX
E:\WINDOWS\system32\MSCTF.dll
E:\WINDOWS\system32\msctfime.ime
E:\WINDOWS\system32\msi.dll
E:\WINDOWS\system32\MSVBVM60.DLL
E:\WINDOWS\system32\MSVCP60.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\NETAPI32.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\NTDSAPI.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\PSAPI.DLL
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\Secur32.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\SXS.DLL
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\uxtheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\System32\wbem\fastprox.dll
E:\WINDOWS\System32\wbem\wbemcomn.dll
E:\WINDOWS\System32\wbem\wbemdisp.dll
E:\WINDOWS\System32\wbem\wbemprox.dll
E:\WINDOWS\System32\wbem\wbemsvc.dll
E:\WINDOWS\System32\wbem\wmiutils.dll
E:\WINDOWS\system32\WLDAP32.dll
E:\WINDOWS\system32\WS2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\system32\xpsp2res.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (52)]
E:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll
E:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll
E:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll
E:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll
E:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll
E:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll
E:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll
E:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll
E:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll
E:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll
e:\program files\alwil software\avast4\ahruimai.dll
e:\program files\alwil software\avast4\ahruimes.dll
e:\program files\alwil software\avast4\ahruins.dll
e:\program files\alwil software\avast4\ahruiout.dll
e:\program files\alwil software\avast4\ahruip2p.dll
e:\program files\alwil software\avast4\ahruistd.dll
e:\program files\alwil software\avast4\ahruiws.dll
E:\Program Files\Alwil Software\Avast4\English\Base.dll
E:\Program Files\Alwil Software\Avast4\English\Lang.dll
E:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\apphelp.dll
E:\WINDOWS\system32\dbghelp.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\MAPI32.dll
E:\WINDOWS\system32\MFC71.DLL
E:\WINDOWS\system32\MFC71ENU.DLL
E:\WINDOWS\system32\MSCTF.dll
E:\WINDOWS\system32\msctfime.ime
E:\WINDOWS\system32\MSVCP71.dll
E:\WINDOWS\system32\MSVCR71.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\Secur32.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\uxtheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\WS2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\system32\WSOCK32.dll
E:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll

[E:\PROGRA~1\MOZILL~1\FIREFOX.EXE (63)]
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
E:\PROGRA~1\MOZILL~1\components\jar50.dll
E:\PROGRA~1\MOZILL~1\components\myspell.dll
E:\PROGRA~1\MOZILL~1\components\spellchk.dll
E:\PROGRA~1\MOZILL~1\freebl3.dll
E:\PROGRA~1\MOZILL~1\js3250.dll
E:\PROGRA~1\MOZILL~1\nspr4.dll
E:\PROGRA~1\MOZILL~1\nss3.dll
E:\PROGRA~1\MOZILL~1\plc4.dll
E:\PROGRA~1\MOZILL~1\plds4.dll
E:\PROGRA~1\MOZILL~1\plugins\npnul32.dll
E:\PROGRA~1\MOZILL~1\smime3.dll
E:\PROGRA~1\MOZILL~1\softokn3.dll
E:\PROGRA~1\MOZILL~1\ssl3.dll
E:\PROGRA~1\MOZILL~1\xpcom.dll
E:\PROGRA~1\MOZILL~1\xpcom_compat.dll
E:\PROGRA~1\MOZILL~1\xpcom_core.dll
E:\Program Files\Bonjour\mdnsNSP.dll
E:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
E:\Program Files\Mozilla Firefox\nssckbi.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\apphelp.dll
E:\WINDOWS\system32\CLBCATQ.DLL
E:\WINDOWS\system32\comdlg32.dll
E:\WINDOWS\system32\COMRes.dll
E:\WINDOWS\system32\DNSAPI.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\hnetcfg.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\iphlpapi.dll
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\MSCTF.dll
E:\WINDOWS\system32\msctfime.ime
E:\WINDOWS\system32\msimg32.dll
E:\WINDOWS\System32\msimtf.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\mswsock.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\rasadhlp.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\SETUPAPI.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\uxtheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\WINMM.dll
E:\WINDOWS\System32\winrnr.dll
E:\WINDOWS\system32\WINSPOOL.DRV
E:\WINDOWS\system32\WLDAP32.dll
E:\WINDOWS\system32\WS2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\System32\wshtcpip.dll
E:\WINDOWS\system32\WSOCK32.dll
E:\WINDOWS\system32\xpsp2res.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll

[E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (55)]
E:\Program Files\Alwil Software\Avast4\Aavm4h.dll
E:\Program Files\Alwil Software\Avast4\AhResMai.dll
E:\Program Files\Alwil Software\Avast4\ashBase.dll
E:\Program Files\Alwil Software\Avast4\ashTask.dll
E:\Program Files\Alwil Software\Avast4\ashUInt.dll
E:\Program Files\Alwil Software\Avast4\aswAux.dll
E:\Program Files\Alwil Software\Avast4\aswCmnB.dll
E:\Program Files\Alwil Software\Avast4\aswCmnOS.dll
E:\Program Files\Alwil Software\Avast4\aswCmnS.dll
E:\Program Files\Alwil Software\Avast4\aswEngin.dll
E:\Program Files\Alwil Software\Avast4\aswScan.dll
E:\Program Files\Alwil Software\Avast4\English\Base.dll
E:\Program Files\Alwil Software\Avast4\English\Lang.dll
E:\Program Files\Alwil Software\Avast4\English\langmai.dll
E:\Program Files\Alwil Software\Avast4\XT1922.dll
E:\Program Files\Bonjour\mdnsNSP.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\COMCTL32.dll
E:\WINDOWS\system32\dbghelp.dll
E:\WINDOWS\system32\DNSAPI.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\hnetcfg.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\Iphlpapi.dll
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\MFC71.DLL
E:\WINDOWS\system32\MFC71ENU.DLL
E:\WINDOWS\system32\msctfime.ime
E:\WINDOWS\system32\MSVCP71.dll
E:\WINDOWS\system32\MSVCR71.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\System32\mswsock.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\PSAPI.dll
E:\WINDOWS\system32\rasadhlp.dll
E:\WINDOWS\system32\RICHED20.DLL
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\uxtheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\System32\winrnr.dll
E:\WINDOWS\system32\WLDAP32.dll
E:\WINDOWS\system32\WS2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\System32\wshtcpip.dll
E:\WINDOWS\system32\WSOCK32.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\Program Files\Alwil Software\Avast4\ashServ.exe (61)]
E:\Program Files\Alwil Software\Avast4\Aavm4h.dll
E:\Program Files\Alwil Software\Avast4\AhResMai.dll
E:\Program Files\Alwil Software\Avast4\ahResMes.dll
E:\Program Files\Alwil Software\Avast4\AhResNS.dll
E:\Program Files\Alwil Software\Avast4\AhResOut.dll
E:\Program Files\Alwil Software\Avast4\ahResP2P.dll
E:\Program Files\Alwil Software\Avast4\AhResStd.dll
E:\Program Files\Alwil Software\Avast4\AhResWS.dll
E:\Program Files\Alwil Software\Avast4\ashBase.dll
E:\Program Files\Alwil Software\Avast4\ashSSqlt.dll
E:\Program Files\Alwil Software\Avast4\ashTask.dll
E:\Program Files\Alwil Software\Avast4\aswAux.dll
E:\Program Files\Alwil Software\Avast4\aswCmnB.dll
E:\Program Files\Alwil Software\Avast4\aswCmnOS.dll
E:\Program Files\Alwil Software\Avast4\aswCmnS.dll
E:\Program Files\Alwil Software\Avast4\aswEngin.dll
E:\Program Files\Alwil Software\Avast4\aswIdle.dll
E:\Program Files\Alwil Software\Avast4\aswInteg.dll
E:\Program Files\Alwil Software\Avast4\aswScan.dll
E:\Program Files\Alwil Software\Avast4\English\Base.dll
E:\Program Files\Alwil Software\Avast4\UNACEV2.DLL
E:\Program Files\Bonjour\mdnsNSP.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\CLBCATQ.DLL
E:\WINDOWS\system32\COMRes.dll
E:\WINDOWS\system32\dbghelp.dll
E:\WINDOWS\system32\DNSAPI.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\iphlpapi.dll
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\msctfime.ime
E:\WINDOWS\system32\MSVCP71.dll
E:\WINDOWS\system32\MSVCR71.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\System32\mswsock.dll
E:\WINDOWS\system32\NETAPI32.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\perfos.dll
E:\WINDOWS\system32\rasadhlp.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\uxtheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\System32\winrnr.dll
E:\WINDOWS\system32\WINSTA.dll
E:\WINDOWS\system32\WLDAP32.dll
E:\WINDOWS\system32\WS2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\system32\WSOCK32.dll
E:\WINDOWS\system32\Wtsapi32.dll
E:\WINDOWS\system32\xpsp2res.dll
E:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll

[E:\Program Files\Alwil Software\Avast4\ashWebSv.exe (46)]
E:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll
E:\Program Files\Alwil Software\Avast4\Aavm4h.dll
E:\Program Files\Alwil Software\Avast4\ashBase.dll
E:\Program Files\Alwil Software\Avast4\ashTask.dll
E:\Program Files\Alwil Software\Avast4\ashWsFtr.dll
E:\Program Files\Alwil Software\Avast4\aswAux.dll
E:\Program Files\Alwil Software\Avast4\aswCmnB.dll
E:\Program Files\Alwil Software\Avast4\aswCmnOS.dll
E:\Program Files\Alwil Software\Avast4\aswCmnS.dll
E:\Program Files\Alwil Software\Avast4\aswEngin.dll
E:\Program Files\Alwil Software\Avast4\aswScan.dll
E:\Program Files\Alwil Software\Avast4\English\Base.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\COMCTL32.dll
E:\WINDOWS\system32\dbghelp.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\hnetcfg.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\MSVCP60.dll
E:\WINDOWS\system32\MSVCP71.dll
E:\WINDOWS\system32\MSVCR71.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\mswsock.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEACC.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\PSAPI.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\SECUR32.dll
E:\WINDOWS\system32\security.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\WINSPOOL.DRV
E:\WINDOWS\system32\WS2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\System32\wshtcpip.dll
E:\WINDOWS\system32\WSOCK32.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (22)]
E:\Program Files\Alwil Software\Avast4\aswCmnB.dll
E:\Program Files\Alwil Software\Avast4\aswCmnOS.dll
E:\Program Files\Alwil Software\Avast4\aswCmnS.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\MSVCP71.dll
E:\WINDOWS\system32\MSVCR71.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\oleaut32.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\WS2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\system32\WSOCK32.dll

[E:\Program Files\a-squared Anti-Malware\a2service.exe (23)]
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\advapi32.dll
E:\WINDOWS\system32\comctl32.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\oleaut32.dll
E:\WINDOWS\system32\PSAPI.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\shell32.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\uxtheme.dll
E:\WINDOWS\system32\version.dll
E:\WINDOWS\system32\ws2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\Program Files\Bonjour\mDNSResponder.exe (33)]
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\ACTIVEDS.dll
E:\WINDOWS\system32\adsldpc.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\ATL.DLL
E:\WINDOWS\system32\CLBCATQ.DLL
E:\WINDOWS\system32\COMRes.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\hnetcfg.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\iphlpapi.dll
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\MPRAPI.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\mswsock.dll
E:\WINDOWS\system32\NETAPI32.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\rtutils.dll
E:\WINDOWS\system32\SAMLIB.dll
E:\WINDOWS\system32\SETUPAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\WLDAP32.dll
E:\WINDOWS\system32\WS2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\System32\wshtcpip.dll
E:\WINDOWS\system32\xpsp2res.dll

[E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (25)]
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\CRYPT32.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\hnetcfg.dll
E:\WINDOWS\system32\IMAGEHLP.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\MSASN1.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\mswsock.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\oleaut32.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\SETUPAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\WINTRUST.dll
E:\WINDOWS\system32\WS2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\System32\wshtcpip.dll
E:\WINDOWS\system32\WSOCK32.dll

[E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (55)]
E:\Program Files\Common Files\LogiShrd\LComMgr\BRSkypePlugin.dll
E:\Program Files\Common Files\LogiShrd\LComMgr\DevMngr.dll
E:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless.dll
E:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless4001.dll
E:\Program Files\Common Files\LogiShrd\LComMgr\LogiVOIPDevicePlugin.dll
E:\Program Files\Common Files\LogiShrd\LComMgr\YahooPlugin.dll
E:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSCli.dll
E:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
E:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
E:\Program Files\Logitech\QuickCam\EFVal.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\apphelp.dll
E:\WINDOWS\system32\CFGMGR32.dll
E:\WINDOWS\system32\CLBCATQ.DLL
E:\WINDOWS\system32\comctl32.dll
E:\WINDOWS\system32\COMRes.dll
E:\WINDOWS\system32\CRYPT32.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\HID.DLL
E:\WINDOWS\system32\IMAGEHLP.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\KsUser.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\midimap.dll
E:\WINDOWS\system32\MSACM32.dll
E:\WINDOWS\system32\msacm32.drv
E:\WINDOWS\system32\MSASN1.dll
E:\WINDOWS\system32\MSCTF.dll
E:\WINDOWS\system32\msctfime.ime
E:\WINDOWS\system32\msi.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\NETAPI32.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\SensApi.dll
E:\WINDOWS\system32\SETUPAPI.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\SXS.DLL
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\uxtheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\wdmaud.drv
E:\WINDOWS\system32\WINMM.dll
E:\WINDOWS\system32\WINSTA.dll
E:\WINDOWS\system32\WINTRUST.dll
E:\WINDOWS\system32\wtsapi32.dll
E:\WINDOWS\system32\xpsp2res.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (52)]
E:\Program Files\Common Files\LogiShrd\LComMgr\DevMngr.dll
E:\Program Files\Common Files\Logishrd\LQCVFX\COCIManagerPS.dll
E:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSCli.dll
E:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
E:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
E:\Program Files\Logitech\QuickCam\EFVal.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\apphelp.dll
E:\WINDOWS\system32\CFGMGR32.dll
E:\WINDOWS\system32\CLBCATQ.DLL
E:\WINDOWS\system32\COMCTL32.dll
E:\WINDOWS\system32\COMRes.dll
E:\WINDOWS\system32\CRYPT32.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\HID.DLL
E:\WINDOWS\system32\IMAGEHLP.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\KsUser.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\midimap.dll
E:\WINDOWS\system32\MSACM32.dll
E:\WINDOWS\system32\msacm32.drv
E:\WINDOWS\system32\MSASN1.dll
E:\WINDOWS\system32\MSCTF.dll
E:\WINDOWS\system32\msctfime.ime
E:\WINDOWS\system32\msi.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\NETAPI32.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\oledlg.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\SETUPAPI.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\SXS.DLL
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\uxtheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\wdmaud.drv
E:\WINDOWS\system32\WINMM.dll
E:\WINDOWS\system32\WINSPOOL.DRV
E:\WINDOWS\system32\WINSTA.dll
E:\WINDOWS\system32\WINTRUST.dll
E:\WINDOWS\system32\wtsapi32.dll
E:\WINDOWS\system32\xpsp2res.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (41)]
E:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSCli.dll
E:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\CFGMGR32.dll
E:\WINDOWS\system32\CLBCATQ.DLL
E:\WINDOWS\system32\comctl32.dll
E:\WINDOWS\system32\COMRes.dll
E:\WINDOWS\system32\CRYPT32.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\HID.DLL
E:\WINDOWS\system32\IMAGEHLP.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\iphlpapi.dll
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\MSASN1.dll
E:\WINDOWS\system32\msi.dll
E:\WINDOWS\system32\msv1_0.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\NETAPI32.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\secur32.dll
E:\WINDOWS\system32\SETUPAPI.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\uxtheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\WINSTA.dll
E:\WINDOWS\system32\WINTRUST.dll
E:\WINDOWS\system32\WS2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\system32\wtsapi32.dll
E:\WINDOWS\system32\xpsp2res.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (20)]
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\comctl32.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\oleaut32.dll
E:\WINDOWS\system32\PSAPI.DLL
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (55)]
E:\Program Files\Bonjour\mdnsNSP.dll
E:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\apphelp.dll
E:\WINDOWS\system32\ATL.DLL
E:\WINDOWS\system32\CLBCATQ.DLL
E:\WINDOWS\system32\comdlg32.dll
E:\WINDOWS\system32\COMRes.dll
E:\WINDOWS\System32\CSCDLL.dll
E:\WINDOWS\System32\cscui.dll
E:\WINDOWS\system32\DNSAPI.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\hnetcfg.dll
E:\WINDOWS\system32\ieframe.dll
E:\WINDOWS\system32\iertutil.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\Iphlpapi.dll
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LINKINFO.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\MSCTF.dll
E:\WINDOWS\system32\msctfime.ime
E:\WINDOWS\system32\MSIMG32.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\System32\mswsock.dll
E:\WINDOWS\system32\NETAPI32.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\NTMARTA.DLL
E:\WINDOWS\system32\ntshrui.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\oleaut32.dll
E:\WINDOWS\system32\PSAPI.DLL
E:\WINDOWS\system32\rasadhlp.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\SAMLIB.dll
E:\WINDOWS\system32\SETUPAPI.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\SHFOLDER.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USERENV.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\uxtheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\WINMM.dll
E:\WINDOWS\System32\winrnr.dll
E:\WINDOWS\system32\WLDAP32.dll
E:\WINDOWS\system32\WS2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\System32\wshtcpip.dll
E:\WINDOWS\system32\WSOCK32.dll
E:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll

[E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (26)]
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\comctl32.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\iphlpapi.dll
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\NTMARTA.DLL
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\PSAPI.DLL
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\SAMLIB.dll
E:\WINDOWS\system32\SHFOLDER.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\WINMM.dll
E:\WINDOWS\system32\WLDAP32.dll
E:\WINDOWS\system32\WS2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\Program Files\iPod\bin\iPodService.exe (32)]
E:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL
E:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\CFGMGR32.dll
E:\WINDOWS\system32\CLBCATQ.DLL
E:\WINDOWS\system32\COMRes.dll
E:\WINDOWS\system32\CRYPT32.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\IMAGEHLP.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\MSASN1.dll
E:\WINDOWS\system32\msi.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\NETAPI32.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\setupapi.dll
E:\WINDOWS\system32\SXS.DLL
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\uxtheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\WINSTA.dll
E:\WINDOWS\system32\WINTRUST.dll
E:\WINDOWS\system32\Wtsapi32.dll
E:\WINDOWS\system32\xpsp2res.dll

[E:\Program Files\iTunes\iTunesHelper.exe (81)]
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll
E:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
E:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
E:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
E:\Program Files\QuickTime\QTSystem\CoreVideo.qtx
E:\Program Files\QuickTime\QTSystem\QuickTime.qts
E:\Program Files\QuickTime\QTSystem\QuickTime3GPP.qtx
E:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.qtx
E:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.qtx
E:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.qtx
E:\Program Files\QuickTime\QTSystem\QuickTimeCapture.qtx
E:\Program Files\QuickTime\QTSystem\QuickTimeEffects.qtx
E:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.qtx
E:\Program Files\QuickTime\QTSystem\QuickTimeH264.qtx
E:\Program Files\QuickTime\QTSystem\QuickTimeImage.qtx
E:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.qtx
E:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.qtx
E:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.qtx
E:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.qtx
E:\Program Files\QuickTime\QTSystem\QuickTimeMusic.qtx
E:\Program Files\QuickTime\QTSystem\QuickTimeQD3D.qtx
E:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.qtx
E:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.qtx
E:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.qtx
E:\Program Files\QuickTime\QTSystem\QuickTimeVR.qtx
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\apphelp.dll
E:\WINDOWS\system32\CLBCATQ.DLL
E:\WINDOWS\system32\COMCTL32.dll
E:\WINDOWS\system32\comdlg32.dll
E:\WINDOWS\system32\COMRes.dll
E:\WINDOWS\system32\CRYPT32.dll
E:\WINDOWS\system32\DCIMAN32.dll
E:\WINDOWS\system32\ddraw.dll
E:\WINDOWS\system32\DSOUND.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\hnetcfg.dll
E:\WINDOWS\system32\iertutil.dll
E:\WINDOWS\system32\IMAGEHLP.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\midimap.dll
E:\WINDOWS\system32\MSACM32.dll
E:\WINDOWS\system32\msacm32.drv
E:\WINDOWS\system32\MSASN1.dll
E:\WINDOWS\system32\MSCTF.dll
E:\WINDOWS\system32\msctfime.ime
E:\WINDOWS\system32\msi.dll
E:\WINDOWS\system32\MSIMG32.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\mswsock.dll
E:\WINDOWS\system32\NETAPI32.dll
E:\WINDOWS\system32\Normaliz.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\Secur32.dll
E:\WINDOWS\system32\SETUPAPI.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\SXS.DLL
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\uxtheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\wdmaud.drv
E:\WINDOWS\system32\WININET.dll
E:\WINDOWS\system32\WINMM.dll
E:\WINDOWS\system32\WINSTA.dll
E:\WINDOWS\system32\WINTRUST.dll
E:\WINDOWS\system32\WS2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\System32\wshtcpip.dll
E:\WINDOWS\system32\WSOCK32.dll
E:\WINDOWS\system32\Wtsapi32.dll
E:\WINDOWS\system32\xpsp2res.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (23)]
E:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\comctl32.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\iertutil.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\Normaliz.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\uxtheme.dll
E:\WINDOWS\system32\WININET.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\Program Files\Logitech\QuickCam\Quickcam.exe (68)]
E:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
E:\Program Files\Common Files\LogiShrd\LComMgr\DevMngr.dll
E:\Program Files\Common Files\Logishrd\LQCVFX\COCIManagerPS.dll
E:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSCli.dll
E:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
E:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
E:\Program Files\Logitech\QuickCam\EFVal.dll
E:\Program Files\Logitech\QuickCam\LAppRes.dll
E:\Program Files\Logitech\QuickCam\LogiMail.dll
E:\Program Files\Outlook Express\msoe.dll
E:\Program Files\Outlook Express\msoeres.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\acctres.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\apphelp.dll
E:\WINDOWS\system32\ATL.DLL
E:\WINDOWS\system32\CFGMGR32.dll
E:\WINDOWS\system32\CLBCATQ.DLL
E:\WINDOWS\system32\comdlg32.dll
E:\WINDOWS\system32\COMRes.dll
E:\WINDOWS\system32\CRYPT32.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\HID.DLL
E:\WINDOWS\system32\iertutil.dll
E:\WINDOWS\system32\IMAGEHLP.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\INETCOMM.dll
E:\WINDOWS\system32\inetres.dll
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\KsUser.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\midimap.dll
E:\WINDOWS\system32\MSACM32.dll
E:\WINDOWS\system32\msacm32.drv
E:\WINDOWS\system32\MSASN1.dll
E:\WINDOWS\system32\MSCTF.dll
E:\WINDOWS\system32\msctfime.ime
E:\WINDOWS\system32\msi.dll
E:\WINDOWS\system32\MSOEACCT.dll
E:\WINDOWS\system32\MSOERT2.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\NETAPI32.dll
E:\WINDOWS\system32\Normaliz.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\oledlg.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\SETUPAPI.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\SXS.DLL
E:\WINDOWS\system32\urlmon.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\uxtheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\wdmaud.drv
E:\WINDOWS\system32\WININET.dll
E:\WINDOWS\system32\WINMM.dll
E:\WINDOWS\system32\WINSPOOL.DRV
E:\WINDOWS\system32\WINSTA.dll
E:\WINDOWS\system32\WINTRUST.dll
E:\WINDOWS\system32\Wtsapi32.dll
E:\WINDOWS\system32\xpsp2res.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

[E:\Program Files\Microsoft IntelliPoint\ipoint.exe (48)]
E:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
E:\Program Files\Microsoft IntelliPoint\Components\Commands\dpghnt\dpghnt.dll
E:\Program Files\Microsoft IntelliPoint\dpgcmd.dll
E:\Program Files\Microsoft IntelliPoint\dpgmkb.dll
E:\Program Files\Microsoft IntelliPoint\ipres.dll
E:\Program Files\Microsoft IntelliPoint\srres.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\apphelp.dll
E:\WINDOWS\system32\CFGMGR32.dll
E:\WINDOWS\system32\CLBCATQ.DLL
E:\WINDOWS\system32\comdlg32.dll
E:\WINDOWS\system32\COMRes.dll
E:\WINDOWS\system32\CRYPT32.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\HID.DLL
E:\WINDOWS\system32\iertutil.dll
E:\WINDOWS\system32\IMAGEHLP.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\MSASN1.dll
E:\WINDOWS\system32\MSCTF.dll
E:\WINDOWS\system32\msctfime.ime
E:\WINDOWS\system32\msi.dll
E:\WINDOWS\system32\MSIMG32.dll
E:\WINDOWS\system32\MSVCP60.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\System32\msxml3.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEACC.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\PSAPI.DLL
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\setupapi.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\urlmon.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USERENV.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\uxtheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\WINMM.dll
E:\WINDOWS\system32\WINTRUST.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll

[E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (45)]
E:\Program Files\NVIDIA Corporation\nTune\nTuneServiceENU.dll
E:\Program Files\NVIDIA Corporation\nTune\nvsulib.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\comdlg32.dll
E:\WINDOWS\system32\CRYPT32.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\MFC71.DLL
E:\WINDOWS\system32\MFC71ENU.DLL
E:\WINDOWS\system32\MSASN1.dll
E:\WINDOWS\system32\MSVCR71.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\NETAPI32.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\NTMARTA.DLL
E:\WINDOWS\system32\nvapi.dll
E:\WINDOWS\system32\ODBC32.dll
E:\WINDOWS\system32\odbcbcp.dll
E:\WINDOWS\system32\odbcint.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\pdh.dll
E:\WINDOWS\system32\perfos.dll
E:\WINDOWS\system32\psapi.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\SAMLIB.dll
E:\WINDOWS\system32\SETUPAPI.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\uxtheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\WINMM.dll
E:\WINDOWS\system32\WINSPOOL.DRV
E:\WINDOWS\system32\WINSTA.dll
E:\WINDOWS\system32\WLDAP32.dll
E:\WINDOWS\system32\WS2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\system32\WTSAPI32.dll
E:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll

[E:\Program Files\QuickTime\QTTask.exe (24)]
E:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\apphelp.dll
E:\WINDOWS\system32\comctl32.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\MSCTF.dll
E:\WINDOWS\system32\msctfime.ime
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\oleaut32.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\uxtheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (33)]
E:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
E:\Program Files\Spybot - Search & Destroy\advcheck.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\apphelp.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\hhctrl.ocx
E:\WINDOWS\system32\IMAGEHLP.DLL
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\MSCTF.dll
E:\WINDOWS\system32\msctfime.ime
E:\WINDOWS\system32\msimg32.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\netapi32.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\oleaut32.dll
E:\WINDOWS\system32\psapi.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\Secur32.dll
E:\WINDOWS\system32\SETUPAPI.dll
E:\WINDOWS\system32\shell32.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USERENV.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\uxtheme.dll
E:\WINDOWS\system32\version.dll
E:\WINDOWS\system32\winspool.drv
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\Program Files\Spyware Doctor\SDTrayApp.exe (68)]
E:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
E:\Program Files\Spyware Doctor\cdialogs.dll
E:\Program Files\Spyware Doctor\CommLib.dll
E:\Program Files\Spyware Doctor\CommOM.dll
E:\Program Files\Spyware Doctor\ikdll.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\PCToolsComponents.bpl
E:\Program Files\Spyware Doctor\pwindow.dll
E:\Program Files\Spyware Doctor\rtl100.bpl
E:\Program Files\Spyware Doctor\smumhook.dll
E:\Program Files\Spyware Doctor\SysAccess.dll
E:\Program Files\Spyware Doctor\vcl100.bpl
E:\WINDOWS\system32\ACTIVEDS.dll
E:\WINDOWS\system32\adsldpc.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\apphelp.dll
E:\WINDOWS\system32\ATL.DLL
E:\WINDOWS\system32\comdlg32.dll
E:\WINDOWS\system32\CRYPT32.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\IMAGEHLP.DLL
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\inetmib1.dll
E:\WINDOWS\system32\iphlpapi.dll
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\midimap.dll
E:\WINDOWS\system32\mpr.dll
E:\WINDOWS\system32\MPRAPI.dll
E:\WINDOWS\system32\MSACM32.dll
E:\WINDOWS\system32\msacm32.drv
E:\WINDOWS\system32\MSASN1.dll
E:\WINDOWS\system32\MSCTF.dll
E:\WINDOWS\system32\msctfime.ime
E:\WINDOWS\system32\msimg32.dll
E:\WINDOWS\system32\MSVCP60.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\NETAPI32.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\NTMARTA.DLL
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\oleacc.dll
E:\WINDOWS\system32\oleaut32.dll
E:\WINDOWS\system32\oledlg.dll
E:\WINDOWS\system32\olepro32.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\rtutils.dll
E:\WINDOWS\system32\SAMLIB.dll
E:\WINDOWS\system32\Secur32.dll
E:\WINDOWS\system32\SETUPAPI.dll
E:\WINDOWS\system32\shell32.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\snmpapi.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\uxtheme.dll
E:\WINDOWS\system32\version.dll
E:\WINDOWS\system32\wdmaud.drv
E:\WINDOWS\system32\winmm.dll
E:\WINDOWS\system32\winspool.drv
E:\WINDOWS\system32\WINSTA.dll
E:\WINDOWS\system32\WINTRUST.dll
E:\WINDOWS\system32\WLDAP32.dll
E:\WINDOWS\system32\WS2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\system32\wsock32.dll
E:\WINDOWS\system32\Wtsapi32.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll

[E:\Program Files\Spyware Doctor\svcntaux.exe (33)]
E:\Program Files\Spyware Doctor\ikdll.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\rtl100.bpl
E:\Program Files\Spyware Doctor\smumhook.dll
E:\Program Files\Spyware Doctor\SysAccess.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\comctl32.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\IMAGEHLP.DLL
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\mpr.dll
E:\WINDOWS\system32\MSVCP60.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\NTMARTA.DLL
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\oleacc.dll
E:\WINDOWS\system32\oleaut32.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\SAMLIB.dll
E:\WINDOWS\system32\shell32.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\uxtheme.dll
E:\WINDOWS\system32\version.dll
E:\WINDOWS\system32\WLDAP32.dll
E:\WINDOWS\system32\WS2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\system32\wsock32.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\Program Files\Spyware Doctor\swdsvc.exe (111)]
E:\Program Files\Spyware Doctor\avengine\engine.dll
E:\Program Files\Spyware Doctor\avengine\SDAVgate.dll
E:\Program Files\Spyware Doctor\BH.dll
E:\Program Files\Spyware Doctor\commhlpr.dll
E:\Program Files\Spyware Doctor\CommLib.dll
E:\Program Files\Spyware Doctor\CommOM.dll
E:\Program Files\Spyware Doctor\filehlpr.dll
E:\Program Files\Spyware Doctor\FileStorage.sdp
E:\Program Files\Spyware Doctor\IDBLib.sdp
E:\Program Files\Spyware Doctor\ikdll.dll
E:\Program Files\Spyware Doctor\Immunizer.sdp
E:\Program Files\Spyware Doctor\inethlpr.dll
E:\Program Files\Spyware Doctor\Localizer.sdp
E:\Program Files\Spyware Doctor\NfyMan.sdp
E:\Program Files\Spyware Doctor\PCToolsComponents.bpl
E:\Program Files\Spyware Doctor\PCTWSC.dll
E:\Program Files\Spyware Doctor\plugins\Browsers.SDP
E:\Program Files\Spyware Doctor\plugins\cookie.sdp
E:\Program Files\Spyware Doctor\plugins\grAV.SDP
E:\Program Files\Spyware Doctor\plugins\grfiles.SDP
E:\Program Files\Spyware Doctor\plugins\grregistry.SDP
E:\Program Files\Spyware Doctor\plugins\KLGuard.SDP
E:\Program Files\Spyware Doctor\plugins\Network.SDP
E:\Program Files\Spyware Doctor\plugins\Process.SDP
E:\Program Files\Spyware Doctor\plugins\ScriptEngine.SDP
E:\Program Files\Spyware Doctor\plugins\SDNET.SDP
E:\Program Files\Spyware Doctor\plugins\StartUp.SDP
E:\Program Files\Spyware Doctor\quarantine.sdp
E:\Program Files\Spyware Doctor\RebootManager.sdp
E:\Program Files\Spyware Doctor\RegHelper.dll
E:\Program Files\Spyware Doctor\rtl100.bpl
E:\Program Files\Spyware Doctor\scaneng.sdp
E:\Program Files\Spyware Doctor\sdcore.dll
E:\Program Files\Spyware Doctor\SDExtra.sdp
E:\Program Files\Spyware Doctor\SDInfo.sdp
E:\Program Files\Spyware Doctor\Settings.sdp
E:\Program Files\Spyware Doctor\SH.dll
E:\Program Files\Spyware Doctor\stasks.sdp
E:\Program Files\Spyware Doctor\SysAccess.dll
E:\Program Files\Spyware Doctor\SystemMonitor.sdp
E:\Program Files\Spyware Doctor\vcl100.bpl
E:\Program Files\Spyware Doctor\whitelist.sdp
E:\WINDOWS\system32\ACTIVEDS.dll
E:\WINDOWS\system32\adsldpc.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\appHelp.dll
E:\WINDOWS\system32\ATL.DLL
E:\WINDOWS\system32\CLBCATQ.DLL
E:\WINDOWS\system32\comctl32.dll
E:\WINDOWS\system32\comdlg32.dll
E:\WINDOWS\system32\COMRes.dll
E:\WINDOWS\system32\DNSAPI.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\iertutil.dll
E:\WINDOWS\system32\IMAGEHLP.DLL
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\inetmib1.dll
E:\WINDOWS\system32\iphlpapi.dll
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\mpr.dll
E:\WINDOWS\system32\MPRAPI.dll
E:\WINDOWS\system32\msimg32.dll
E:\WINDOWS\System32\mstask.dll
E:\WINDOWS\system32\msv1_0.dll
E:\WINDOWS\system32\MSVCP60.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\NETAPI32.dll
E:\WINDOWS\system32\Normaliz.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\NTDSAPI.dll
E:\WINDOWS\system32\NTMARTA.DLL
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\oleacc.dll
E:\WINDOWS\system32\oleaut32.dll
E:\WINDOWS\system32\oledlg.dll
E:\WINDOWS\system32\olepro32.dll
E:\WINDOWS\system32\RASAPI32.dll
E:\WINDOWS\system32\rasman.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\rtutils.dll
E:\WINDOWS\system32\SAMLIB.dll
E:\WINDOWS\system32\secur32.dll
E:\WINDOWS\system32\sensapi.dll
E:\WINDOWS\system32\SETUPAPI.dll
E:\WINDOWS\system32\shell32.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\snmpapi.dll
E:\WINDOWS\system32\TAPI32.dll
E:\WINDOWS\system32\urlmon.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USERENV.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\uxtheme.dll
E:\WINDOWS\system32\version.dll
E:\WINDOWS\System32\wbem\fastprox.dll
E:\WINDOWS\System32\wbem\wbemcomn.dll
E:\WINDOWS\System32\wbem\wbemprox.dll
E:\WINDOWS\System32\wbem\wbemsvc.dll
E:\WINDOWS\system32\wininet.dll
E:\WINDOWS\system32\WINMM.dll
E:\WINDOWS\system32\winspool.drv
E:\WINDOWS\system32\WINSTA.dll
E:\WINDOWS\system32\WLDAP32.dll
E:\WINDOWS\system32\WS2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\system32\Wship6.dll
E:\WINDOWS\system32\wsock32.dll
E:\WINDOWS\system32\Wtsapi32.dll
E:\WINDOWS\system32\xpsp2res.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\program files\steam\steam.exe (94)]
E:\Program Files\Bonjour\mdnsNSP.dll
E:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\program files\Steam\bin\FileSystem_Steam.dll
e:\program files\steam\bin\friendsUI.dll
E:\program files\steam\bin\p2pcore.dll
E:\program files\steam\bin\p2pvoice.dll
e:\program files\steam\bin\serverbrowser.dll
E:\program files\steam\bin\SteamService.dll
E:\program files\steam\bin\vaudio_speex.dll
E:\program files\Steam\bin\vgui2.dll
E:\program files\steam\dbghelp.dll
E:\program files\steam\mss32_s.dll
E:\program files\steam\Steam.dll
E:\program files\steam\steamclient.dll
E:\program files\steam\SteamUI.dll
E:\program files\steam\tier0_s.dll
E:\program files\steam\vstdlib_s.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\apphelp.dll
E:\WINDOWS\system32\CLBCATQ.DLL
E:\WINDOWS\system32\COMCTL32.dll
E:\WINDOWS\system32\comdlg32.dll
E:\WINDOWS\system32\COMRes.dll
E:\WINDOWS\system32\CRYPT32.dll
E:\WINDOWS\system32\DNSAPI.dll
E:\WINDOWS\system32\DSOUND.DLL
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\hnetcfg.dll
E:\WINDOWS\system32\ieframe.dll
E:\WINDOWS\system32\iertutil.dll
E:\WINDOWS\system32\IMAGEHLP.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\Iphlpapi.dll
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\KsUser.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\midimap.dll
E:\WINDOWS\system32\MSACM32.dll
E:\WINDOWS\system32\msacm32.drv
E:\WINDOWS\system32\MSASN1.dll
E:\WINDOWS\system32\MSCTF.dll
E:\WINDOWS\system32\msctfime.ime
E:\WINDOWS\system32\msi.dll
E:\WINDOWS\system32\MSIMG32.dll
E:\WINDOWS\system32\msv1_0.dll
E:\WINDOWS\system32\MSVCP60.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\mswsock.dll
E:\WINDOWS\system32\NETAPI32.dll
E:\WINDOWS\system32\Normaliz.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\NTDSAPI.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEACC.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\oledlg.dll
E:\WINDOWS\system32\psapi.dll
E:\WINDOWS\system32\rasadhlp.dll
E:\WINDOWS\system32\RASAPI32.dll
E:\WINDOWS\system32\rasman.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\rsaenh.dll
E:\WINDOWS\system32\rtutils.dll
E:\WINDOWS\system32\Secur32.dll
E:\WINDOWS\system32\sensapi.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\SXS.DLL
E:\WINDOWS\system32\TAPI32.dll
E:\WINDOWS\system32\urlmon.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USERENV.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\uxtheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\System32\wbem\fastprox.dll
E:\WINDOWS\System32\wbem\wbemcomn.dll
E:\WINDOWS\System32\wbem\wbemprox.dll
E:\WINDOWS\System32\wbem\wbemsvc.dll
E:\WINDOWS\system32\wdmaud.drv
E:\WINDOWS\system32\WININET.dll
E:\WINDOWS\system32\WINMM.dll
E:\WINDOWS\System32\winrnr.dll
E:\WINDOWS\system32\WINSPOOL.DRV
E:\WINDOWS\system32\WINTRUST.dll
E:\WINDOWS\system32\WLDAP32.dll
E:\WINDOWS\system32\WS2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\System32\wshtcpip.dll
E:\WINDOWS\system32\WSOCK32.dll
E:\WINDOWS\system32\xpsp2res.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\WINDOWS\Explorer.EXE (114)]
E:\PROGRA~1\SPYBOT~1\SDHelper.dll
E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
E:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\AppPatch\AcGenral.DLL
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\apphelp.dll
E:\WINDOWS\system32\ATL.DLL
E:\WINDOWS\System32\BatMeter.dll
E:\WINDOWS\system32\browselc.dll
E:\WINDOWS\system32\BROWSEUI.dll
E:\WINDOWS\System32\CFGMGR32.dll
E:\WINDOWS\system32\CLBCATQ.DLL
E:\WINDOWS\system32\comctl32.dll
E:\WINDOWS\system32\comdlg32.dll
E:\WINDOWS\system32\COMRes.dll
E:\WINDOWS\system32\credui.dll
E:\WINDOWS\system32\CRYPT32.dll
E:\WINDOWS\system32\CRYPTUI.dll
E:\WINDOWS\System32\CSCDLL.dll
E:\WINDOWS\System32\cscui.dll
E:\WINDOWS\System32\davclnt.dll
E:\WINDOWS\system32\dfshim.dll
E:\WINDOWS\System32\drprov.dll
E:\WINDOWS\system32\DUSER.dll
E:\WINDOWS\system32\faultrep.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\ieframe.dll
E:\WINDOWS\system32\iertutil.dll
E:\WINDOWS\system32\IMAGEHLP.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\iphlpapi.dll
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LINKINFO.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\MFC42.DLL
E:\WINDOWS\system32\midimap.dll
E:\WINDOWS\system32\MLANG.dll
E:\WINDOWS\system32\MPR.dll
E:\WINDOWS\system32\MSACM32.dll
E:\WINDOWS\system32\msacm32.drv
E:\WINDOWS\system32\MSASN1.dll
E:\WINDOWS\system32\mscoree.dll
E:\WINDOWS\System32\MSCTF.dll
E:\WINDOWS\system32\msctfime.ime
E:\WINDOWS\system32\MSGINA.dll
E:\WINDOWS\system32\msi.dll
E:\WINDOWS\System32\MSIMG32.dll
E:\WINDOWS\system32\MSISIP.DLL
E:\WINDOWS\System32\msutb.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\NETAPI32.dll
E:\WINDOWS\System32\NETRAP.dll
E:\WINDOWS\system32\NETSHELL.dll
E:\WINDOWS\System32\NETUI0.dll
E:\WINDOWS\System32\NETUI1.dll
E:\WINDOWS\system32\Normaliz.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\System32\ntlanman.dll
E:\WINDOWS\system32\ntshrui.dll
E:\WINDOWS\system32\ODBC32.dll
E:\WINDOWS\system32\odbcint.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\olepro32.dll
E:\WINDOWS\system32\PortableDeviceApi.dll
E:\WINDOWS\system32\PortableDeviceTypes.dll
E:\WINDOWS\System32\POWRPROF.dll
E:\WINDOWS\system32\PSAPI.DLL
E:\WINDOWS\system32\RASAPI32.DLL
E:\WINDOWS\system32\rasman.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\rsaenh.dll
E:\WINDOWS\system32\rtutils.dll
E:\WINDOWS\system32\SAMLIB.dll
E:\WINDOWS\System32\Secur32.dll
E:\WINDOWS\system32\SETUPAPI.dll
E:\WINDOWS\system32\shdoclc.dll
E:\WINDOWS\system32\SHDOCVW.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\ShimEng.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\System32\sti.dll
E:\WINDOWS\System32\stobject.dll
E:\WINDOWS\system32\SXS.DLL
E:\WINDOWS\system32\TAPI32.dll
E:\WINDOWS\System32\themeui.dll
E:\WINDOWS\system32\urlmon.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USERENV.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\UxTheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\wdmaud.drv
E:\WINDOWS\system32\webcheck.dll
E:\WINDOWS\system32\wiashext.dll
E:\WINDOWS\system32\WINHTTP.dll
E:\WINDOWS\system32\WININET.dll
E:\WINDOWS\system32\WINMM.dll
E:\WINDOWS\system32\WINSTA.dll
E:\WINDOWS\system32\WINTRUST.dll
E:\WINDOWS\system32\WLDAP32.dll
E:\WINDOWS\system32\WPDShServiceObj.dll
E:\WINDOWS\system32\ws2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\System32\wshext.dll
E:\WINDOWS\system32\WTSAPI32.dll
E:\WINDOWS\system32\xpsp2res.dll
E:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

[E:\WINDOWS\RTHDCPL.EXE (39)]
E:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\COMCTL32.dll
E:\WINDOWS\system32\COMDLG32.DLL
E:\WINDOWS\system32\CRYPT32.dll
E:\WINDOWS\system32\DSOUND.DLL
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\HHCTRL.OCX
E:\WINDOWS\system32\IMAGEHLP.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\KsUser.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\midimap.dll
E:\WINDOWS\system32\MPR.DLL
E:\WINDOWS\system32\MSACM32.dll
E:\WINDOWS\system32\msacm32.drv
E:\WINDOWS\system32\MSASN1.dll
E:\WINDOWS\system32\MSCTF.dll
E:\WINDOWS\system32\msctfime.ime
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\SETUPAPI.DLL
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\uxtheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\wdmaud.drv
E:\WINDOWS\system32\WINMM.dll
E:\WINDOWS\system32\WINSPOOL.DRV
E:\WINDOWS\system32\WINTRUST.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\WINDOWS\System32\alg.exe (35)]
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\AppPatch\AcGenral.DLL
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\System32\ATL.DLL
E:\WINDOWS\System32\CLBCATQ.DLL
E:\WINDOWS\system32\comctl32.dll
E:\WINDOWS\System32\COMRes.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\hnetcfg.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\System32\LPK.DLL
E:\WINDOWS\System32\MSACM32.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\System32\MSWSOCK.DLL
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\System32\ShimEng.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USERENV.dll
E:\WINDOWS\System32\USP10.dll
E:\WINDOWS\System32\UxTheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\System32\WINMM.dll
E:\WINDOWS\System32\WS2_32.dll
E:\WINDOWS\System32\WS2HELP.dll
E:\WINDOWS\System32\wshtcpip.dll
E:\WINDOWS\System32\WSOCK32.dll
E:\WINDOWS\System32\xpsp2res.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\WINDOWS\system32\csrss.exe (19)]
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\Apphelp.dll
E:\WINDOWS\system32\basesrv.dll
E:\WINDOWS\system32\CSRSRV.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\KERNEL32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\oleaut32.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\sxs.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\winsrv.dll

[E:\WINDOWS\system32\ctfmon.exe (28)]
E:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\AppPatch\AcGenral.DLL
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\MSACM32.dll
E:\WINDOWS\system32\MSCTF.dll
E:\WINDOWS\system32\msctfime.ime
E:\WINDOWS\system32\MSUTB.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\ShimEng.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USERENV.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\UxTheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\WINMM.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\WINDOWS\system32\lsass.exe (61)]
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\AppPatch\AcGenral.DLL
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\AUTHZ.dll
E:\WINDOWS\system32\comctl32.dll
E:\WINDOWS\system32\CRYPT32.dll
E:\WINDOWS\system32\cryptdll.dll
E:\WINDOWS\system32\DNSAPI.dll
E:\WINDOWS\system32\dssenh.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\hnetcfg.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\iphlpapi.dll
E:\WINDOWS\system32\ipsecsvc.dll
E:\WINDOWS\system32\kerberos.dll
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\LSASRV.dll
E:\WINDOWS\system32\MPR.dll
E:\WINDOWS\system32\MSACM32.dll
E:\WINDOWS\system32\MSASN1.dll
E:\WINDOWS\system32\msprivs.dll
E:\WINDOWS\system32\msv1_0.dll
E:\WINDOWS\system32\MSVCP60.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\mswsock.dll
E:\WINDOWS\system32\NETAPI32.dll
E:\WINDOWS\system32\netlogon.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\NTDSAPI.dll
E:\WINDOWS\system32\oakley.DLL
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\psbase.dll
E:\WINDOWS\system32\pstorsvc.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\rsaenh.dll
E:\WINDOWS\system32\SAMLIB.dll
E:\WINDOWS\system32\SAMSRV.dll
E:\WINDOWS\system32\scecli.dll
E:\WINDOWS\system32\schannel.dll
E:\WINDOWS\system32\Secur32.dll
E:\WINDOWS\system32\setupapi.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\ShimEng.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USERENV.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\UxTheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\w32time.dll
E:\WINDOWS\system32\wdigest.dll
E:\WINDOWS\system32\WINIPSEC.DLL
E:\WINDOWS\system32\WINMM.dll
E:\WINDOWS\system32\WLDAP32.dll
E:\WINDOWS\system32\WS2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\System32\wshtcpip.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\WINDOWS\system32\NOTEPAD.EXE (29)]
E:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\AppPatch\AcGenral.DLL
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\comdlg32.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\MSACM32.dll
E:\WINDOWS\system32\MSCTF.dll
E:\WINDOWS\system32\msctfime.ime
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\ShimEng.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USERENV.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\UxTheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\WINMM.dll
E:\WINDOWS\system32\WINSPOOL.DRV
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll

[E:\WINDOWS\system32\nvsvc32.exe (39)]
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\COMCTL32.dll
E:\WINDOWS\system32\CRYPT32.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\IMAGEHLP.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\iphlpapi.dll
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\MSASN1.dll
E:\WINDOWS\system32\msctfime.ime
E:\WINDOWS\system32\msv1_0.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\NETAPI32.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\NTMARTA.DLL
E:\WINDOWS\system32\nvapi.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\POWRPROF.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\SAMLIB.dll
E:\WINDOWS\system32\secur32.dll
E:\WINDOWS\system32\SETUPAPI.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USERENV.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\uxtheme.dll
E:\WINDOWS\system32\WINSTA.dll
E:\WINDOWS\system32\WINTRUST.dll
E:\WINDOWS\system32\WLDAP32.dll
E:\WINDOWS\system32\WS2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\system32\wtsapi32.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\WINDOWS\system32\RUNDLL32.EXE (32)]
E:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\AppPatch\AcGenral.DLL
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\comctl32.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\IMAGEHLP.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\MSACM32.dll
E:\WINDOWS\system32\MSCTF.dll
E:\WINDOWS\system32\msctfime.ime
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\nvapi.dll
E:\WINDOWS\system32\NvMcTray.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\SETUPAPI.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\ShimEng.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USERENV.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\UxTheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\WINMM.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\WINDOWS\system32\services.exe (32)]
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\AppPatch\AcAdProc.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\Apphelp.dll
E:\WINDOWS\system32\AUTHZ.dll
E:\WINDOWS\system32\eventlog.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\MSVCP60.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\NCObjAPI.DLL
E:\WINDOWS\system32\NETAPI32.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\oleaut32.dll
E:\WINDOWS\system32\PSAPI.DLL
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\SCESRV.dll
E:\WINDOWS\system32\secur32.dll
E:\WINDOWS\system32\ShimEng.dll
E:\WINDOWS\system32\umpnpmgr.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USERENV.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\WINSTA.dll
E:\WINDOWS\system32\WS2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\system32\wtsapi32.dll

[E:\WINDOWS\System32\smss.exe (1)]
E:\WINDOWS\system32\ntdll.dll

[E:\WINDOWS\system32\spoolsv.exe (56)]
E:\Program Files\Bonjour\mdnsNSP.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\AppPatch\AcGenral.DLL
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\CLBCATQ.DLL
E:\WINDOWS\system32\cnbjmon.dll
E:\WINDOWS\system32\comctl32.dll
E:\WINDOWS\system32\COMRes.dll
E:\WINDOWS\system32\CRYPT32.dll
E:\WINDOWS\system32\DNSAPI.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\IMAGEHLP.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\inetpp.dll
E:\WINDOWS\system32\Iphlpapi.dll
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\localspl.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\MSACM32.dll
E:\WINDOWS\system32\MSASN1.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\System32\mswsock.dll
E:\WINDOWS\system32\netapi32.dll
E:\WINDOWS\system32\NETRAP.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\NTDSAPI.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\pjlmon.dll
E:\WINDOWS\system32\rasadhlp.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\Secur32.dll
E:\WINDOWS\system32\sfc_os.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\ShimEng.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll
E:\WINDOWS\system32\SPOOLSS.DLL
E:\WINDOWS\system32\tcpmon.dll
E:\WINDOWS\system32\usbmon.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USERENV.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\UxTheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\win32spl.dll
E:\WINDOWS\system32\WINMM.dll
E:\WINDOWS\System32\winrnr.dll
E:\WINDOWS\system32\winspool.drv
E:\WINDOWS\system32\WINTRUST.dll
E:\WINDOWS\system32\WLDAP32.dll
E:\WINDOWS\system32\WS2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\system32\xpsp2res.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\WINDOWS\System32\svchost.exe (143)]
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\AppPatch\AcGenral.DLL
e:\windows\pchealth\helpctr\binaries\pchsvc.dll
E:\WINDOWS\System32\ACTIVEDS.dll
E:\WINDOWS\System32\adsldpc.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\Apphelp.dll
e:\windows\system32\ATL.DLL
e:\windows\system32\audiosrv.dll
e:\windows\system32\AUTHZ.dll
e:\windows\system32\browser.dll
e:\windows\system32\certcli.dll
E:\WINDOWS\System32\CLBCATQ.DLL
E:\WINDOWS\System32\CLUSAPI.DLL
E:\WINDOWS\system32\colbact.DLL
E:\WINDOWS\system32\comctl32.dll
E:\WINDOWS\System32\COMRes.dll
E:\WINDOWS\system32\comsvcs.dll
e:\windows\system32\credui.dll
E:\WINDOWS\system32\CRYPT32.dll
E:\WINDOWS\System32\cryptdll.dll
e:\windows\system32\cryptsvc.dll
E:\WINDOWS\system32\CRYPTUI.dll
e:\windows\system32\dhcpcsvc.dll
e:\windows\system32\dmserver.dll
e:\windows\system32\DNSAPI.dll
e:\windows\system32\ersvc.dll
e:\windows\system32\es.dll
e:\windows\system32\ESENT.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\System32\h323.tsp
e:\windows\system32\HID.DLL
E:\WINDOWS\System32\hidphone.tsp
e:\windows\system32\hidserv.dll
E:\WINDOWS\System32\hnetcfg.dll
E:\WINDOWS\system32\iertutil.dll
E:\WINDOWS\system32\IMAGEHLP.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\System32\ipconf.tsp
e:\windows\system32\iphlpapi.dll
e:\windows\system32\ipnathlp.dll
E:\WINDOWS\system32\kerberos.dll
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\System32\kmddsp.tsp
E:\WINDOWS\System32\LPK.DLL
E:\WINDOWS\System32\MPRAPI.dll
E:\WINDOWS\System32\MSACM32.dll
E:\WINDOWS\system32\MSASN1.dll
e:\windows\system32\msi.dll
E:\WINDOWS\System32\MSIDLE.DLL
E:\WINDOWS\system32\msv1_0.dll
e:\windows\system32\MSVCP60.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\mswsock.dll
E:\WINDOWS\system32\MTXCLU.DLL
E:\WINDOWS\system32\NCObjAPI.DLL
E:\WINDOWS\System32\ndptsp.tsp
E:\WINDOWS\system32\NETAPI32.dll
E:\WINDOWS\System32\netcfgx.dll
e:\windows\system32\netman.dll
e:\windows\system32\netshell.dll
E:\WINDOWS\system32\Normaliz.dll
E:\WINDOWS\system32\ntdll.dll
e:\windows\system32\NTDSAPI.dll
E:\WINDOWS\System32\ntlsapi.dll
E:\WINDOWS\System32\NTMARTA.DLL
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
e:\windows\system32\POWRPROF.dll
e:\windows\system32\PSAPI.DLL
E:\WINDOWS\System32\rasadhlp.dll
E:\WINDOWS\System32\RASAPI32.dll
E:\WINDOWS\System32\raschap.dll
E:\WINDOWS\System32\RASDLG.dll
E:\WINDOWS\System32\rasman.dll
e:\windows\system32\rasmans.dll
E:\WINDOWS\System32\rasppp.dll
E:\WINDOWS\System32\rastapi.dll
E:\WINDOWS\System32\rastls.dll
E:\WINDOWS\System32\RESUTILS.DLL
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\System32\rsaenh.dll
e:\windows\system32\rtutils.dll
E:\WINDOWS\System32\SAMLIB.dll
E:\WINDOWS\System32\SCHANNEL.dll
e:\windows\system32\schedsvc.dll
e:\windows\system32\seclogon.dll
e:\windows\system32\Secur32.dll
e:\windows\system32\sens.dll
E:\WINDOWS\System32\SETUPAPI.DLL
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\System32\ShimEng.dll
E:\WINDOWS\system32\SHLWAPI.dll
e:\windows\system32\shsvcs.dll
e:\windows\system32\srsvc.dll
e:\windows\system32\srvsvc.dll
E:\WINDOWS\System32\SSDPAPI.dll
E:\WINDOWS\System32\SXS.DLL
E:\WINDOWS\System32\TAPI32.dll
e:\windows\system32\tapisrv.dll
e:\windows\system32\trkwks.dll
E:\WINDOWS\System32\unimdm.tsp
E:\WINDOWS\System32\uniplat.dll
E:\WINDOWS\System32\upnp.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USERENV.dll
E:\WINDOWS\System32\USP10.dll
E:\WINDOWS\System32\UxTheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\VSSAPI.DLL
e:\windows\system32\w32time.dll
E:\WINDOWS\system32\wbem\esscli.dll
E:\WINDOWS\system32\wbem\FastProx.dll
E:\WINDOWS\System32\wbem\ncprov.dll
E:\WINDOWS\System32\wbem\repdrvfs.dll
E:\WINDOWS\System32\wbem\wbemcomn.dll
E:\WINDOWS\system32\wbem\wbemcore.dll
E:\WINDOWS\System32\wbem\wbemess.dll
E:\WINDOWS\System32\wbem\wbemsvc.dll
E:\WINDOWS\System32\wbem\wmiprvsd.dll
e:\windows\system32\wbem\wmisvc.dll
E:\WINDOWS\System32\wbem\wmiutils.dll
E:\WINDOWS\System32\WINHTTP.dll
E:\WINDOWS\system32\WININET.dll
e:\windows\system32\WINIPSEC.DLL
E:\WINDOWS\System32\WINMM.dll
E:\WINDOWS\System32\WinSCard.dll
E:\WINDOWS\System32\WINSTA.dll
E:\WINDOWS\system32\WINTRUST.dll
e:\windows\system32\wkssvc.dll
E:\WINDOWS\system32\WLDAP32.dll
e:\windows\system32\WMI.dll
e:\windows\system32\WS2_32.dll
e:\windows\system32\WS2HELP.dll
e:\windows\system32\wscsvc.dll
E:\WINDOWS\System32\wshtcpip.dll
E:\WINDOWS\system32\WSOCK32.dll
e:\windows\system32\WTSAPI32.dll
e:\windows\system32\WZCSAPI.DLL
e:\windows\system32\wzcsvc.dll
E:\WINDOWS\System32\xpsp2res.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\WINDOWS\System32\svchost.exe (33)]
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\AppPatch\AcGenral.DLL
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\comctl32.dll
e:\windows\system32\DNSAPI.dll
e:\windows\system32\dnsrslvr.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\System32\hnetcfg.dll
E:\WINDOWS\system32\IMM32.DLL
e:\windows\system32\iphlpapi.dll
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\System32\LPK.DLL
E:\WINDOWS\System32\MSACM32.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\mswsock.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\System32\ShimEng.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USERENV.dll
E:\WINDOWS\System32\USP10.dll
E:\WINDOWS\System32\UxTheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\System32\WINMM.dll
e:\windows\system32\WS2_32.dll
e:\windows\system32\WS2HELP.dll
E:\WINDOWS\System32\wshtcpip.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\WINDOWS\system32\svchost.exe (43)]
E:\Program Files\Bonjour\mdnsNSP.dll
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\AppPatch\AcGenral.DLL
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\CLBCATQ.DLL
E:\WINDOWS\system32\comctl32.dll
E:\WINDOWS\system32\COMRes.dll
E:\WINDOWS\system32\DNSAPI.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\hnetcfg.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\iphlpapi.dll
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\MSACM32.dll
E:\WINDOWS\system32\msi.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\mswsock.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\rasadhlp.dll
E:\WINDOWS\system32\RPCRT4.dll
e:\windows\system32\rpcss.dll
E:\WINDOWS\system32\rsaenh.dll
e:\windows\system32\Secur32.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\ShimEng.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USERENV.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\UxTheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\WINMM.dll
E:\WINDOWS\System32\winrnr.dll
E:\WINDOWS\system32\WLDAP32.dll
e:\windows\system32\WS2_32.dll
e:\windows\system32\WS2HELP.dll
E:\WINDOWS\System32\wshtcpip.dll
E:\WINDOWS\system32\xpsp2res.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\WINDOWS\System32\svchost.exe (44)]
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\AppPatch\AcGenral.DLL
E:\WINDOWS\system32\actxprxy.dll
E:\WINDOWS\system32\ADVAPI32.dll
e:\windows\system32\CFGMGR32.dll
E:\WINDOWS\System32\CLBCATQ.DLL
E:\WINDOWS\system32\comctl32.dll
E:\WINDOWS\System32\COMRes.dll
E:\WINDOWS\system32\CRYPT32.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\IMAGEHLP.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\System32\LPK.DLL
E:\WINDOWS\System32\MSACM32.dll
E:\WINDOWS\system32\MSASN1.dll
e:\windows\system32\mscms.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\NETAPI32.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\System32\setupapi.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\System32\SHFOLDER.dll
E:\WINDOWS\System32\ShimEng.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\System32\sti.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USERENV.dll
E:\WINDOWS\System32\USP10.dll
E:\WINDOWS\System32\UxTheme.dll
E:\WINDOWS\system32\VERSION.dll
e:\windows\system32\wiaservc.dll
E:\WINDOWS\System32\wiavusd.dll
E:\WINDOWS\System32\WINMM.dll
e:\windows\system32\WINSPOOL.DRV
e:\windows\system32\WINSTA.dll
E:\WINDOWS\system32\WINTRUST.dll
E:\WINDOWS\System32\xpsp2res.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

[E:\WINDOWS\System32\svchost.exe (45)]
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\AppPatch\AcGenral.DLL
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\System32\CLBCATQ.DLL
E:\WINDOWS\system32\comctl32.dll
E:\WINDOWS\System32\COMRes.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\System32\hnetcfg.dll
E:\WINDOWS\system32\iertutil.dll
E:\WINDOWS\system32\IMM32.DLL
e:\windows\system32\iphlpapi.dll
E:\WINDOWS\system32\kernel32.dll
e:\windows\system32\lmhsvc.dll
E:\WINDOWS\System32\LPK.DLL
E:\WINDOWS\System32\MSACM32.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\mswsock.dll
E:\WINDOWS\system32\Normaliz.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\System32\NTMARTA.DLL
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
e:\windows\system32\regsvc.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\System32\SAMLIB.dll
E:\WINDOWS\System32\Secur32.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\System32\ShimEng.dll
E:\WINDOWS\system32\SHLWAPI.dll
e:\windows\system32\ssdpsrv.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USERENV.dll
E:\WINDOWS\System32\USP10.dll
E:\WINDOWS\System32\UxTheme.dll
E:\WINDOWS\system32\VERSION.dll
e:\windows\system32\webclnt.dll
E:\WINDOWS\system32\WININET.dll
E:\WINDOWS\System32\WINMM.dll
E:\WINDOWS\system32\WLDAP32.dll
e:\windows\system32\WS2_32.dll
e:\windows\system32\WS2HELP.dll
E:\WINDOWS\System32\wshtcpip.dll
E:\WINDOWS\System32\xpsp2res.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\WINDOWS\system32\svchost.exe (56)]
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\AppPatch\AcGenral.DLL
e:\windows\system32\ACTIVEDS.dll
e:\windows\system32\adsldpc.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\Apphelp.dll
e:\windows\system32\ATL.DLL
e:\windows\system32\AUTHZ.dll
E:\WINDOWS\system32\CLBCATQ.DLL
E:\WINDOWS\system32\comctl32.dll
E:\WINDOWS\system32\COMRes.dll
E:\WINDOWS\system32\CRYPT32.dll
E:\WINDOWS\system32\GDI32.dll
e:\windows\system32\ICAAPI.dll
E:\WINDOWS\system32\IMAGEHLP.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\iphlpapi.dll
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\MSACM32.dll
E:\WINDOWS\system32\MSASN1.dll
E:\WINDOWS\system32\msi.dll
e:\windows\system32\mstlsapi.dll
E:\WINDOWS\system32\msv1_0.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\NETAPI32.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\NTMARTA.DLL
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\REGAPI.dll
E:\WINDOWS\system32\RPCRT4.dll
e:\windows\system32\rpcss.dll
E:\WINDOWS\system32\rsaenh.dll
E:\WINDOWS\system32\SAMLIB.dll
e:\windows\system32\Secur32.dll
e:\windows\system32\SETUPAPI.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\ShimEng.dll
E:\WINDOWS\system32\SHLWAPI.dll
e:\windows\system32\termsrv.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USERENV.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\UxTheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\WINMM.dll
E:\WINDOWS\system32\WINSTA.dll
E:\WINDOWS\system32\WINTRUST.dll
E:\WINDOWS\system32\WLDAP32.dll
e:\windows\system32\WS2_32.dll
e:\windows\system32\WS2HELP.dll
E:\WINDOWS\system32\WTSAPI32.dll
E:\WINDOWS\system32\xpsp2res.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\WINDOWS\System32\wbem\wmiprvse.exe (45)]
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\AppPatch\AcGenral.DLL
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\CLBCATQ.DLL
E:\WINDOWS\system32\comctl32.dll
E:\WINDOWS\system32\COMRes.dll
E:\WINDOWS\system32\DNSAPI.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\MSACM32.dll
E:\WINDOWS\system32\MSVCP60.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\NCObjAPI.DLL
E:\WINDOWS\system32\NETAPI32.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\NTDSAPI.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\Secur32.dll
E:\WINDOWS\system32\SETUPAPI.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\ShimEng.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USERENV.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\UxTheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\System32\wbem\cimwin32.dll
E:\WINDOWS\System32\wbem\FastProx.dll
E:\WINDOWS\System32\wbem\framedyn.dll
E:\WINDOWS\System32\wbem\wbemcomn.dll
E:\WINDOWS\System32\wbem\wbemprox.dll
E:\WINDOWS\System32\wbem\wbemsvc.dll
E:\WINDOWS\System32\wbem\wmiutils.dll
E:\WINDOWS\system32\WINMM.dll
E:\WINDOWS\system32\WLDAP32.dll
E:\WINDOWS\system32\WS2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\system32\xpsp2res.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[E:\WINDOWS\system32\winlogon.exe (76)]
E:\Program Files\Spyware Doctor\klg.dat
E:\Program Files\Spyware Doctor\smumhook.dll
E:\WINDOWS\system32\ACTIVEDS.dll
E:\WINDOWS\system32\adsldpc.dll
E:\WINDOWS\system32\ADVAPI32.dll
E:\WINDOWS\system32\Apphelp.dll
E:\WINDOWS\system32\ATL.DLL
E:\WINDOWS\system32\AUTHZ.dll
E:\WINDOWS\system32\CLBCATQ.DLL
E:\WINDOWS\system32\COMCTL32.dll
E:\WINDOWS\system32\comdlg32.dll
E:\WINDOWS\system32\COMRes.dll
E:\WINDOWS\system32\CRYPT32.dll
E:\WINDOWS\system32\cscdll.dll
E:\WINDOWS\system32\cscui.dll
E:\WINDOWS\system32\GDI32.dll
E:\WINDOWS\system32\IMAGEHLP.dll
E:\WINDOWS\system32\IMM32.DLL
E:\WINDOWS\system32\iphlpapi.dll
E:\WINDOWS\system32\kernel32.dll
E:\WINDOWS\system32\LPK.DLL
E:\WINDOWS\system32\midimap.dll
E:\WINDOWS\system32\MPR.dll
E:\WINDOWS\system32\MPRAPI.dll
E:\WINDOWS\system32\MSACM32.dll
E:\WINDOWS\system32\msacm32.drv
E:\WINDOWS\system32\MSASN1.dll
E:\WINDOWS\system32\msctfime.ime
E:\WINDOWS\system32\MSGINA.dll
E:\WINDOWS\system32\msv1_0.dll
E:\WINDOWS\system32\msvcrt.dll
E:\WINDOWS\system32\NDdeApi.dll
E:\WINDOWS\system32\NETAPI32.dll
E:\WINDOWS\system32\ntdll.dll
E:\WINDOWS\system32\NTMARTA.DLL
E:\WINDOWS\system32\ODBC32.dll
E:\WINDOWS\system32\odbcint.dll
E:\WINDOWS\system32\ole32.dll
E:\WINDOWS\system32\OLEAUT32.dll
E:\WINDOWS\system32\PROFMAP.dll
E:\WINDOWS\system32\PSAPI.DLL
E:\WINDOWS\system32\RASAPI32.dll
E:\WINDOWS\system32\rasman.dll
E:\WINDOWS\system32\REGAPI.dll
E:\WINDOWS\system32\RPCRT4.dll
E:\WINDOWS\system32\rsaenh.dll
E:\WINDOWS\system32\rtutils.dll
E:\WINDOWS\system32\SAMLIB.dll
E:\WINDOWS\system32\Secur32.dll
E:\WINDOWS\system32\SETUPAPI.dll
E:\WINDOWS\system32\sfc.dll
E:\WINDOWS\system32\sfc_os.dll
E:\WINDOWS\system32\SHELL32.dll
E:\WINDOWS\system32\SHLWAPI.dll
E:\WINDOWS\system32\SHSVCS.dll
E:\WINDOWS\system32\sxs.dll
E:\WINDOWS\system32\TAPI32.dll
E:\WINDOWS\system32\USER32.dll
E:\WINDOWS\system32\USERENV.dll
E:\WINDOWS\system32\USP10.dll
E:\WINDOWS\system32\uxtheme.dll
E:\WINDOWS\system32\VERSION.dll
E:\WINDOWS\system32\wdmaud.drv
E:\WINDOWS\system32\WgaLogon.dll
E:\WINDOWS\system32\WINMM.dll
E:\WINDOWS\system32\WINSCARD.DLL
E:\WINDOWS\system32\WINSPOOL.DRV
E:\WINDOWS\system32\WINSTA.dll
E:\WINDOWS\system32\WINTRUST.dll
E:\WINDOWS\system32\WLDAP32.dll
E:\WINDOWS\system32\WlNotify.dll
E:\WINDOWS\system32\WS2_32.dll
E:\WINDOWS\system32\WS2HELP.dll
E:\WINDOWS\system32\WTSAPI32.dll
E:\WINDOWS\system32\xpsp2res.dll
E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

--------------------

Autostart folders:

[Startup (1)]
desktop.ini

[User Startup (1)]
desktop.ini

[Common Startup (2)]
desktop.ini
Microsoft Office.lnk

[User Common Startup (2)]
desktop.ini
Microsoft Office.lnk

--------------------

Task Scheduler jobs (1):

AppleSoftwareUpdate.job

--------------------

IniMapping values:

System NT shell = Explorer.exe

--------------------

Autostarting batch files:

[autoexec.bat]
flash893 n51pvmt9.f4

[autoexec.nt]
@echo off
lh %SystemRoot%\system32\mscdexnt.exe
lh %SystemRoot%\system32\redir
lh %SystemRoot%\system32\dosx
SET BLASTER=A220 I5 D1 P330 T3

[config.nt]
dos=high, umb
device=%SystemRoot%\system32\himem.sys
files=40
device=E:\PROGRA~1\ALWILS~1\Avast4\aswmonds.sys

--------------------

On-reboot actions:

[Wininit.ini]
[rename]
c:\tempjunk9102.tmp=E:\WINDOWS\system32\gijrrbkv.dllbox
nul=c:\tempjunk917.tmp
c:\tempjunk1630.tmp=E:\WINDOWS\system32\gijrrbkv.dll_old
c:\tempjunk917.tmp=E:\WINDOWS\system32\gijrrbkv.dll

BootExecute = autocheck autochk *

--------------------

Shell commands:

.bat - MS-DOS Batch File - "%1" %*
.cmd - Windows NT Command Script - "%1" %*
.com - MS-DOS Application - "%1" %*
.exe - Application - "%1" %*
.hta - HTML Application - E:\WINDOWS\system32\mshta.exe "%1" %*
.js - JScript Script File - E:\WINDOWS\System32\WScript.exe "%1" %*
.jse - JScript Encoded Script File - E:\WINDOWS\System32\WScript.exe "%1" %*
.pif - Shortcut to MS-DOS Program - "%1" %*
.scr - Screen Saver - "%1" /S
.txt - Text Document - E:\WINDOWS\system32\NOTEPAD.EXE %1
.vbe - VBScript Encoded Script File - E:\WINDOWS\System32\WScript.exe "%1" %*
.vbs - VBScript Script File - E:\WINDOWS\System32\WScript.exe "%1" %*
.wsf - Windows Script File - E:\WINDOWS\System32\WScript.exe "%1" %*
.wsh - Windows Script Host Settings File - E:\WINDOWS\System32\WScript.exe "%1" %*

--------------------

Services:

[NT Services (49)]
##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## = "E:\Program Files\Bonjour\mDNSResponder.exe"
Apple Mobile Device = "E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
a-squared Anti-Malware Service = "E:\Program Files\a-squared Anti-Malware\a2service.exe"
Automatic Updates = E:\WINDOWS\system32\svchost.exm -k netsvcs
avast! Antivirus = "E:\Program Files\Alwil Software\Avast4\ashServ.exe"
avast! iAVS4 Control Service = "E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
AVG Anti-Spyware Guard = E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Computer Browser = E:\WINDOWS\System32\svchost.exe -k netsvcs
Cryptographic Services = E:\WINDOWS\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher = E:\WINDOWS\system32\svchost -k DcomLaunch
DHCP Client = E:\WINDOWS\System32\svchost.exe -k netsvcs
Distributed Link Tracking Client = E:\WINDOWS\system32\svchost.exe -k netsvcs
DNS Client = E:\WINDOWS\System32\svchost.exe -k NetworkService
Error Reporting Service = E:\WINDOWS\System32\svchost.exe -k netsvcs
Event Log = E:\WINDOWS\system32\services.exe
Help and Support = E:\WINDOWS\System32\svchost.exe -k netsvcs
HID Input Service = E:\WINDOWS\System32\svchost.exe -k netsvcs
IPSEC Services = E:\WINDOWS\System32\lsass.exe
Logical Disk Manager = E:\WINDOWS\System32\svchost.exe -k netsvcs
LVCOMSer = "E:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe"
LVSrvLauncher = E:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
nTune Service = E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService
NVIDIA Display Driver Service = E:\WINDOWS\system32\nvsvc32.exe
PC Tools Auxiliary Service = E:\Program Files\Spyware Doctor\svcntaux.exe
PC Tools Security Service = E:\Program Files\Spyware Doctor\swdsvc.exe
Plug and Play = E:\WINDOWS\system32\services.exe
Print Spooler = E:\WINDOWS\system32\spoolsv.exe
Process Monitor = "E:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe"
Protected Storage = E:\WINDOWS\system32\lsass.exe
Remote Procedure Call (RPC) = E:\WINDOWS\system32\svchost -k rpcss
Remote Registry = E:\WINDOWS\system32\svchost.exe -k LocalService
Secondary Logon = E:\WINDOWS\System32\svchost.exe -k netsvcs
Security Accounts Manager = E:\WINDOWS\system32\lsass.exe
Security Center = E:\WINDOWS\System32\svchost.exe -k netsvcs
Server = E:\WINDOWS\System32\svchost.exe -k netsvcs
Shell Hardware Detection = E:\WINDOWS\System32\svchost.exe -k netsvcs
System Event Notification = E:\WINDOWS\system32\svchost.exe -k netsvcs
System Restore Service = E:\WINDOWS\System32\svchost.exe -k netsvcs
Task Scheduler = E:\WINDOWS\System32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper = E:\WINDOWS\System32\svchost.exe -k LocalService
Themes = E:\WINDOWS\System32\svchost.exe -k netsvcs
WebClient = E:\WINDOWS\System32\svchost.exe -k LocalService
Windows Audio = E:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Firewall/Internet Connection Sharing (ICS) = E:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Image Acquisition (WIA) = E:\WINDOWS\System32\svchost.exe -k imgsvc
Windows Management Instrumentation = E:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Time = E:\WINDOWS\System32\svchost.exe -k netsvcs
Wireless Zero Configuration = E:\WINDOWS\System32\svchost.exe -k netsvcs
Workstation = E:\WINDOWS\System32\svchost.exe -k netsvcs

[SafeBoot services (Minimal boot)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
AVG Anti-Spyware Driver
dmboot.sys
dmio.sys
dmload.sys
sermouse.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
PCI Configuration
PNP Filter
Primary disk
SCSI Class
System Bus Extender

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AppMgmt
AVG Anti-Spyware Guard
CryptSvc
DcomLaunch
dmadmin
dmserver
EventLog
HelpSvc
Netlogon
PlugPlay
RpcSs
SRService
vds
WinMgmt

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}

* Volume shadow copy *
{533C5B84-EC70-11D2-9505-00C04F79DEAF}


[SafeBoot services (Minimal boot + network support)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
AVG Anti-Spyware Driver
dmboot.sys
dmio.sys
dmload.sys
ip6fw.sys
ipnat.sys
rdpcdd.sys
rdpdd.sys
rdpwd.sys
sermouse.sys
tdpipe.sys
tdtcp.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
NDIS
NDIS Wrapper
NetBIOSGroup
NetDDEGroup
Network
NetworkProvider
PCI Configuration
PNP Filter
PNP_TDI
Primary disk
SCSI Class
Streams Drivers
System Bus Extender
TDI

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* Net *
{4D36E972-E325-11CE-BFC1-08002BE10318}

* NetClient *
{4D36E973-E325-11CE-BFC1-08002BE10318}

* NetService *
{4D36E974-E325-11CE-BFC1-08002BE10318}

* NetTrans *
{4D36E975-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AFD
AppMgmt
AVG Anti-Spyware Guard
Browser
CryptSvc
DcomLaunch
Dhcp
dmadmin
dmserver
DnsCache
EventLog
HelpSvc
LanmanServer
LanmanWorkstation
LmHosts
Messenger
Ndisuio
NetBIOS
NetBT
Netlogon
NetMan
NtLmSsp
PlugPlay
rdsessmgr
RpcSs
sharedaccess
SRService
Tcpip
termservice
UploadMgr
WinMgmt
WZCSVC

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}


[SafeBoot: Alternate shell]
cmd.exe (not enabled)

--------------------

Driver filters:

[Class filters]
* Disk drives *
- Upper filters
PartMgr.sys

* DVD/CD-ROM drives *
- Upper filters
GEARAspiWDM.sys

* Imaging devices *
- Lower filters
LVUSBSta.sys

* Infrared devices *
- Upper filters
IRENUM.sys

* Keyboards *
- Upper filters
kbdclass.sys

* Medium Changers *
- Upper filters
GEARAspiWDM.sys

* Mice and other pointing devices *
- Upper filters
mouclass.sys

* Sound, video and game controllers *
- Lower filters
LVUSBSta.sys

* Storage volumes *
- Upper filters
VolSnap.sys

* Tape drives *
- Upper filters
GEARAspiWDM.sys



[Device filters]
* AMD ACPI-Compliant System *
- Lower filters
AmdAcpi.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* Communications Port *
- Upper filters
serenum.sys

* Direct Parallel *
- Lower filters
PtiLink.sys

* Microsoft Wireless Laser Mouse 8000 (IntelliPoint) *
- Upper filters
Point32.sys

* Razer Tarantula USB Keyboard *
- Lower filters
TarFltr.sys

* Razer Tarantula USB Keyboard *
- Lower filters
TarFltr.sys

* Razer Tarantula USB Keyboard *
- Lower filters
TarFltr.sys

* Razer Tarantula USB Keyboard *
- Lower filters
TarFltr.sys

* Terminal Server Keyboard Driver *
- Upper filters
kbdclass.sys

* Terminal Server Mouse Driver *
- Upper filters
mouclass.sys

* WAN Miniport (IP) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPPOE) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPTP) *
- Lower filters
NdisTapi.sys



--------------------

Print monitors (5):

BJ Language Monitor - cnbjmon.dll
Local Port - localspl.dll
PJL Language Monitor - pjlmon.dll
Standard TCP/IP Port - tcpmon.dll
USB Monitor - usbmon.dll

--------------------

WinLogon autoruns:

UserInit = E:\WINDOWS\system32\userinit.exe,
VmApplet = rundll32 shell32,Control_RunDLL "sysdm.cpl"

[Notify (12)]
crypt32chain = crypt32.dll
cryptnet = cryptnet.dll
cscdll = cscdll.dll
gijrrbkv = gijrrbkv.dll
jkkjghh = jkkjghh.dll
ScCertProp = wlnotify.dll
Schedule = wlnotify.dll
sclgntfy = sclgntfy.dll
SensLogn = WlNotify.dll
termsrv = wlnotify.dll
WgaLogon = WgaLogon.dll
wlballoon = wlnotify.dll

[Group policy extensions (11)]
Wireless = gptext.dll
Folder Redirection = fdeploy.dll
Microsoft Disk Quota = dskquota.dll
QoS Packet Scheduler = gptext.dll
Scripts = gptext.dll
Internet Explorer Zonemapping = iedkcs32.dll
Security = scecli.dll
Internet Explorer Branding = iedkcs32.dll
EFS recovery = scecli.dll
Software Installation = appmgmts.dll
IP Security = gptext.dll

--------------------

Policies:

[This user]
* Alternate policies *
- Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1)
NoDriveTypeAutoRun = dword: 145

- Software\Microsoft\Windows\CurrentVersion\policies\System (1)
DisableRegistryTools = dword: 0



[All users]
* Primary policies *
- Software\Policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems (72)
tWhiteList = Close
GeneralInfo
Quit
FirstPage
PrevPage
NextPage
LastPage
ActualSize
FitPage
FitWidth
FitHeight
SinglePage
OneColumn
TwoPages
TwoColumns
ZoomViewIn
ZoomViewOut
ShowHideBookmarks
ShowHideThumbnails
Print
GoToPage
ZoomTo
GeneralPrefs
SaveAs
FullScreen
OpenOrganizer
Scan
Web2PDF:OpnURL
AcroSendMail:SendMail
Spelling:Check Spelling
PageSetup
Find
FindSearch
GoBack
GoForward
FitVisible
ShowHideToolbarEditing
ShowHideToolbarCommenting
ShowHideToolbarEdit
ShowHideToolbarFile
ShowHideToolbarFind
ShowHideToolbarForms
ShowHideToolbarMeasuring
ShowHideToolbarData
ShowHideToolbarPageDisplay
ShowHideToolbarNavigation
ShowHideToolbarPrintProduction
ShowHideToolbarRedaction
ShowHideToolbarBasicTools
ShowHideToolbarTasks
ShowHideToolbarTypewriter
PropertyToolbar
ShowHideArticles
ShowHideFileAttachment
ShowHideAnnotManager
ShowHideFields
ShowHideOptCont
ShowHideModelTree
ShowHideSignatures
InsertPages
ExtractPages
ReplacePages
DeletePages
CropPages
RotatePages
AddFileAttachment
FindCurrentBookmark
BookmarkShowLocation
GoBackDoc
GoForwardDoc
HelpUserGuide
HelpReader

- Software\Policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms (94)
tBuiltInPermList = version:1
.ade:3
.adp:3
.app:3
.asp:3
.bas:3
.bat:3
.bz:3
.bz2:3
.chm:3
.class:3
.cmd:3
.com:3
.command:3
.cpl:3
.crt:3
.csh:3
.desktop:3
.exe:3
.fxp:3
.gz:3
.hex:3
.hlp:3
.hqx:3
.hta:3
.inf:3
.ini:3
.ins:3
.isp:3
.its:3
.job:3
.js:3
.jse:3
.ksh:3
.lnk:3
.lzh:3
.mad:3
.maf:3
.mag:3
.mam:3
.maq:3
.mar:3
.mas:3
.mat:3
.mau:3
.mav:3
.maw:3
.mda:3
.mde:3
.mdt:3
.mdw:3
.mdz:3
.msc:3
.msi:3
.msp:3
.mst:3
.ocx:3
.ops:3
.pcd:3
.pi:3
.pif:3
.prf:3
.prg:3
.pst:3
.rar:3
.reg:3
.scf:3
.scr:3
.sct:3
.sea:3
.shb:3
.shs:3
.sit:3
.tar:3
.tgz:3
.tmp:3
.url:3
.vb:3
.vbe:3
.vbs:3
.vsmacros:3
.vss:3
.vst:3
.vsw:3
.webloc:3
.ws:3
.wsc:3
.wsf:3
.wsh:3
.zip:3
.zlo:3
.zoo:3
.pdf:2
.fdf:2

- Software\Policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms (18)
tSchemePerms = version:1
shell:3
hcp:3
ms-help:3
ms-its:3
ms-itss:3
its:3
mk:3
mhtml:3
help:3
disk:3
afp:3
disks:3
telnet:3
ssh:3
acrobat:2
mailto:2
file:1

- Software\Policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1} (2)
DisableServerCheck = dword: 1
LegacyPresence = dword: 1

- Software\Policies\Microsoft\Windows\Installer (1)
EnableAdminTSRemote = dword: 1

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000} (7)
ClassName = ipsecFilter
description = Matches all ICMP packets between this computer and any other computer.
name = ipsecFilter{72385235-70fa-11d1-864c-14a300000000}
ipsecName = All ICMP Traffic
ipsecID = {72385235-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1176334900

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000} (7)
ClassName = ipsecFilter
description = Matches all IP packets from this computer to any other computer, except broadcast, multicast, Kerberos, RSVP and ISAKMP (IKE).
name = ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}
ipsecName = All IP Traffic
ipsecID = {7238523a-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1176334900

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}
ipsecID = {72385231-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1176334900

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}
ipsecID = {72385234-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1176334900

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}
ipsecID = {72385237-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1176334900

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}
ipsecID = {7238523d-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1176334900

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{3087cdfc-f78f-454a-b4d3-00726478f268} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{3087cdfc-f78f-454a-b4d3-00726478f268}
ipsecID = {3087cdfc-f78f-454a-b4d3-00726478f268}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1176334900

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{4197730b-0098-4a73-8766-eaf050b93051} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{4197730b-0098-4a73-8766-eaf050b93051}
ipsecID = {4197730b-0098-4a73-8766-eaf050b93051}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1176334900

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{5c66372f-62f3-48bd-b4c2-1b950f705e0e} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{5c66372f-62f3-48bd-b4c2-1b950f705e0e}
ipsecID = {5c66372f-62f3-48bd-b4c2-1b950f705e0e}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1176334900

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Accepts unsecured communication, but requests clients to establish trust and security methods. Will communicate insecurely to untrusted clients if they do not respond to request.
name = ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}
ipsecName = Request Security (Optional)
ipsecID = {72385233-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {3f91a81a-7647-11d1-864d-d46a00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1176334900

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Permit unsecured IP packets to pass through.
name = ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
ipsecName = Permit
ipsecID = {7238523b-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {8a171dd2-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1176334900

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients.
name = ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}
ipsecName = Require Security
ipsecID = {7238523f-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {3f91a81a-7647-11d1-864d-d46a00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1176334900

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{06938bed-2a22-4925-bb16-4d8bbcf2fe67} (8)
ClassName = ipsecNFA
name = ipsecNFA{06938bed-2a22-4925-bb16-4d8bbcf2fe67}
ipsecName = Request Security (Optional) Rule
description = For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request.
ipsecID = {06938bed-2a22-4925-bb16-4d8bbcf2fe67}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1176334900

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{1e209737-6399-4c9c-a60d-3a0522822c01} (8)
ClassName = ipsecNFA
name = ipsecNFA{1e209737-6399-4c9c-a60d-3a0522822c01}
ipsecName = Permit unsecure ICMP packets to pass through.
description = Permit unsecure ICMP packets to pass through.
ipsecID = {1e209737-6399-4c9c-a60d-3a0522822c01}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1176334900

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{59876075-5ace-4827-a193-4bbab0933ceb} (6)
ClassName = ipsecNFA
name = ipsecNFA{59876075-5ace-4827-a193-4bbab0933ceb}
ipsecID = {59876075-5ace-4827-a193-4bbab0933ceb}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{4197730b-0098-4a73-8766-eaf050b93051}
whenChanged = dword: 1176334900

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{70056aea-a6d7-437f-9a5a-ec86d5226102} (6)
ClassName = ipsecNFA
name = ipsecNFA{70056aea-a6d7-437f-9a5a-ec86d5226102}
ipsecID = {70056aea-a6d7-437f-9a5a-ec86d5226102}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{5c66372f-62f3-48bd-b4c2-1b950f705e0e}
whenChanged = dword: 1176334900

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{8a4aac02-9b0b-4e85-8530-0b6b7cf59a88} (6)
ClassName = ipsecNFA
name = ipsecNFA{8a4aac02-9b0b-4e85-8530-0b6b7cf59a88}
ipsecID = {8a4aac02-9b0b-4e85-8530-0b6b7cf59a88}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{3087cdfc-f78f-454a-b4d3-00726478f268}
whenChanged = dword: 1176334900

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{e2e178bc-b52e-4b73-bf9d-4688afdccc9e} (8)
ClassName = ipsecNFA
name = ipsecNFA{e2e178bc-b52e-4b73-bf9d-4688afdccc9e}
ipsecName = Permit unsecure ICMP packets to pass through.
description = Permit unsecure ICMP packets to pass through.
ipsecID = {e2e178bc-b52e-4b73-bf9d-4688afdccc9e}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1176334900

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{f746909a-6c37-4a9d-8bfc-fc1c16dba316} (8)
ClassName = ipsecNFA
name = ipsecNFA{f746909a-6c37-4a9d-8bfc-fc1c16dba316}
ipsecName = Require Security
description = Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients.
ipsecID = {f746909a-6c37-4a9d-8bfc-fc1c16dba316}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1176334900

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request.
name = ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}
ipsecName = Server (Request Security)
ipsecID = {72385230-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1176334900

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = Communicate normally (unsecured). Use the default response rule to negotiate with servers that request security. Only the requested protocol and port traffic with that server is secured.
name = ipsecPolicy{72385236-70fa-11d1-864c-14a300000000}
ipsecName = Client (Respond Only)
ipsecID = {72385236-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1176334900

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = For all IP traffic, always require security using Kerberos trust. Do NOT allow unsecured communication with untrusted clients.
name = ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}
ipsecName = Secure Server (Require Security)
ipsecID = {7238523c-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1176334900

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers (4)
TransparentEnabled = dword: 1
DefaultLevel = dword: 262144
AuthenticodeEnabled = dword: 0
PolicyScope = dword: 0

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} (4)
Description = Stop the download of this file
FriendlyName = Mdac11.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} (4)
Description = Stop the download of this file
FriendlyName = mdac20.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} (4)
Description = Stop the download of this file
FriendlyName = mdac20_a.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} (4)
Description = Stop the download of this file
FriendlyName = _msadc10.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} (4)
Description = Stop the download of this file
FriendlyName = msadc11.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} (2)
Description =
SaferFlags = dword: 0

* Alternate policies *
- Software\Microsoft\Windows\CurrentVersion\policies\Explorer (2)
NoDriveAutoRun = dword: 67108863
NoDriveTypeAutoRun = dword: 255

- Software\Microsoft\Windows\CurrentVersion\policies\NonEnum (3)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = dword: 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = dword: 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = dword: 32

- Software\Microsoft\Windows\CurrentVersion\policies\system (5)
dontdisplaylastusername = dword: 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = dword: 1
undockwithoutlogon = dword: 1



--------------------

Browser Helper Objects (4):

&Yahoo! Toolbar Helper = {02478D38-C3F9-4efb-9B51-7695ECA05670} = E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
Adobe PDF Reader Link Helper = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
Spybot-S&D IE Protection = {53707962-6F74-2D53-2644-206D7942484F} = E:\PROGRA~1\SPYBOT~1\SDHelper.dll
SSVHelper Class = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} = E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

--------------------

ActiveX objects (15):

BASEIE40_W2K - {89820200-ECBD-11cf-8B85-00AA005B4383} - E:\WINDOWS\system32\ie4uinit.exe -BaseSettings
BRANDING.CAB - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
BRANDING.CAB - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
DOTNETFRAMEWORKS - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - E:\WINDOWS\system32\Rundll32.exe E:\WINDOWS\system32\mscories.dll,Install
IE4Shell_NT - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
IEACCESS - {26923b43-4d38-484f-9b9e-de460746276c} - E:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
IEUDINIT - {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - E:\WINDOWS\system32\ieudinit.exe
MailNews - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
Messenger - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\wmp11.inf,PerUserStub
NetMeeting - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
OEACCESS - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - E:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
Theme Component - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - E:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall E:\WINDOWS\system32\themeui.dll
WAB - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
WMPACCESS - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - E:\WINDOWS\inf\unregmp2.exe /ShowWMP

--------------------

Internet Explorer toolbars:

[This user]
* ShellBrowser (1) *
&Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\WINDOWS\System32\browseui.dll

* WebBrowser (2) *
&Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\WINDOWS\System32\browseui.dll
&Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - E:\WINDOWS\system32\SHELL32.dll


--------------------

Internet Explorer buttons/tools (4):

Sun Java Console - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
Spybot - Search & Destroy Configuration - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
@xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

--------------------

Internet Explorer Bands (7):

IE Search Band - {30D02401-6A81-11d0-8274-00C04FD5AE38} - E:\WINDOWS\system32\ieframe.dll
&Tip of the Day - {4D5C8C25-D075-11d0-B416-00C04FB90376} - E:\WINDOWS\System32\shdocvw.dll
&Discuss - {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} - shdocvw.dll
File Search Explorer Band - {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - E:\WINDOWS\system32\SHELL32.dll
Favorites Band - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} - E:\WINDOWS\System32\shdocvw.dll
History Band - {EFA24E62-B078-11d0-89E4-00C04FC9E26E} - E:\WINDOWS\System32\shdocvw.dll
Explorer Band - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} - E:\WINDOWS\System32\shdocvw.dll

--------------------

Downloaded Program Files (9):

VatCtrl Class - {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - E:\WINDOWS\Downloaded Program Files\VATDecoder.dll - http://24.99.16.69/VatDec.cab
WUWebControl Class - {6414512B-B978-451D-A0D8-FCFDF33E833C} - E:\WINDOWS\system32\wuweb.dll - http://update.microsoft.com/windowsupdate/...b?1176335842061
MUWebControl Class - {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - E:\WINDOWS\system32\muweb.dll - http://update.microsoft.com/microsoftupdat...b?1176335986092
Java Runtime Environment 1.6.0 - {8AD9C840-044E-11D1-B3E9-00805F499D93} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
Java Runtime Environment 1.6.0 - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
Java Runtime Environment 1.6.0 - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
Java Runtime Environment 1.6.0 - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
Java Runtime Environment 1.6.0 - {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - E:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
Shockwave Flash Object - {D27CDB6E-AE6D-11CF-96B8-444553540000} - E:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab

--------------------

URL search hooks:

[This user (2)]
Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\WINDOWS\system32\ieframe.dll
Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

--------------------

Explorer clones:

E:\WINDOWS\explorer.exe

--------------------

Image File Execution Options (1):

Your Image File Name Here without a path = ntsd -d

--------------------

ContextMenuHandlers:

[* (10)]
7-Zip = {23170F69-40C1-278A-1000-000100020000} = E:\Program Files\7-Zip\7-zip.dll
avast = {472083B0-C522-11CF-8763-00608CC02F24} = E:\Program Files\Alwil Software\Avast4\ashShell.dll
AVG Anti-Spyware = {8934FCEF-F5B8-468f-951F-78A921CD3920} = E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
MagicISO = {DB85C504-C730-49DD-BEC1-7B39C6103B7A} = E:\Program Files\MagicISO\misosh.dll
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = E:\WINDOWS\System32\cscui.dll
Open With = {09799AFB-AD67-11d1-ABCD-00C04FC30936} = E:\WINDOWS\system32\SHELL32.dll
Open With EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = E:\WINDOWS\system32\SHELL32.dll
Start Menu Pin = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = E:\WINDOWS\system32\SHELL32.dll
WinRAR = {B41DB860-8EE4-11D2-9906-E49FADC173CA} = E:\Program Files\WinRAR\rarext.dll
Yahoo! Mail = {5464D816-CF16-4784-B9F3-75C0DB52B499} = E:\Program Files\Yahoo!\Common\YMMAPI.dll

[Drive (7)]
a-squared Anti-Malware Shell Extension = {AB77609F-2178-4E6F-9C4B-44AC179D937A} = E:\Program Files\a-squared Anti-Malware\a2contmenu.dll
AVG Anti-Spyware = {8934FCEF-F5B8-468f-951F-78A921CD3920} = E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
Disk Copy Extension = {59099400-57FF-11CE-BD94-0020AF85B590} = diskcopy.dll
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = E:\WINDOWS\System32\cscui.dll
Portable Devices Menu = {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} = E:\WINDOWS\system32\wpdshext.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
ShellFolder for CD Burning = {fbeb8a05-beee-4442-804e-409d6c4515e9} = E:\WINDOWS\system32\SHELL32.dll

[Folder (4)]
a-squared Anti-Malware Shell Extension = {AB77609F-2178-4E6F-9C4B-44AC179D937A} = E:\Program Files\a-squared Anti-Malware\a2contmenu.dll
avast = {472083B0-C522-11CF-8763-00608CC02F24} = E:\Program Files\Alwil Software\Avast4\ashShell.dll
MagicISO = {DB85C504-C730-49DD-BEC1-7B39C6103B7A} = E:\Program Files\MagicISO\misosh.dll
WinRAR = {B41DB860-8EE4-11D2-9906-E49FADC173CA} = E:\Program Files\WinRAR\rarext.dll

[CompressedFolder (1)]
Compressed (zipped) Folder Context Menu = {b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} = E:\WINDOWS\System32\zipfldr.dll

[Directory (7)]
7-Zip = {23170F69-40C1-278A-1000-000100020000} = E:\Program Files\7-Zip\7-zip.dll
AVG Anti-Spyware = {8934FCEF-F5B8-468f-951F-78A921CD3920} = E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = E:\WINDOWS\system32\SHELL32.dll
MagicISO = {DB85C504-C730-49DD-BEC1-7B39C6103B7A} = E:\Program Files\MagicISO\misosh.dll
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = E:\WINDOWS\System32\cscui.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinRAR = {B41DB860-8EE4-11D2-9906-E49FADC173CA} = E:\Program Files\WinRAR\rarext.dll

[Directory\Background (3)]
00nView = {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = E:\WINDOWS\system32\nvshell.dll
New = {D969A300-E7FF-11d0-A93B-00A0C90F2719} = E:\WINDOWS\system32\SHELL32.dll
NvCplDesktopContext = {A70C977A-BF00-412C-90B7-034C51DA2439} = E:\WINDOWS\system32\nvcpl.dll

[InternetShortcut (1)]
Internet Shortcut = {FBF23B40-E3F0-101B-8488-00AA003E56F8} = E:\WINDOWS\system32\ieframe.dll

[AllFileSystemObjects (2)]
a-squared Anti-Malware Shell Extension = {AB77609F-2178-4E6F-9C4B-44AC179D937A} = E:\Program Files\a-squared Anti-Malware\a2contmenu.dll
Send To = {7BA4C740-9E81-11CF-99D3-00AA004AE837} = E:\WINDOWS\system32\SHELL32.dll

--------------------

ColumnHandlers (5):

(no name) - {0D2E74C4-3C34-11d2-A27E-00C04FC30871} - E:\WINDOWS\system32\SHELL32.dll
(no name) - {24F14F01-7B1C-11d1-838f-0000F80461CF} - E:\WINDOWS\system32\SHELL32.dll
(no name) - {24F14F02-7B1C-11d1-838f-0000F80461CF} - E:\WINDOWS\system32\SHELL32.dll
(no name) - {66742402-F9B9-11D1-A202-0000F81FEDEE} - E:\WINDOWS\system32\SHELL32.dll
PDF Shell Extension - {F9DB5320-233E-11D1-9F84-707F02C10627} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

--------------------

ShellExecuteHooks (2):

AVG Anti-Spyware 7.5 = {57B86673-276A-48B2-BAE7-C6DBB3020EB8} = E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
URL Exec Hook = {AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

--------------------

Approved Shell Extensions:

[All users (215)]
%DESC_PublishDropTarget% - {60fd46de-f830-4894-a628-6fa81bc0190d} - E:\WINDOWS\System32\photowiz.dll
&Address - {01E04581-4EEE-11d0-BFE9-00AA005B4383} - E:\WINDOWS\System32\browseui.dll
&Links - {F2CF5485-4E02-4f68-819C-B92DE9277049} - E:\WINDOWS\system32\ieframe.dll
.CAB file viewer - {0CD7A5C0-9F37-11CE-AE65-08002B2E1262} - cabview.dll
7-Zip Shell Extension - {23170F69-40C1-278A-1000-000100020000} - E:\Program Files\7-Zip\7-zip.dll
Accessible - {7e653215-fa25-46bd-a339-34a2790f3cb7} - E:\WINDOWS\System32\browseui.dll
ActiveX Cache Folder - {88C6C381-2E85-11D0-94DE-444553540000} - E:\WINDOWS\system32\occache.dll
Address Bar Parser - {E0E11A09-5CB8-4B6C-8332-E00720A168F2} - E:\WINDOWS\System32\browseui.dll
Address EditBox - {A08C11D2-A228-11d0-825B-00AA005B4383} - E:\WINDOWS\System32\browseui.dll
Administrative Tools - {D20EA4E1-3957-11d2-A40B-0C5020524153} - E:\WINDOWS\system32\shdocvw.dll
a-squared Anti-Malware Shell Extension - {AB77609F-2178-4E6F-9C4B-44AC179D937A} - E:\Program Files\a-squared Anti-Malware\a2contmenu.dll
Audio Media Properties Handler - {875CB1A1-0F29-45de-A1AE-CFB4950D0B78} - E:\WINDOWS\System32\shmedia.dll
Augmented Shell Folder - {91EA3F8B-C99B-11d0-9815-00C04FD91972} - E:\WINDOWS\System32\browseui.dll
Augmented Shell Folder 2 - {6413BA2C-B461-11d1-A18A-080036B11A03} - E:\WINDOWS\System32\browseui.dll
Auto Update Property Sheet Extension - {5F327514-6C5E-4d60-8F16-D07FA08A78ED} - E:\WINDOWS\system32\wuaucpl.cpl
Autoplay for SlideShow - {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} -
avast - {472083B0-C522-11CF-8763-00608CC02F24} - E:\Program Files\Alwil Software\Avast4\ashShell.dll
Avi Properties Handler - {87D62D94-71B3-4b9a-9489-5FE6850DC73E} - E:\WINDOWS\System32\shmedia.dll
BandProxy - {F61FFEC1-754F-11d0-80CA-00AA005B4383} - E:\WINDOWS\System32\browseui.dll
Briefcase - {85BBD920-42A0-1069-A2E4-08002B30309D} - syncui.dll
CDF Extension Copy Hook - {67EA19A0-CCEF-11d0-8024-00C04FD75D13} - E:\WINDOWS\System32\shdocvw.dll
Code Download Agent - {7D559C10-9FE9-11d0-93F7-00AA0059CE02} - E:\WINDOWS\system32\webcheck.dll
Compatibility Page - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} - SlayerXP.dll
Compressed (zipped) Folder - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} - E:\WINDOWS\System32\zipfldr.dll
Compressed (zipped) Folder Right Drag Handler - {BD472F60-27FA-11cf-B8B4-444553540000} - E:\WINDOWS\System32\zipfldr.dll
Compressed (zipped) Folder SendTo Target - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} - E:\WINDOWS\System32\zipfldr.dll
ConnectionAgent - {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} - E:\WINDOWS\System32\webcheck.dll
Crypto PKO Extension - {7444C717-39BF-11D1-8CD9-00C04FC29D45} - E:\WINDOWS\system32\cryptext.dll
Crypto Sign Extension - {7444C719-39BF-11D1-8CD9-00C04FC29D45} - E:\WINDOWS\system32\cryptext.dll
Custom MRU AutoCompleted List - {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} - E:\WINDOWS\System32\browseui.dll
Darwin App Publisher - {CFCCC7A0-A282-11D1-9082-006008059382} - E:\WINDOWS\System32\appwiz.cpl
Desktop Explorer - {1CDB2949-8F65-4355-8456-263E7C208A5D} - E:\WINDOWS\system32\nvshell.dll
Desktop Explorer Menu - {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - E:\WINDOWS\system32\nvshell.dll
DfsShell - {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} - E:\WINDOWS\System32\dfsshlex.dll
Directory Context Menu Verbs - {62AE1F9A-126A-11D0-A14B-0800361B1103} - E:\WINDOWS\System32\dsuiext.dll
Directory Object Find - {163FDC20-2ABC-11d0-88F0-00A024AB2DBB} - E:\WINDOWS\System32\dsquery.dll
Directory Property UI - {0D45D530-764B-11d0-A1CA-00AA00C16E65} - E:\WINDOWS\System32\dsuiext.dll
Directory Query UI - {8A23E65E-31C2-11d0-891C-00A024AB2DBB} - E:\WINDOWS\System32\dsquery.dll
Directory Start/Search Find - {F020E586-5264-11d1-A532-0000F8757D7E} - E:\WINDOWS\System32\dsquery.dll
Disk Copy Extension - {59099400-57FF-11CE-BD94-0020AF85B590} - diskcopy.dll
Disk Quota UI - {7988B573-EC89-11cf-9C00-00AA00A14F56} - dskquoui.dll
Display Adapter CPL Extension - {42071712-76d4-11d1-8b24-00a0c9068ff3} - deskadp.dll
Display Monitor CPL Extension - {42071713-76d4-11d1-8b24-00a0c9068ff3} - deskmon.dll
Display Panning CPL Extension - {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll
Display TroubleShoot CPL Extension - {f92e8c40-3d33-11d2-b1aa-080036a75b03} - deskperf.dll
Download Status - {22BF0C20-6DA7-11D0-B373-00A0C9034938} - E:\WINDOWS\System32\browseui.dll
DS Security Page - {4E40F770-369C-11d0-8922-00A024AB2DBB} - dssec.dll
E-mail - {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} - E:\WINDOWS\system32\shdocvw.dll
Encryption Context Menu - {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} -
Explorer Band - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} - E:\WINDOWS\System32\shdocvw.dll
Extensions Manager Folder - {692F0339-CBAA-47e6-B5B5-3B84DB604E87} - E:\WINDOWS\system32\extmgr.dll
Favorites Band - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} - E:\WINDOWS\System32\shdocvw.dll
Fonts - {BD84B380-8CA2-1069-AB1D-08000948F534} - fontext.dll
Fonts - {D20EA4E1-3957-11d2-A40B-0C5020524152} - E:\WINDOWS\system32\shdocvw.dll
For &People... - {32714800-2E5F-11d0-8B85-00AA0044F941} - E:\Program Files\Outlook Express\wabfind.dll
FTP Folders Webview - {63da6ec0-2e98-11cf-8d82-444553540000} - E:\WINDOWS\System32\msieftp.dll
Fusion Cache - {1D2680C9-0E2A-469d-B787-065558BC7D43} - E:\WINDOWS\system32\mscoree.dll
GDI+ file thumbnail extractor - {3F30C968-480A-4C6C-862D-EFC0897BB84B} - E:\WINDOWS\system32\shimgvw.dll
Get a Passport Wizard - {58f1f272-9240-4f51-b6d4-fd63d1618591} - E:\WINDOWS\System32\netplwiz.dll
Global Folder Settings - {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} - E:\WINDOWS\System32\browseui.dll
Help and Support - {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} - E:\WINDOWS\system32\shdocvw.dll
Help and Support - {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} - E:\WINDOWS\system32\shdocvw.dll
History - {FF393560-C2A7-11CF-BFF4-444553540000} - E:\WINDOWS\system32\ieframe.dll
HTML Thumbnail Extractor - {EAB841A0-9550-11cf-8C16-00805F1408F3} - E:\WINDOWS\system32\shimgvw.dll
HyperTerminal Icon Ext - {88895560-9AA2-1069-930E-00AA0030EBC8} - E:\WINDOWS\System32\hticons.dll
ICC Profile - {DBCE2480-C732-101B-BE72-BA78E9AD5B27} - E:\WINDOWS\system32\icmui.dll
ICM Monitor Management - {5DB2625A-54DF-11D0-B6C4-0800091AA605} - E:\WINDOWS\System32\icmui.dll
ICM Printer Management - {675F097E-4C4D-11D0-B6C1-0800091AA605} - E:\WINDOWS\system32\icmui.dll
ICM Scanner Management - {176d6597-26d3-11d1-b350-080036a75b03} - icmui.dll
IE AutoComplete - {3028902F-6374-48b2-8DC6-9725E775B926} - E:\WINDOWS\system32\ieframe.dll
IE BandProxy - {73CFD649-CD48-4fd8-A272-2070EA56526B} - E:\WINDOWS\system32\ieframe.dll
IE Custom MRU AutoCompleted List - {FDE7673D-2E19-4145-8376-BBD58C4BC7BA} - E:\WINDOWS\system32\ieframe.dll
IE Fade Task - {1C1EDB47-CE22-4bbb-B608-77B48F83C823} - E:\WINDOWS\system32\ieframe.dll
IE IShellFolderBand - {6CF48EF8-44CD-45d2-8832-A16EA016311B} - E:\WINDOWS\system32\ieframe.dll
IE Menu Band - {4B78D326-D922-44f9-AF2A-07805C2A3560} - E:\WINDOWS\system32\ieframe.dll
IE Menu Desk Bar - {205D7A97-F16D-4691-86EF-F3075DCCA57D} - E:\WINDOWS\system32\ieframe.dll
IE Menu Site - {44C76ECD-F7FA-411c-9929-1B77BA77F524} - E:\WINDOWS\system32\ieframe.dll
IE Microsoft BrowserBand - {07C45BB1-4A8C-4642-A1F5-237E7215FF66} - E:\WINDOWS\system32\ieframe.dll
IE Microsoft History AutoComplete List - {6038EF75-ABFC-4e59-AB6F-12D397F6568D} - E:\WINDOWS\system32\ieframe.dll
IE Microsoft Multiple AutoComplete List Container - {B31C5FAE-961F-415b-BAF0-E697A5178B94} - E:\WINDOWS\system32\ieframe.dll
IE Microsoft Shell Folder AutoComplete List - {9D958C62-3954-4b44-8FAB-C4670C1DB4C2} - E:\WINDOWS\system32\ieframe.dll
IE MRU AutoComplete List - {98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} - E:\WINDOWS\system32\ieframe.dll
IE Navigation Bar - {43886CD5-6529-41c4-A707-7B3C92C05E68} - E:\WINDOWS\system32\ieframe.dll
IE Registry Tree Options Utility - {F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} - E:\WINDOWS\system32\ieframe.dll
IE RSS Feeder Folder - {9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} - E:\WINDOWS\system32\ieframe.dll
IE Search Band - {30D02401-6A81-11d0-8274-00C04FD5AE38} - E:\WINDOWS\system32\ieframe.dll
IE Shell Band Site Menu - {E6EE9AAC-F76B-4947-8260-A9F136138E11} - E:\WINDOWS\system32\ieframe.dll
IE Shell Rebar BandSite - {BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} - E:\WINDOWS\system32\ieframe.dll
IE Tracking Shell Menu - {6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} - E:\WINDOWS\system32\ieframe.dll
IE User Assist - {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} - E:\WINDOWS\system32\ieframe.dll
IE4 Suite Splash Screen - {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} - E:\WINDOWS\System32\shdocvw.dll
In-pane search - {169A0691-8DF9-11d1-A1C4-00C04FD75D13} - E:\WINDOWS\System32\browseui.dll
Installed Apps Enumerator - {0B124F8F-91F0-11D1-B8B5-006008059382} - E:\WINDOWS\System32\appwiz.cpl
IntelliPoint Activities Control Panel Property Page - {653DCCC2-13DB-45B2-A389-427885776CFE} - "E:\Program Files\Microsoft IntelliPoint\ipcplact.dll"
IntelliPoint Buttons Control Panel Property Page - {124597D8-850A-41AE-849C-017A4FA99CA2} - "E:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"
IntelliPoint Wheel Control Panel Property Page - {AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} - "E:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"
IntelliPoint Wireless Control Panel Property Page - {20082881-FC36-4E47-9A7A-644C95FF749F} - "E:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"
Internet - {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} - E:\WINDOWS\system32\shdocvw.dll
Internet Name Space - {871C5380-42A0-1069-A2EA-08002B30309D} - E:\WINDOWS\system32\ieframe.dll
InternetShortcut - {FBF23B40-E3F0-101B-8488-00AA003E56F8} - E:\WINDOWS\system32\ieframe.dll
ISFBand OC - {131A6951-7F78-11D0-A979-00C04FD705A2} - E:\WINDOWS\System32\shdocvw.dll
iTunes - {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - E:\Program Files\iTunes\iTunesMiniPlayer.dll
Media Band - {32683183-48a0-441b-a342-7c2a440a9478} -
Messenger Sharing Folders - {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} - E:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
Microsoft Agent Character Property Sheet Handler - {143A62C8-C33B-11D1-84FE-00C04FA34A14} - E:\WINDOWS\msagent\agentpsh.dll
Microsoft AutoComplete - {00BB2763-6A77-11D0-A535-00C04FD7D062} - E:\WINDOWS\System32\browseui.dll
Microsoft Browser Architecture - {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} - E:\WINDOWS\System32\shdocvw.dll
Microsoft Browser Architecture - {BC476F4C-D9D7-4100-8D4E-E043F6DEC409} - E:\WINDOWS\system32\ieframe.dll
Microsoft BrowserBand - {7BA4C742-9E81-11CF-99D3-00AA004AE837} - E:\WINDOWS\System32\browseui.dll
Microsoft Data Link - {2206CDB2-19C1-11D1-89E0-00C04FD7A829} - E:\Program Files\Common Files\System\Ole DB\oledb32.dll
Microsoft DocProp Inplace Calendar Control - {6A205B57-2567-4A2C-B881-F787FAB579A3} - E:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Inplace Droplist Combo Control - {0EEA25CC-4362-4A12-850B-86EE61B0D3EB} - E:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Inplace Edit Box Control - {A9CF0EAE-901A-4739-A481-E35B73E47F6D} - E:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Inplace ML Edit Box Control - {8EE97210-FD1F-4B19-91DA-67914005F020} - E:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Inplace Time Control - {28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} - E:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Shell Ext - {883373C3-BF89-11D1-BE35-080036B11A03} - E:\WINDOWS\System32\docprop2.dll
Microsoft History AutoComplete List - {00BB2764-6A77-11D0-A535-00C04FD7D062} - E:\WINDOWS\System32\browseui.dll
Microsoft Internet Toolbar - {5E6AB780-7743-11CF-A12B-00AA004AE837} - E:\WINDOWS\System32\browseui.dll
Microsoft Multiple AutoComplete List Container - {00BB2765-6A77-11D0-A535-00C04FD7D062} - E:\WINDOWS\System32\browseui.dll
Microsoft Outlook Custom Icon Handler - {0006F045-0000-0000-C000-000000000046} - E:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL
Microsoft Shell Folder AutoComplete List - {03C036F1-A186-11D0-824A-00AA005B4383} - E:\WINDOWS\System32\browseui.dll
Microsoft Url History Service - {3C374A40-BAE4-11CF-BF7D-00AA006946EE} - E:\WINDOWS\system32\ieframe.dll
Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\WINDOWS\system32\ieframe.dll
Microsoft.XPS.Shell.Metadata.1 - {45670FA8-ED97-4F44-BC93-305082590BFB} - E:\WINDOWS\System32\XPSSHHDR.DLL
Microsoft.XPS.Shell.Thumbnail.1 - {44121072-A222-48f2-A58A-6D9AD51EBBE9} - E:\WINDOWS\System32\XPSSHHDR.DLL
Midi Properties Handler - {A6FD9E45-6E44-43f9-8644-08598F5A74D9} - E:\WINDOWS\System32\shmedia.dll
MMC Icon Handler - {7A80E4A8-8005-11D2-BCF8-00C04F72C717} - E:\WINDOWS\System32\mmcshext.dll
MRU AutoComplete List - {6756A641-DE71-11d0-831B-00AA005B4383} - E:\WINDOWS\System32\browseui.dll
Multimedia File Property Sheet - {00022613-0000-0000-C000-000000000046} - mmsys.cpl
MyDocs Copy Hook - {ECF03A33-103D-11d2-854D-006008059367} - E:\WINDOWS\System32\mydocs.dll
MyDocs Drop Target - {ECF03A32-103D-11d2-854D-006008059367} - E:\WINDOWS\System32\mydocs.dll
MyDocs Properties - {4a7ded0a-ad25-11d0-98a8-0800361b1103} - E:\WINDOWS\System32\mydocs.dll
Network Connections - {7007ACC7-3202-11D1-AAD2-00805FC1270E} - E:\WINDOWS\system32\NETSHELL.dll
Network Connections - {992CFFA0-F557-101A-88EC-00DD010CCC48} - E:\WINDOWS\system32\NETSHELL.dll
NTFS Security Page - {1F2E5C40-9550-11CE-99D2-00AA006E086C} - rshx32.dll
NvCpl DesktopContext Class - {A70C977A-BF00-412C-90B7-034C51DA2439} - E:\WINDOWS\system32\nvcpl.dll
nView Desktop Context Menu - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - E:\WINDOWS\system32\nvshell.dll
Offline Files Folder - {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} - E:\WINDOWS\System32\cscui.dll
Offline Files Folder Options - {10CFC467-4392-11d2-8DB4-00C04FA31A66} - E:\WINDOWS\System32\cscui.dll
Offline Files Menu - {750fdf0e-2a26-11d1-a3ea-080036587f03} - E:\WINDOWS\System32\cscui.dll
OLE Docfile Property Page - {3EA48300-8CF6-101B-84FB-666CCB9BCD32} - docprop.dll
Play on my TV helper - {FFB699E0-306A-11d3-8BD1-00104B6F7516} - E:\WINDOWS\system32\nvcpl.dll
PlusPack CPL Extension - {41E300E0-78B6-11ce-849B-444553540000} - E:\WINDOWS\System32\themeui.dll
Portable Devices - {35786D3C-B075-49b9-88DD-029876E11C01} - E:\WINDOWS\system32\wpdshext.dll
Portable Devices Menu - {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} - E:\WINDOWS\system32\wpdshext.dll
Portable Media Devices - {640167b4-59b0-47a6-b335-a6b3c0695aea} - E:\WINDOWS\system32\Audiodev.dll
PostAgent - {D8BD2030-6FC9-11D0-864F-00AA006809D9} - E:\WINDOWS\System32\webcheck.dll
Previous Versions - {9DB7A13C-F208-4981-8353-73CC61AE2783} - E:\WINDOWS\System32\twext.dll
Previous Versions Property Page - {596AB062-B4D2-4215-9F74-E9109B0A8153} - E:\WINDOWS\System32\twext.dll
Print Ordering via the Web - {add36aa8-751a-4579-a266-d66f5202ccbb} - E:\WINDOWS\System32\netplwiz.dll
Printers Security Page - {F37C5810-4D3F-11d0-B4BF-00AA00BBB723} - rshx32.dll
Registry Tree Options Utility - {AF4F6510-F982-11d0-8595-00AA004CD6D8} - E:\WINDOWS\System32\browseui.dll
Remote Sessions CPL Extension - {F0152790-D56E-4445-850E-4F3117DB740C} - E:\WINDOWS\System32\remotepg.dll
Run... - {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} - E:\WINDOWS\system32\shdocvw.dll
Scanners & Cameras - {3F953603-1008-4f6e-A73A-04AAC7A992F1} - wiashext.dll
Scanners & Cameras - {83bbcbf3-b28a-4919-a5aa-73027445d672} - wiashext.dll
Scanners & Cameras - {905667aa-acd6-11d2-8080-00805f6596d2} - wiashext.dll
Scanners & Cameras - {E211B736-43FD-11D1-9EFB-0000F8757FCD} - wiashext.dll
Scanners & Cameras - {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} - wiashext.dll
Scheduled Tasks - {D6277990-4C6A-11CF-8D87-00AA0060F5BF} - E:\WINDOWS\System32\mstask.dll
Search - {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} - E:\WINDOWS\system32\shdocvw.dll
Search Assistant OC - {9461b922-3c5a-11d2-bf8b-00c04fb93661} - E:\WINDOWS\System32\shdocvw.dll
Sendmail service - {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} - E:\WINDOWS\System32\sendmail.dll
Sendmail service - {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} - E:\WINDOWS\System32\sendmail.dll
Set Program Access and Defaults - {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} - E:\WINDOWS\system32\shdocvw.dll
Shell Application Manager - {352EC2B7-8B9A-11D1-B8AE-006008059382} - E:\WINDOWS\System32\appwiz.cpl
Shell Automation Inproc Service - {0A89A860-D7B1-11CE-8350-444553540000} - E:\WINDOWS\System32\shdocvw.dll
Shell Band Site Menu - {ECD4FC4E-521C-11D0-B792-00A0C90312E1} - E:\WINDOWS\System32\browseui.dll
Shell DeskBar - {ECD4FC4C-521C-11D0-B792-00A0C90312E1} - E:\WINDOWS\System32\browseui.dll
Shell DeskBarApp - {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} - E:\WINDOWS\System32\browseui.dll
Shell DocObject Viewer - {E7E4BC40-E76A-11CE-A9BB-00AA004AE837} - E:\WINDOWS\system32\ieframe.dll
Shell extensions for file compression - {764BF0E1-F219-11ce-972D-00AA00A14F56} -
Shell extensions for Microsoft Windows Network objects - {59be4990-f85c-11ce-aff7-00aa003ca9f6} - ntlanui2.dll
Shell extensions for sharing - {40dd6e20-7c17-11ce-a804-00aa003ca9f6} - ntshrui.dll
Shell extensions for sharing - {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} - ntshrui.dll
Shell extensions for Windows Script Host - {60254CA5-953B-11CF-8C96-00AA00B8708C} - E:\WINDOWS\System32\wshext.dll
Shell Icon Handler for Application References - {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} - E:\WINDOWS\system32\dfshim.dll
Shell Image Data Factory - {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} - E:\WINDOWS\system32\shimgvw.dll
Shell Image Property Handler - {eb9b1153-3b57-4e68-959a-a3266bc3d7fe} - E:\WINDOWS\system32\shimgvw.dll
Shell Image Verbs - {e84fda7c-1d6a-45f6-b725-cb260c236066} - E:\WINDOWS\system32\shimgvw.dll
Shell properties for a DS object - {9E51E0D0-6E0F-11d2-9601-00C04FA31A86} - E:\WINDOWS\System32\dsquery.dll
Shell Publishing Wizard Object - {6b33163c-76a5-4b6c-bf21-45de9cd503a1} - E:\WINDOWS\System32\netplwiz.dll
Shell Rebar BandSite - {ECD4FC4D-521C-11D0-B792-00A0C90312E1} - E:\WINDOWS\System32\browseui.dll
Shell Scrap DataHandler - {56117100-C0CD-101B-81E2-00AA004AE837} - shscrap.dll
Shell Search Band - {21569614-B795-46b1-85F4-E737A8DC09AD} - E:\WINDOWS\system32\browseui.dll
ShellLink for Application References - {e82a2d71-5b2f-43a0-97b8-81be15854de8} - E:\WINDOWS\system32\dfshim.dll
Subscription Folder - {F5175861-2688-11d0-9C5E-00AA00A45957} - E:\WINDOWS\system32\webcheck.dll
Subscription Mgr - {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} - E:\WINDOWS\system32\webcheck.dll
Summary Info Thumbnail handler (DOCFILES) - {9DBD2C50-62AD-11d0-B806-00C04FD706EC} - E:\WINDOWS\system32\shimgvw.dll
Taskbar and Start Menu - {0DF44EAA-FF21-4412-828E-260A8728E7F1} -
Tasks Folder Icon Handler - {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} - E:\WINDOWS\System32\mstask.dll
Tasks Folder Shell Extension - {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} - E:\WINDOWS\System32\mstask.dll
Temporary Internet Files - {7BD29E00-76C1-11CF-9DD0-00A0C9034933} - E:\WINDOWS\system32\ieframe.dll
Temporary Internet Files - {7BD29E01-76C1-11CF-9DD0-00A0C9034933} - E:\WINDOWS\system32\ieframe.dll
The Internet - {3DC7A020-0ACD-11CF-A9BB-00AA004AE837} - E:\WINDOWS\system32\ieframe.dll
Track Popup Bar - {acf35015-526e-4230-9596-becbe19f0ac9} - E:\WINDOWS\System32\browseui.dll
TrayAgent - {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} - E:\WINDOWS\System32\webcheck.dll
TridentImageExtractor - {7376D660-C583-11d0-A3A5-00C04FD706EC} - E:\WINDOWS\System32\browseui.dll
User Accounts - {7A9D77BD-5403-11d2-8785-2E0420524153} -
User Assist - {DD313E04-FEFF-11d1-8ECD-0000F87A470C} - E:\WINDOWS\System32\browseui.dll
Video Media Properties Handler - {40C3D757-D6E4-4b49-BB41-0E5BBEA28817} - E:\WINDOWS\System32\shmedia.dll
Video Thumbnail Extractor - {c5a40261-cd64-4ccf-84cb-c394da41d590} - E:\WINDOWS\System32\shmedia.dll
Wav Properties Handler - {E4B29F9D-D390-480b-92FD-7DDB47101D71} - E:\WINDOWS\System32\shmedia.dll
Web Printer Shell Extension - {77597368-7b15-11d0-a0c2-080036af3f03} - printui.dll
Web Publishing Wizard - {CC6EEFFB-43F6-46c5-9619-51D571967F7D} - E:\WINDOWS\System32\netplwiz.dll
Web Search - {07798131-AF23-11d1-9111-00A0C98BA67D} - E:\WINDOWS\System32\browseui.dll
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - E:\WINDOWS\system32\webcheck.dll
WebCheck SyncMgr Handler - {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} - E:\WINDOWS\system32\webcheck.dll
WebCheckChannelAgent - {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} - E:\WINDOWS\System32\webcheck.dll
WebCheckWebCrawler - {08165EA0-E946-11CF-9C87-00AA005127ED} - E:\WINDOWS\system32\webcheck.dll
Windows Media Player Add to Playlist Context Menu Handler - {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} - E:\WINDOWS\system32\wmpshell.dll
Windows Media Player Burn Audio CD Context Menu Handler - {8DD448E6-C188-4aed-AF92-44956194EB1F} - E:\WINDOWS\system32\wmpshell.dll
Windows Media Player Play as Playlist Context Menu Handler - {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} - E:\WINDOWS\system32\wmpshell.dll
WinRAR shell extension - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - E:\Program Files\WinRAR\rarext.dll
Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} - E:\Program Files\Yahoo!\Common\YMMAPI.dll

[This user (1)]
Web Folders - {BDEADF00-C265-11d0-BCED-00A0C90AB50F} - E:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

--------------------

Registry 'Run' keys:

[User Run]
ctfmon.exe = E:\WINDOWS\system32\ctfmon.exe
MsnMsgr = "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
NVIDIA nTune = "E:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
SpybotSD TeaTimer = E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Steam = "e:\program files\steam\steam.exe" -silent

[System Run]
!AVG Anti-Spyware = "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
Adobe Reader Speed Launcher = "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
amd_dc_opt = E:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
a-squared = "E:\Program Files\a-squared Anti-Malware\a2guard.exe"
avast! = E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
High Definition Audio Property Page Shortcut = HDAShCut.exe
IMEKRMIG6.1 = E:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
IMJPMIG8.1 = "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
IntelliPoint = "E:\Program Files\Microsoft IntelliPoint\ipoint.exe"
iTunesHelper = "E:\Program Files\iTunes\iTunesHelper.exe"
LogitechCommunicationsManager = "E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon = "E:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
MSPY2002 = E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
NvCplDaemon = RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter = RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
nwiz = nwiz.exe /install
PHIME2002A = E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
PHIME2002ASync = E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
QuickTime Task = "E:\Program Files\QuickTime\QTTask.exe" -atboottime
RegistryMechanic = E:\Program Files\Registry Mechanic\regmech.exe /S
RTHDCPL = RTHDCPL.EXE
SDTray = "E:\Program Files\Spyware Doctor\SDTrayApp.exe"
SkyTel = SkyTel.EXE
SunJavaUpdateSched = "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

--------------------

Registry 'Run' subkeys:

[User Run]
* AdobeUpdater *
@ =


[System Run]
* OptionalComponents *
@ =


--------------------

Protocols:

[Pluggable MIME filters (8)]
application/octet-stream = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = mscoree.dll
application/x-complus = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = mscoree.dll
application/x-msdownload = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = mscoree.dll
Class Install Handler = {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} = E:\WINDOWS\system32\urlmon.dll
deflate = {8f6b0360-b80d-11d0-a9b3-006097942311} = E:\WINDOWS\system32\urlmon.dll
gzip = {8f6b0360-b80d-11d0-a9b3-006097942311} = E:\WINDOWS\system32\urlmon.dll
lzdhtml = {8f6b0360-b80d-11d0-a9b3-006097942311} = E:\WINDOWS\system32\urlmon.dll
text/webviewhtml = {733AC4CB-F1A4-11d0-B951-00A0C90312E1} = E:\WINDOWS\system32\SHELL32.dll

[Protocol handlers (24)]
about = {3050F406-98B5-11CF-BB82-00AA00BDCE0B} = E:\WINDOWS\system32\mshtml.dll
belarc = {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} = E:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
cdl = {3dd53d40-7b8b-11D0-b013-00aa0059ce02} = E:\WINDOWS\system32\urlmon.dll
dvd = {12D51199-0DB5-46FE-A120-47A3D7D937CC} = E:\WINDOWS\system32\msvidctl.dll
file = {79eac9e7-baf9-11ce-8c82-00aa004ba90b} = E:\WINDOWS\system32\urlmon.dll
ftp = {79eac9e3-baf9-11ce-8c82-00aa004ba90b} = E:\WINDOWS\system32\urlmon.dll
gopher = {79eac9e4-baf9-11ce-8c82-00aa004ba90b} = E:\WINDOWS\system32\urlmon.dll
http = {79eac9e2-baf9-11ce-8c82-00aa004ba90b} = E:\WINDOWS\system32\urlmon.dll
https = {79eac9e5-baf9-11ce-8c82-00aa004ba90b} = E:\WINDOWS\system32\urlmon.dll
its = {9D148291-B9C8-11D0-A4CC-0000F80149F6} = E:\WINDOWS\System32\itss.dll
javascript = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} = E:\WINDOWS\system32\mshtml.dll
lid = {5C135180-9973-46D9-ABF4-148267CBB8BF} = E:\WINDOWS\System32\msvidctl.dll
livecall = {828030A1-22C1-4009-854F-8E305202313F} = E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
local = {79eac9e7-baf9-11ce-8c82-00aa004ba90b} = E:\WINDOWS\system32\urlmon.dll
mailto = {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} = E:\WINDOWS\system32\mshtml.dll
mhtml = {05300401-BCBC-11d0-85E3-00C04FD85AB4} = E:\WINDOWS\System32\inetcomm.dll
mk = {79eac9e6-baf9-11ce-8c82-00aa004ba90b} = E:\WINDOWS\system32\urlmon.dll
ms-its = {9D148291-B9C8-11D0-A4CC-0000F80149F6} = E:\WINDOWS\System32\itss.dll
msnim = {828030A1-22C1-4009-854F-8E305202313F} = E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
res = {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} = E:\WINDOWS\system32\mshtml.dll
sysimage = {76E67A63-06E9-11D2-A840-006008059382} = E:\WINDOWS\System32\mshtml.dll
tv = {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} = E:\WINDOWS\system32\msvidctl.dll
vbscript = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} = E:\WINDOWS\system32\mshtml.dll
wia = {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} = E:\WINDOWS\System32\wiascr.dll

--------------------

WOW compatibility:

cmdline = E:\WINDOWS\system32\ntvdm.exe
wowcmdline = E:\WINDOWS\system32\ntvdm.exe -a E:\WINDOWS\system32\krnl386

[KnownDlls (16-bit) (40)]
avicap.dll
avifile.dll
comm.drv
commdlg.dll
compobj.dll
ctl3dv2.dll
ddeml.dll
keyboard.drv
lanman.drv
mapi.dll
mciavi.drv
mciseq.drv
mciwave.drv
mmsystem.dll
mouse.drv
msacm.dll
msvideo.dll
netapi.dll
ole2.dll
ole2disp.dll
ole2nls.dll
olecli.dll
olesvr.dll
pmspl.dll
progman.exe
rasapi16.dll
shell.dll
sound.drv
storage.dll
system.drv
timer.drv
toolhelp.dll
typelib.dll
vga.drv
wfwnet.drv
win87em.dll
winoldap.mod
winsock.dll
winspool.exe
wowdeb.exe

[KnownDlls (32-bit) (20)]
advapi32.dll
comdlg32.dll
gdi32.dll
imagehlp.dll
kernel32.dll
lz32.dll
ole32.dll
oleaut32.dll
olecli32.dll
olecnv32.dll
olesvr32.dll
olethk32.dll
rpcrt4.dll
shell32.dll
url.dll
urlmon.dll
user32.dll
version.dll
wininet.dll
wldap32.dll

--------------------

ShellServiceObjectDelayLoad:

[All users (5)]
CDBurn = {fbeb8a05-beee-4442-804e-409d6c4515e9} = E:\WINDOWS\system32\SHELL32.dll
PostBootReminder = {7849596a-48ea-486e-8937-a2a3009f31a9} = E:\WINDOWS\system32\SHELL32.dll
SysTray = {35CEC8A3-2BE6-11D2-8773-92E220524153} = E:\WINDOWS\System32\stobject.dll
WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = E:\WINDOWS\system32\webcheck.dll
WPDShServiceObj = {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = E:\WINDOWS\system32\WPDShServiceObj.dll

--------------------

SharedTaskScheduler (2):

Browseui preloader = {438755C2-A8BA-11D1-B96B-00A0C90312E1} = E:\WINDOWS\System32\browseui.dll
Component Categories cache daemon = {8C7461EF-2B13-11d2-BE35-3078302C2030} = E:\WINDOWS\System32\browseui.dll

--------------------

Winsock LSP:

[Protocols (14)]
MSAFD Tcpip [TCP/IP] - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} - E:\WINDOWS\system32\mswsock.dll
MSAFD Tcpip [UDP/IP] - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} - E:\WINDOWS\system32\mswsock.dll
RSVP UDP Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - E:\WINDOWS\system32\rsvpsp.dll
RSVP TCP Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - E:\WINDOWS\system32\rsvpsp.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D0E882BD-B883-41C8-8BF9-082EC87A8CE7}] SEQPACKET 4 - {8D5F1830-C273-11CF-95C8-00805F48A192} - E:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D0E882BD-B883-41C8-8BF9-082EC87A8CE7}] DATAGRAM 4 - {8D5F1830-C273-11CF-95C8-00805F48A192} - E:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{33545510-CE66-4244-A65D-13041999B094}] SEQPACKET 3 - {8D5F1830-C273-11CF-95C8-00805F48A192} - E:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{33545510-CE66-4244-A65D-13041999B094}] DATAGRAM 3 - {8D5F1830-C273-11CF-95C8-00805F48A192} - E:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{4F2EDF5A-6061-47CA-9E95-C5BFE9006D34}] SEQPACKET 0 - {8D5F1830-C273-11CF-95C8-00805F48A192} - E:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{4F2EDF5A-6061-47CA-9E95-C5BFE9006D34}] DATAGRAM 0 - {8D5F1830-C273-11CF-95C8-00805F48A192} - E:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{B34FFD58-FB3E-4EE9-8E4F-17BDC138196C}] SEQPACKET 1 - {8D5F1830-C273-11CF-95C8-00805F48A192} - E:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{B34FFD58-FB3E-4EE9-8E4F-17BDC138196C}] DATAGRAM 1 - {8D5F1830-C273-11CF-95C8-00805F48A192} - E:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F4C8175E-1E13-4F95-8941-51F6D4724325}] SEQPACKET 2 - {8D5F1830-C273-11CF-95C8-00805F48A192} - E:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F4C8175E-1E13-4F95-8941-51F6D4724325}] DATAGRAM 2 - {8D5F1830-C273-11CF-95C8-00805F48A192} - E:\WINDOWS\system32\mswsock.dll

[Namespace Providers (4)]
Tcpip - {22059D40-7E9E-11CF-AE5A-00AA00A7112B} - E:\WINDOWS\System32\mswsock.dll
NTDS - {3B2637EE-E580-11CF-A555-00C04FD8D4AC} - E:\WINDOWS\System32\winrnr.dll
Network Location Awareness (NLA) Namespace - {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} - E:\WINDOWS\System32\mswsock.dll
mdnsNSP - {B600E6E9-553B-4A19-8696-335E5C896153} - E:\Program Files\Bonjour\mdnsNSP.dll

--------------------

Hijack points:

[Reset web settings URLs]
SearchAssistant =
CustomizeSearch =
START_PAGE_URL =
SEARCH_PAGE_URL =
MS_START_PAGE_URL =

[Internet Explorer URLs]
* This user *
- Internet Explorer\Main (4)
Default_Search_Url = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Local Page = E:\windows\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

- Internet Explorer\SearchURL (1)
(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s

- Internet Explorer\Desktop\General (2)
BackupWallpaper = E:\WINDOWS\ACD Wallpaper.bmp
Wallpaper = E:\WINDOWS\ACD Wallpaper.bmp

* All users *
- Internet Explorer\Main (5)
Default_Page_Url = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
Default_Search_Url = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Local Page = E:\windows\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

- Internet Explorer\Search (3)
CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Default_Search_Url = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

- Internet Explorer\AboutURLs (6)
blank = res://mshtml.dll/blank.htm
DesktopItemNavigationFailure = res://ieframe.dll/navcancl.htm
NavigationCanceled = res://ieframe.dll/navcancl.htm
NavigationFailure = res://ieframe.dll/navcancl.htm
OfflineInformation = res://ieframe.dll/offcancl.htm
PostNotCached = res://ieframe.dll/repost.htm



[Default URL prefixes]
default = http://
ftp = ftp://
gopher = gopher://
home = http://
mosaic = http://
www = http://

[Hosts file location]
DatabasePath = E:\WINDOWS\System32\drivers\etc\hosts

--------------------

Protection & disabled items:

[Hosts file (1)]
* 127.0.0.1 *
localhost


[ActiveX killbits (178)]
&Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\WINDOWS\System32\browseui.dll
(no name) - {083863F1-70DE-11D0-BD40-00A0C911CE86} - E:\WINDOWS\System32\devenum.dll
(no name) - {323C0F99-820A-4e0b-B714-57942C6D9678} - E:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL
(no name) - {53C74826-AB99-4D33-ACA4-3117F51D3788} - E:\WINDOWS\system32\SHELL32.dll
(no name) - {6FBF8DD5-9E03-4af5-B779-FEBEF6754712} - E:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL
(no name) - {B4B3AECB-DFD6-11D1-9DAA-00805F85CFE3} - E:\WINDOWS\system32\CLBCatQ.DLL
(no name) - {E846F0A0-D367-11D1-8286-00A0C9231C29} - E:\WINDOWS\System32\clbcatex.dll
(no name) - {F4C30BB5-D7FC-4d60-9D49-7C6B67C3592D} - E:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL
(no name) - {f5078f26-c551-11d3-89b9-0000f81fe221} - E:\WINDOWS\System32\msxml2.dll
(no name) - {F5F545A6-39C4-40b5-814D-B45040A89FB5} - E:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL
(no name) - {F81CD990-910B-4bbf-9CB3-6A77F3D697B3} - E:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL
(no name) - {FEF10FA2-355E-4E06-9381-9B24D7F7CC88} - E:\WINDOWS\system32\SHELL32.dll
9x8Resize - {BC0D69A8-0923-4EEE-9375-9239F5A38B92} - E:\Program Files\Movie Maker\wmm2filt.dll
ACM Class Manager - {33D9A761-90C8-11D0-BD43-00A0C911CE86} - E:\WINDOWS\System32\devenum.dll
ADODB.Stream - {00000566-0000-0010-8000-00AA006D2EA4} - E:\Program Files\Common Files\System\ado\msado15.dll
AEPlugIn Class - {E8C31D11-6FD2-4659-AD75-155FA143F42B} - E:\Program Files\Movie Maker\wmm2ae.dll
Allocator Fix - {C0D076C5-E4C6-4561-8BF4-80DA8DB819D7} - E:\Program Files\Movie Maker\wmm2filt.dll
AsyncMHandler Class - {3DA2AA3E-3D96-11D2-9BD2-204C4F4F5020} - E:\WINDOWS\system32\msdxm.ocx
Bitmap - {4F3E50BD-A9D7-4721-B0E1-00CB42A0A747} - E:\Program Files\Movie Maker\wmm2filt.dll
Bln Proxy - {BC5F1E51-5110-11D1-AFF5-006097C9A284} - E:\PROGRA~1\MICROS~3\Office\BLNMGRPS.DLL
BlnMgr Class - {3F8A6C33-E0FD-11D0-8A8C-00A0C90C2BC5} - E:\Program Files\Microsoft Office\Office\BLNMGR.DLL
BlnMgr Proxy - {F27CE930-4CA3-11D1-AFF2-006097C9A284} - E:\PROGRA~1\MICROS~3\Office\BLNMGRPS.DLL
Briefcase - {85BBD920-42A0-1069-A2E4-08002B30309D} - syncui.dll
CEnroll Class - {43F8F289-7A20-11D0-8F06-00C04FC295E1} - E:\WINDOWS\system32\xenroll.dll
Certificate Class - {E38FD381-6404-4041-B5E9-B2739258941F} - E:\WINDOWS\system32\capicom.dll
Certificates Class - {17E3A1C3-EA8A-4970-AF29-7F54610B1D4C} - E:\WINDOWS\system32\capicom.dll
Certificates Class - {FBAB033B-CDD0-4C5E-81AB-AEA575CD1338} - E:\WINDOWS\system32\capicom.dll
cfw Class - {ECABAFC0-7F19-11D2-978E-0000F8757E2A} - E:\WINDOWS\system32\comsvcs.dll
Chain Class - {65104D73-BA60-4160-A95A-4B4782E7AA62} - E:\WINDOWS\system32\capicom.dll
CLSID_ApprenticeICW - {8EE42293-C315-11D0-8D6F-00A0C9A06E1F} - E:\WINDOWS\System32\inetcfg.dll
CLSID_CCommAcctImport - {1AA06BA1-0E88-11D1-8391-00C04FBD7C09} - E:\WINDOWS\System32\msoeacct.dll
CLSID_CDIDeviceActionConfigPage - {18AB439E-FCF4-40D4-90DA-F79BAA3B0655} - E:\WINDOWS\System32\diactfrm.dll
CommunicationManager - {67DCC487-AA48-11D1-8F4F-00C04FB611C7} - E:\WINDOWS\System32\msdtctm.dll
DirectControl Class - {39A2C2A6-4778-11D2-9BDB-204C4F4F5020} - E:\WINDOWS\system32\msdxm.ocx
DirectX Transform Wrapper Property Page - {1B544C24-FD0B-11CE-8C63-00AA0044B520} - E:\Program Files\Movie Maker\wmm2filt.dll
DiskManagement.Connection - {FD78D554-4C6E-11D0-970D-00A0C9191601} - E:\WINDOWS\System32\dmdskmgr.dll
Dutch_Dutch Stemmer - {860D28D0-8BF4-11CE-BE59-00AA0051FE20} - infosoft.dll
English_UK Stemmer - {D99F7670-7F1A-11CE-BE57-00AA0051FE20} - infosoft.dll
English_US Stemmer - {EEED4C20-7F1B-11CE-BE57-00AA0051FE20} - infosoft.dll
Frame Eater - {6C68955E-F965-4249-8E18-F0977B1D2899} - E:\Program Files\Movie Maker\wmm2filt.dll
Free Threaded XML DOM Document 2.6 - {f5078f1c-c551-11d3-89b9-0000f81fe221} - E:\WINDOWS\System32\msxml2.dll
French_French Stemmer - {2A6EB050-7F1C-11CE-BE57-00AA0051FE20} - infosoft.dll
FTP Folder Web View Automation - {210DA8A2-7445-11D1-91F7-006097DF5BD4} - E:\WINDOWS\System32\msieftp.dll
German_German Stemmer - {510A4910-7F1C-11CE-BE57-00AA0051FE20} - infosoft.dll
H323MSP Class - {0F1BE7F8-45CA-11D2-831F-00A0244D2298} - E:\WINDOWS\System32\h323msp.dll
HHCtrl Object - {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} - E:\WINDOWS\system32\hhctrl.ocx
HHCtrl Object - {ADB880A6-D8FF-11CF-9377-00AA003B7A11} - E:\WINDOWS\System32\hhctrl.ocx
HTML Inline Movie Control - {8422DAE7-9929-11CF-B8D3-004033373DA8} - E:\Program Files\Microsoft Office\Office\HTML\HTMLMM.OCX
HTML Inline Sound Control - {8422DAE3-9929-11CF-B8D3-004033373DA8} - E:\Program Files\Microsoft Office\Office\HTML\HTMLMM.OCX
IAVIStream & IAVIFile Proxy - {0002000D-0000-0000-C000-000000000046} - avifil32.dll
ICM Class Manager - {33D9A760-90C8-11D0-BD43-00A0C911CE86} - E:\WINDOWS\System32\devenum.dll
ImeSingleKanjiDict - {BE4191FB-59EF-4825-AEFC-109727951E42} - E:\WINDOWS\IME\CHTIME\APPLETS\CHTSKDIC.DLL
IndexServer Simple Command Creator - {C7B6C04A-CBB5-11D0-BB4C-00C04FC2F410} - E:\WINDOWS\system32\query.dll
InstallEngineCtl Object - {6E449683-C509-11CF-AAFA-00AA00B6015C} - E:\WINDOWS\System32\asctrls.ocx
IPConfMSP Class - {0F1BE7F7-45CA-11D2-831F-00A0244D2298} - E:\WINDOWS\System32\confmsp.dll
Italian_Italian Stemmer - {6D36CE10-7F1C-11CE-BE57-00AA0051FE20} - infosoft.dll
Marquee Control - {250770F3-6AF2-11CF-A915-008029E31FCD} - E:\Program Files\Microsoft Office\Office\HTML\HTMLMARQ.OCX
MarshalableTI Class - {466D66FA-9616-11D2-9342-0000F875AE17} - E:\WINDOWS\System32\msconf.dll
Media Streaming Dynamic Terminal - {AED6483F-3304-11D2-86F1-006008B0E5D2} - E:\WINDOWS\System32\termmgr.dll
MessageMover Class - {ECABB0BF-7F19-11D2-978E-0000F8757E2A} - E:\WINDOWS\system32\comsvcs.dll
Microsoft Agent Control 1.5 - {F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5} - E:\WINDOWS\msagent\agentctl.dll
Microsoft Common Browser Architecture - {AF604EFE-8897-11D1-B944-00A0C90312E1} - E:\WINDOWS\System32\browseui.dll
Microsoft DocHost User Interface Handler - {7057E952-BD1B-11D1-8919-00C04FC2C836} - E:\WINDOWS\system32\ieframe.dll
Microsoft DT DDS Circular Auto Layout Logic 2 - {B0406342-B0C5-11D0-89A9-00A0C9054129} - E:\Program Files\Common Files\Microsoft Shared\MSDesigners98\MDT2DD.DLL
Microsoft DT DDS OrgChart GDD Layout - {4CECCEB1-8359-11D0-A34E-00AA00BDCDFD} - E:\Program Files\Common Files\Microsoft Shared\MSDesigners98\MDT2GDDO.DLL
Microsoft DT DDS OrgChart GDD Route - {4CECCEB2-8359-11D0-A34E-00AA00BDCDFD} - E:\Program Files\Common Files\Microsoft Shared\MSDesigners98\MDT2GDDO.DLL
Microsoft DT DDS Rectilinear GDD Layout - {1F7DD4F2-CAC3-11D0-A35B-00AA00BDCDFD} - E:\Program Files\Common Files\Microsoft Shared\MSDesigners98\MDT2GDDR.DLL
Microsoft DT DDS Rectilinear GDD Route - {1F7DD4F3-CAC3-11D0-A35B-00AA00BDCDFD} - E:\Program Files\Common Files\Microsoft Shared\MSDesigners98\MDT2GDDR.DLL
Microsoft DT DDS Straight Line Routing Logic 2 - {B0406343-B0C5-11D0-89A9-00A0C9054129} - E:\Program Files\Common Files\Microsoft Shared\MSDesigners98\MDT2DD.DLL
Microsoft DT Icon Control - {D24D4450-1F01-11D1-8E63-006097D2DF48} - E:\Program Files\Common Files\Microsoft Shared\MSDesigners98\MDT2DD.DLL
Microsoft DT PolyLine Control 2 - {D24D4453-1F01-11D1-8E63-006097D2DF48} - E:\Program Files\Common Files\Microsoft Shared\MSDesigners98\MDT2DD.DLL
Microsoft HTA Document 6.0 - {3050F5C8-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll
Microsoft Html Document for Popup Window - {3050F67D-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll
Microsoft Html Popup Window - {3050F667-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll
Microsoft HTML Window Security Proxy - {3050F391-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll
Microsoft IME SingleKanjiDictionary interface - {6E3197A3-BBC3-11D4-84C0-00C04F7A06E5} - E:\WINDOWS\IME\imjp8_1\Applets\IMSKDIC.DLL
Microsoft Index Server Scope Administration Object - {3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D} - E:\WINDOWS\system32\ciodm.dll
Microsoft Movie Maker Age Filter - {ADEADEB8-E54B-11D1-9A72-0000F875EADE} - E:\Program Files\Movie Maker\wmm2fxa.dll
Microsoft MovieMaker Fade In Fade Out - {EC85D8F1-1C4E-46E4-A748-7AA04E7C0496} - E:\Program Files\Movie Maker\wmm2fxa.dll
Microsoft MPEG-4 Video Decompressor Property page - {598EBA02-B49A-11D2-A1C1-00609778EA66} - E:\WINDOWS\System32\mpg4ds32.ax
Microsoft MS Audio Decompressor Control Property page - {8FE7E181-BB96-11D2-A1CB-00609778EA66} - E:\WINDOWS\System32\msadds32.ax
Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - E:\WINDOWS\system32\wmpdxm.dll
Microsoft Office UA Control - {8936033C-4A50-11D1-98A4-00A0C90F27C6} - E:\Program Files\Microsoft Office\Office\OUACTRL.OCX
Microsoft WBEM Event Subsystem - {5D08B586-343A-11D0-AD46-00C04FD8FDFF} - E:\WINDOWS\System32\wbem\wbemess.dll
MidiOut Class Manager - {4EFE2452-168A-11D1-BC76-00C04FB9453B} - E:\WINDOWS\System32\devenum.dll
MMStream Class - {49C47CE5-9BA4-11D0-8212-00C04FC32C45} - E:\WINDOWS\System32\amstream.dll
Movie Maker Special Effect 1 Input - {B4DC8DD9-2CC1-4081-9B2B-20D7030234EF} - E:\Program Files\Movie Maker\wmm2fxa.dll
Movie Maker Special Effect 2 Inputs - {C63344D8-70D3-4032-9B32-7A3CAD5091A5} - E:\Program Files\Movie Maker\wmm2fxa.dll
Movie Maker Special Effect Inplace 1 Input - {353359C1-39E1-491B-9951-464FD8AB071C} - E:\Program Files\Movie Maker\wmm2fxa.dll
Movie Maker Video Adjustments - {5A20FD6F-F8FE-4A22-9EE7-307D72D09E6E} - E:\Program Files\Movie Maker\wmm2fxa.dll
MSP Class - {4DDB6D36-3BC1-11D2-86F2-006008B0E5D2} - E:\WINDOWS\System32\wavemsp.dll
MTSEvents Class - {ECABB0AB-7F19-11D2-978E-0000F8757E2A} - E:\WINDOWS\system32\comsvcs.dll
Multimedia File Property Sheet - {00022613-0000-0000-C000-000000000046} - mmsys.cpl
NDFXArtEffects - {E673DCF2-C316-4C6F-AA96-4E4DC6DC291E} - E:\Program Files\Movie Maker\wmm2fxb.dll
Network Connections - {7007ACC7-3202-11D1-AAD2-00805FC1270E} - E:\WINDOWS\system32\NETSHELL.dll
Network Connections - {992CFFA0-F557-101A-88EC-00DD010CCC48} - E:\WINDOWS\system32\NETSHELL.dll
Network Connections Tray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} - E:\WINDOWS\system32\NETSHELL.dll
Outlook Express Address Book - {233A9694-667E-11D1-9DFB-006097D50408} - %ProgramFiles%\Outlook Express\msoe.dll
Outlook Header OLE Control - {0006F02A-0000-0000-C000-000000000046} - E:\PROGRA~1\MICROS~3\Office\OUTLLIB.DLL
Outlook Progress Ctl - {0006F071-0000-0000-C000-000000000046} - E:\PROGRA~1\MICROS~3\Office\OUTLLIB.DLL
PostBootReminder object - {7849596A-48EA-486E-8937-A2A3009F31A9} - E:\WINDOWS\system32\SHELL32.dll
PSDispatch - {00020420-0000-0000-C000-000000000046} - oleaut32.dll
PSEnumVariant - {00020421-0000-0000-C000-000000000046} - oleaut32.dll
PSOAInterface - {00020424-0000-0000-C000-000000000046} - oleaut32.dll
PSSupportErrorInfo - {DF0B3D60-548F-101B-8E65-08002B2BD119} - oleaut32.dll
PSTypeComp - {00020425-0000-0000-C000-000000000046} - oleaut32.dll
PSTypeInfo - {00020422-0000-0000-C000-000000000046} - oleaut32.dll
PSTypeLib - {00020423-0000-0000-C000-000000000046} - oleaut32.dll
Queued Components Recorder - {ECABAFC2-7F19-11D2-978E-0000F8757E2A} - E:\WINDOWS\system32\comsvcs.dll
Record Queue - {5B4B05EB-1F63-446B-AAD1-E10A34D650E0} - E:\Program Files\Movie Maker\wmm2filt.dll
Redirect - {42B07B28-2280-4937-B035-0293FB812781} - E:\WINDOWS\System32\dxtmsft.dll
RegWizCtrl - {50E5E3D1-C07E-11D0-B9FD-00A0249F6B00} - E:\WINDOWS\System32\regwizc.dll
SafeWia Class - {0DAD5531-BF31-43AC-A513-1F8926BBF5EC} - E:\WINDOWS\System32\wiascr.dll
Script Encoder Object - {32DA2B15-CFED-11D1-B747-00C04FC2B085} - E:\WINDOWS\system32\scrrun.dll
SdpConferenceBlob Class - {9B2719DD-B696-11D0-A489-00C04FD91AC0} - E:\WINDOWS\System32\sdpblb.dll
Search Assistant Control - {47C6C527-6204-4F91-849D-66E234DEE015} - e:\windows\srchasst\srchui.dll
ShellFolder for CD Burning - {FBEB8A05-BEEE-4442-804E-409D6C4515E9} - E:\WINDOWS\system32\SHELL32.dll
Shortcut - {00021401-0000-0000-C000-000000000046} - shell32.dll
ShotDetect - {CFFB1FC7-270D-4986-B299-FECF3F0E42DB} - E:\Program Files\Movie Maker\wmm2filt.dll
Spanish_Modern Stemmer - {B0516FF0-7F1C-11CE-BE57-00AA0051FE20} - infosoft.dll
Start Menu - {4622AD11-FF23-11D0-8D34-00A0C90F2719} - E:\WINDOWS\system32\SHELL32.dll
Stetch - {F44BB2D0-F070-463E-9433-B0CCF3CFD627} - E:\Program Files\Movie Maker\wmm2filt.dll
Store Class - {78E61E52-0E57-4456-A2F2-517492BCBF8F} - E:\WINDOWS\system32\capicom.dll
Swedish_Default Stemmer - {9478F640-7F1C-11CE-BE57-00AA0051FE20} - infosoft.dll
System Monitor Source Properties - {0CF32AA1-7571-11D0-93C4-00AA00A3DDEA} - E:\WINDOWS\System32\sysmon.ocx
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - E:\WINDOWS\System32\stobject.dll
SysTrayInvoker - {730F6CDC-2C86-11D2-8773-92E220524153} - E:\WINDOWS\System32\stobject.dll
TipGW Init - {F117831B-C052-11D1-B1C0-00C04FC2F3EF} - E:\WINDOWS\System32\msdtctm.dll
Trident HTMLEditor - {3050F4F5-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtmled.dll
VFW Capture Class Manager - {860BB310-5D01-11D0-BD3B-00A0C911CE86} - E:\WINDOWS\System32\devenum.dll
Video Effect (1 input) Class Manager - {CC7BFB42-F175-11D1-A392-00E0291F3959} - E:\WINDOWS\System32\qedit.dll
Video Effect (2 input) Class Manager - {CC7BFB43-F175-11D1-A392-00E0291F3959} - E:\WINDOWS\System32\qedit.dll
Video Mixing Renderer 9 - {51B4ABF3-748F-4E3B-A276-C828330E926A} - E:\WINDOWS\system32\quartz.dll
Video Render Dynamic Terminal - {AED6483E-3304-11D2-86F1-006008B0E5D2} - E:\WINDOWS\System32\termmgr.dll
VideoPort Object - {CE292861-FC88-11D0-9E69-00C04FD7C15B} - E:\WINDOWS\System32\qdvd.dll
VMR Allocator Presenter 9 - {2D2E24CB-0CD5-458F-86EA-3E6FA22C8E64} - E:\WINDOWS\system32\quartz.dll
VMR ImageSync 9 - {E4979309-7A32-495E-8A92-7B014AAD4961} - E:\WINDOWS\system32\quartz.dll
WaveIn Class Manager - {33D9A762-90C8-11D0-BD43-00A0C911CE86} - E:\WINDOWS\System32\devenum.dll
WaveOut and DSound Class Manager - {E0F158E1-CB04-11D0-BD4E-00A0C911CE86} - E:\WINDOWS\System32\devenum.dll
Wbem Scripting Object Path - {172BDDF8-CEEA-11D1-8B05-00600806D9B6} - E:\WINDOWS\System32\wbem\wbemdisp.dll
WDM Instance Provider - {D2D588B5-D081-11D0-99E0-00C04FC2F8EC} - E:\WINDOWS\System32\wbem\wmiprov.dll
WebViewFolderIcon Class - {844F4806-E8A8-11D2-9652-00C04FC30871} - E:\WINDOWS\System32\webvw.dll
WIA FileSystem USD - {D2923B86-15F1-46FF-A19A-DE825F919576} - E:\WINDOWS\System32\fsusd.dll
WIA Video Preview Class - {457A23DF-6F2A-4684-91D0-317FB768D87C} - E:\WINDOWS\System32\camocx.dll
Windows Media Video Decompressor Property page - {9AADA567-04E0-11D4-9148-00C04F610D24} - E:\WINDOWS\System32\wmv8ds32.ax
WM Color Converter Filter - {CC45B0B0-72D8-4652-AE5F-5E3E266BE7ED} - E:\Program Files\Movie Maker\wmm2filt.dll
WM TV Out Smooth Picture Filter - {41D2B841-7692-4C83-AFD3-F60E845341AF} - E:\Program Files\Movie Maker\wmm2filt.dll
WM VIH2 Fix - {586FB486-5560-4FF3-96DF-1118C96AF456} - E:\Program Files\Movie Maker\wmm2filt.dll
WMI ADSI Extension - {F0975AFE-5C7F-11D2-8B74-00104B2AFB41} - E:\WINDOWS\System32\wbem\wbemads.dll
WMT Audio Analyzer - {1CB1623E-BBEC-4E8D-B2DF-DC08C6F4627C} - E:\Program Files\Movie Maker\wmm2filt.dll
WMT Black Frame Generator - {2EA10031-0033-450E-8072-E27D9E768142} - E:\Program Files\Movie Maker\wmm2filt.dll
WMT DeInterlace Filter - {C8F209F8-480E-454C-94A4-5392D88EBA0F} - E:\Program Files\Movie Maker\wmm2filt.dll
WMT DeInterlace Prop Page - {A2EDA89A-0966-4B91-9C18-AB69F098187F} - E:\Program Files\Movie Maker\wmm2filt.dll
WMT DirectX Transform Wrapper - {AECF5D2E-7A18-4DD2-BDCD-29B6F615B448} - E:\Program Files\Movie Maker\wmm2filt.dll
WMT DV Extract Filter - {E476CBFF-E229-4524-B6B7-228A3129D1C7} - E:\Program Files\Movie Maker\wmm2filt.dll
WMT FormatConversion - {2D20D4BB-B47E-4FB7-83BD-E3C2EE250D26} - E:\Program Files\Movie Maker\wmm2filt.dll
WMT FormatConversion Prop Page - {E188F7A3-A04E-413E-99D1-D79A45F70305} - E:\Program Files\Movie Maker\wmm2filt.dll
WMT Import Filter - {4D4C9FEF-ED80-47EA-A3FA-3215FDBB33AB} - E:\Program Files\Movie Maker\wmm2filt.dll
WMT Interlacer - {C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F} - E:\Program Files\Movie Maker\wmm2filt.dll
WMT Log Filter - {92883667-E95C-443D-AC96-4CACA27BEB6E} - E:\Program Files\Movie Maker\wmm2filt.dll
WMT MuxDeMux Filter - {01002B17-5D93-4551-81E4-831FEF780A53} - E:\Program Files\Movie Maker\wmm2filt.dll
WMT Sample Info Filter - {7F1232EE-44D7-4494-AB8B-CC61B10E21A5} - E:\Program Files\Movie Maker\wmm2filt.dll
WMT Screen capture Filter - {31087270-D348-432C-899E-2D2F38FF29A0} - E:\Program Files\Movie Maker\wmm2filt.dll
WMT Screen Capture Filter Task Page - {679E132F-561B-42F8-846C-A70DBDC62999} - E:\Program Files\Movie Maker\wmm2filt.dll
WMT Switch Filter - {EF105BC3-C064-45F1-AD53-6D8A8578D01B} - E:\Program Files\Movie Maker\wmm2filt.dll
WMT Virtual Renderer - {930FD02C-BBE7-4EB9-91CF-FC45CC91E3E6} - E:\Program Files\Movie Maker\wmm2filt.dll
WMT Virtual Source - {C44C65C7-FDF1-453D-89A5-BCC28F5D69F9} - E:\Program Files\Movie Maker\wmm2filt.dll
WMT Volume - {EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C} - E:\Program Files\Movie Maker\wmm2filt.dll
XML Data Source Object 2.6 - {f5078f1f-c551-11d3-89b9-0000f81fe221} - E:\WINDOWS\System32\msxml2.dll
XML Document 2.6 - {f5078f22-c551-11d3-89b9-0000f81fe221} - E:\WINDOWS\System32\msxml2.dll
XML Document 2.6 - {f5078f28-c551-11d3-89b9-0000f81fe221} - E:\WINDOWS\System32\msxml2.dll
XML DOM Document 2.6 - {f5078f1b-c551-11d3-89b9-0000f81fe221} - E:\WINDOWS\System32\msxml2.dll
XML HTTP 2.6 - {f5078f1e-c551-11d3-89b9-0000f81fe221} - E:\WINDOWS\System32\msxml2.dll
XML Moniker 2.6 - {f5078f29-c551-11d3-89b9-0000f81fe221} - E:\WINDOWS\System32\msxml2.dll
XML Parser 2.6 - {f5078f20-c551-11d3-89b9-0000f81fe221} - E:\WINDOWS\System32\msxml2.dll
XML Schema Cache 2.6 - {f5078f1d-c551-11d3-89b9-0000f81fe221} - E:\WINDOWS\System32\msxml2.dll
XSL Template 2.6 - {f5078f21-c551-11d3-89b9-0000f81fe221} - E:\WINDOWS\System32\msxml2.dll
Yahoo! Mail Attachment Control - {AA218328-0EA8-4D70-8972-E987A9190FF4} - E:\Program Files\Yahoo!\Common\YMMAPI.dll

[Stopped/disabled NT Services]
* Stopped (48) *
.NET Runtime Optimization Service v2.0.50727_X86 = E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Application Layer Gateway Service = E:\WINDOWS\System32\alg.exe
Application Management = E:\WINDOWS\system32\svchost.exe -k netsvcs
ASP.NET State Service = E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
avast! Mail Scanner = "E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
avast! Web Scanner = "E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
Background Intelligent Transfer Service = E:\WINDOWS\System32\svchost.exe -k netsvcs
COM+ Event System = E:\WINDOWS\System32\svchost.exe -k netsvcs
COM+ System Application = E:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Distributed Transaction Coordinator = E:\WINDOWS\System32\msdtc.exe
Fast User Switching Compatibility = E:\WINDOWS\System32\svchost.exe -k netsvcs
FLEXnet Licensing Service = "E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
HTTP SSL = E:\WINDOWS\System32\svchost.exe -k HTTPFilter
IMAPI CD-Burning COM Service = E:\WINDOWS\System32\imapi.exe
Indexing Service = E:\WINDOWS\system32\cisvc.exe
iPod Service = "E:\Program Files\iPod\bin\iPodService.exe"
Logical Disk Manager Administrative Service = E:\WINDOWS\System32\dmadmin.exe /com
Messenger Sharing Folders USN Journal Reader service = "E:\Program Files\MSN Messenger\usnsvc.exe"
MS Software Shadow Copy Provider = E:\WINDOWS\System32\dllhost.exe /Processid:{875F01BA-730E-4D77-B30C-E641A1987204}
Net Logon = E:\WINDOWS\System32\lsass.exe
NetMeeting Remote Desktop Sharing = E:\WINDOWS\System32\mnmsrvc.exe
Network Connections = E:\WINDOWS\System32\svchost.exe -k netsvcs
Network Location Awareness (NLA) = E:\WINDOWS\System32\svchost.exe -k netsvcs
Network Provisioning Service = E:\WINDOWS\System32\svchost.exe -k netsvcs
NT LM Security Support Provider = E:\WINDOWS\System32\lsass.exe
Performance Logs and Alerts = E:\WINDOWS\system32\smlogsvc.exe
Portable Media Serial Number Service = E:\WINDOWS\System32\svchost.exe -k netsvcs
QoS RSVP = E:\WINDOWS\System32\rsvp.exe
Remote Access Auto Connection Manager = E:\WINDOWS\System32\svchost.exe -k netsvcs
Remote Access Connection Manager = E:\WINDOWS\System32\svchost.exe -k netsvcs
Remote Desktop Help Session Manager = E:\WINDOWS\system32\sessmgr.exe
Remote Procedure Call (RPC) Locator = E:\WINDOWS\System32\locator.exe
Removable Storage = E:\WINDOWS\system32\svchost.exe -k netsvcs
Smart Card = E:\WINDOWS\System32\SCardSvr.exe
SSDP Discovery Service = E:\WINDOWS\System32\svchost.exe -k LocalService
Telephony = E:\WINDOWS\System32\svchost.exe -k netsvcs
Telnet = E:\WINDOWS\System32\tlntsvr.exe
Terminal Services = E:\WINDOWS\System32\svchost -k DComLaunch
Uninterruptible Power Supply = E:\WINDOWS\System32\ups.exe
Universal Plug and Play Device Host = E:\WINDOWS\System32\svchost.exe -k LocalService
Volume Shadow Copy = E:\WINDOWS\System32\vssvc.exe
Windows CardSpace = "E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
Windows Driver Foundation - User-mode Driver Framework = E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
Windows Installer = E:\WINDOWS\system32\msiexec.exe /V
Windows Management Instrumentation Driver Extensions = E:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Media Player Network Sharing Service = "E:\Program Files\Windows Media Player\WMPNetwk.exe"
Windows Presentation Foundation Font Cache 3.0.0.0 = E:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
WMI Performance Adapter = E:\WINDOWS\System32\wbem\wmiapsrv.exe

* Stopped & disabled (7) *
Alerter = E:\WINDOWS\System32\svchost.exe -k LocalService
ClipBook = E:\WINDOWS\system32\clipsrv.exe
Messenger = E:\WINDOWS\System32\svchost.exe -k netsvcs
Net.Tcp Port Sharing Service = "E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Network DDE = E:\WINDOWS\system32\netdde.exe
Network DDE DSDM = E:\WINDOWS\system32\netdde.exe
Routing and Remote Access = E:\WINDOWS\System32\svchost.exe -k netsvcs


[Windows XP Security]
* Security Center *
- This user
FirstRun = dword: 1

- All users
AntiVirusDisableNotify = dword: 0
FirewallDisableNotify = dword: 0
UpdatesDisableNotify = dword: 0
AntiVirusOverride = dword: 0
FirewallOverride = dword: 0

* System Restore *
- All users
DisableSR = dword: 0
CreateFirstRunRp = dword: 1
DSMin = dword: 200
DSMax = dword: 400
RPSessionInterval = dword: 0
RPGlobalInterval = dword: 86400
RPLifeInterval = dword: 7776000
CompressionBurst = dword: 60
TimerInterval = dword: 120
DiskPercent = dword: 12
ThawInterval = dword: 900
RestoreDiskSpaceError = dword: 0



==================================================
= Other users on this computer: Default user =
==================================================
--------------------

Autostart folders:

[User Startup]
desktop.ini

--------------------

IniMapping values:

User screensaver = logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145


--------------------

Hijack points:

[Internet Explorer URLs]
* Internet Explorer\Main (2) *
Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome



==================================================
= Other users on this computer: LOCAL SERVICE =
==================================================
--------------------

Autostart folders:

[User Startup]
desktop.ini

--------------------

IniMapping values:

User screensaver = E:\WINDOWS\System32\logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145



==================================================
= Other users on this computer: NETWORK SERVICE =
==================================================
--------------------

Autostart folders:

[User Startup]
desktop.ini

--------------------

IniMapping values:

User screensaver = E:\WINDOWS\System32\logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145



==================================================
= Other users on this computer: SYSTEM =
==================================================
--------------------

Autostart folders:

[User Startup]
desktop.ini

--------------------

IniMapping values:

User screensaver = logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145


--------------------

Hijack points:

[Internet Explorer URLs]
* Internet Explorer\Main (2) *
Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome



==================================================
= Other hardware configurations: Last known good =
==================================================
--------------------

On-reboot actions:

BootExecute = autocheck autochk *

--------------------

Services:

[NT Services (49)]
##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## = "E:\Program Files\Bonjour\mDNSResponder.exe"
Apple Mobile Device = "E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
a-squared Anti-Malware Service = "E:\Program Files\a-squared Anti-Malware\a2service.exe"
Automatic Updates = E:\WINDOWS\system32\svchost.exm -k netsvcs
avast! Antivirus = "E:\Program Files\Alwil Software\Avast4\ashServ.exe"
avast! iAVS4 Control Service = "E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
AVG Anti-Spyware Guard = E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Computer Browser = E:\WINDOWS\System32\svchost.exe -k netsvcs
Cryptographic Services = E:\WINDOWS\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher = E:\WINDOWS\system32\svchost -k DcomLaunch
DHCP Client = E:\WINDOWS\System32\svchost.exe -k netsvcs
Distributed Link Tracking Client = E:\WINDOWS\system32\svchost.exe -k netsvcs
DNS Client = E:\WINDOWS\System32\svchost.exe -k NetworkService
Error Reporting Service = E:\WINDOWS\System32\svchost.exe -k netsvcs
Event Log = E:\WINDOWS\system32\services.exe
Help and Support = E:\WINDOWS\System32\svchost.exe -k netsvcs
HID Input Service = E:\WINDOWS\System32\svchost.exe -k netsvcs
IPSEC Services = E:\WINDOWS\System32\lsass.exe
Logical Disk Manager = E:\WINDOWS\System32\svchost.exe -k netsvcs
LVCOMSer = "E:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe"
LVSrvLauncher = E:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
nTune Service = E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService
NVIDIA Display Driver Service = E:\WINDOWS\system32\nvsvc32.exe
PC Tools Auxiliary Service = E:\Program Files\Spyware Doctor\svcntaux.exe
PC Tools Security Service = E:\Program Files\Spyware Doctor\swdsvc.exe
Plug and Play = E:\WINDOWS\system32\services.exe
Print Spooler = E:\WINDOWS\system32\spoolsv.exe
Process Monitor = "E:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe"
Protected Storage = E:\WINDOWS\system32\lsass.exe
Remote Procedure Call (RPC) = E:\WINDOWS\system32\svchost -k rpcss
Remote Registry = E:\WINDOWS\system32\svchost.exe -k LocalService
Secondary Logon = E:\WINDOWS\System32\svchost.exe -k netsvcs
Security Accounts Manager = E:\WINDOWS\system32\lsass.exe
Security Center = E:\WINDOWS\System32\svchost.exe -k netsvcs
Server = E:\WINDOWS\System32\svchost.exe -k netsvcs
Shell Hardware Detection = E:\WINDOWS\System32\svchost.exe -k netsvcs
System Event Notification = E:\WINDOWS\system32\svchost.exe -k netsvcs
System Restore Service = E:\WINDOWS\System32\svchost.exe -k netsvcs
Task Scheduler = E:\WINDOWS\System32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper = E:\WINDOWS\System32\svchost.exe -k LocalService
Themes = E:\WINDOWS\System32\svchost.exe -k netsvcs
WebClient = E:\WINDOWS\System32\svchost.exe -k LocalService
Windows Audio = E:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Firewall/Internet Connection Sharing (ICS) = E:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Image Acquisition (WIA) = E:\WINDOWS\System32\svchost.exe -k imgsvc
Windows Management Instrumentation = E:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Time = E:\WINDOWS\System32\svchost.exe -k netsvcs
Wireless Zero Configuration = E:\WINDOWS\System32\svchost.exe -k netsvcs
Workstation = E:\WINDOWS\System32\svchost.exe -k netsvcs

[SafeBoot services (Minimal boot)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
AVG Anti-Spyware Driver
dmboot.sys
dmio.sys
dmload.sys
sermouse.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
PCI Configuration
PNP Filter
Primary disk
SCSI Class
System Bus Extender

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AppMgmt
AVG Anti-Spyware Guard
CryptSvc
DcomLaunch
dmadmin
dmserver
EventLog
HelpSvc
Netlogon
PlugPlay
RpcSs
SRService
vds
WinMgmt

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}

* Volume shadow copy *
{533C5B84-EC70-11D2-9505-00C04F79DEAF}


[SafeBoot services (Minimal boot + network support)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
AVG Anti-Spyware Driver
dmboot.sys
dmio.sys
dmload.sys
ip6fw.sys
ipnat.sys
rdpcdd.sys
rdpdd.sys
rdpwd.sys
sermouse.sys
tdpipe.sys
tdtcp.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
NDIS
NDIS Wrapper
NetBIOSGroup
NetDDEGroup
Network
NetworkProvider
PCI Configuration
PNP Filter
PNP_TDI
Primary disk
SCSI Class
Streams Drivers
System Bus Extender
TDI

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* Net *
{4D36E972-E325-11CE-BFC1-08002BE10318}

* NetClient *
{4D36E973-E325-11CE-BFC1-08002BE10318}

* NetService *
{4D36E974-E325-11CE-BFC1-08002BE10318}

* NetTrans *
{4D36E975-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AFD
AppMgmt
AVG Anti-Spyware Guard
Browser
CryptSvc
DcomLaunch
Dhcp
dmadmin
dmserver
DnsCache
EventLog
HelpSvc
LanmanServer
LanmanWorkstation
LmHosts
Messenger
Ndisuio
NetBIOS
NetBT
Netlogon
NetMan
NtLmSsp
PlugPlay
rdsessmgr
RpcSs
sharedaccess
SRService
Tcpip
termservice
UploadMgr
WinMgmt
WZCSVC

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}


[SafeBoot: Alternate shell]
cmd.exe (not enabled)

--------------------

Driver filters:

[Class filters]
* Imaging devices *
- Lower filters
LVUSBSta.sys

* Infrared devices *
- Upper filters
IRENUM.sys

* Medium Changers *
- Upper filters
GEARAspiWDM.sys

* Storage volumes *
- Upper filters
VolSnap.sys

* Tape drives *
- Upper filters
GEARAspiWDM.sys



[Device filters]
* AMD ACPI-Compliant System *
- Lower filters
AmdAcpi.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* Communications Port *
- Upper filters
serenum.sys

* Direct Parallel *
- Lower filters
PtiLink.sys

* Microsoft Wireless Laser Mouse 8000 (IntelliPoint) *
- Upper filters
Point32.sys

* Razer Tarantula USB Keyboard *
- Lower filters
TarFltr.sys

* Razer Tarantula USB Keyboard *
- Lower filters
TarFltr.sys

* Razer Tarantula USB Keyboard *
- Lower filters
TarFltr.sys

* Razer Tarantula USB Keyboard *
- Lower filters
TarFltr.sys

* Terminal Server Keyboard Driver *
- Upper filters
kbdclass.sys

* Terminal Server Mouse Driver *
- Upper filters
mouclass.sys

* WAN Miniport (IP) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPPOE) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPTP) *
- Lower filters
NdisTapi.sys



--------------------

Print monitors (5):

BJ Language Monitor - cnbjmon.dll
Local Port - localspl.dll
PJL Language Monitor - pjlmon.dll
Standard TCP/IP Port - tcpmon.dll
USB Monitor - usbmon.dll

--------------------

WOW compatibility:

cmdline = E:\WINDOWS\system32\ntvdm.exe
wowcmdline = E:\WINDOWS\system32\ntvdm.exe -a E:\WINDOWS\system32\krnl386

[KnownDlls (16-bit) (40)]
avicap.dll
avifile.dll
comm.drv
commdlg.dll
compobj.dll
ctl3dv2.dll
ddeml.dll
keyboard.drv
lanman.drv
mapi.dll
mciavi.drv
mciseq.drv
mciwave.drv
mmsystem.dll
mouse.drv
msacm.dll
msvideo.dll
netapi.dll
ole2.dll
ole2disp.dll
ole2nls.dll
olecli.dll
olesvr.dll
pmspl.dll
progman.exe
rasapi16.dll
shell.dll
sound.drv
storage.dll
system.drv
timer.drv
toolhelp.dll
typelib.dll
vga.drv
wfwnet.drv
win87em.dll
winoldap.mod
winsock.dll
winspool.exe
wowdeb.exe

[KnownDlls (32-bit) (20)]
advapi32.dll
comdlg32.dll
gdi32.dll
imagehlp.dll
kernel32.dll
lz32.dll
ole32.dll
oleaut32.dll
olecli32.dll
olecnv32.dll
olesvr32.dll
olethk32.dll
rpcrt4.dll
shell32.dll
url.dll
urlmon.dll
user32.dll
version.dll
wininet.dll
wldap32.dll


--------------------------------------------------
End of report, 194,073 bytes

Commandline options:
/showempty - Show empty sections
/showcmts - Show comments in .bat files
/noshowclsids - Hide class IDs
/noshowprivate - Hide usernames and computer name
/noshowusers - Hide entries from other users
/noshowhardware - Hide entries from other hardware configurations
/showlargehosts - Show hosts file even when more than 1000 lines are in it
/showlargezones - Show Zones even when more than 1000 domains are in them
/autosave - Run hidden, automatically save a report and quit
/autosavepath: - Specify where to save log, when using /autosave.
Use surrounding quotes for paths with spaces.

Edited by legolad, 23 October 2007 - 12:05 AM.


BC AdBot (Login to Remove)

 


m

#2 legolad

legolad
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 23 October 2007 - 12:09 AM

COMBOFIX LOG

ComboFix 07-10-23.1 - Legolad_g 2007-10-22 19:32:44.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1568 [GMT -4:00]
Running from: C:\SOFTWARE\APPs\regmechanic\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk
E:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk
E:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk
E:\Documents and Settings\Legolad_g\Application Data\inst.exe
E:\Documents and Settings\Legolad_g\Desktop\Live Safety Center.lnk
E:\Documents and Settings\Legolad_g\Desktop\Online Security Guide.lnk
E:\Documents and Settings\Legolad_g\Favorites\Online Security Guide.lnk
E:\WINDOWS\cookies.ini
E:\WINDOWS\system32\ututv.bak1
E:\WINDOWS\system32\ututv.bak2
E:\WINDOWS\system32\ututv.ini
E:\WINDOWS\system32\ututv.ini2
E:\WINDOWS\system32\ututv.tmp
E:\WINDOWS\system32\vwknqfex.dll
E:\WINDOWS\system32\xefqnkwv.ini

.
((((((((((((((((((((((((( Files Created from 2007-09-24 to 2007-10-24 )))))))))))))))))))))))))))))))
.

2007-10-22 19:32 51,200 --a------ E:\WINDOWS\NirCmd.exe
2007-10-22 19:17 <DIR> d-------- E:\VundoFix Backups
2007-10-22 17:53 102,664 --a------ E:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-22 17:51 <DIR> d-------- E:\Documents and Settings\Legolad_g\.housecall6.6
2007-10-22 17:21 289,144 --a------ E:\WINDOWS\system32\VCCLSID.exe
2007-10-22 17:21 288,417 --a------ E:\WINDOWS\system32\SrchSTS.exe
2007-10-22 17:21 53,248 --a------ E:\WINDOWS\system32\Process.exe
2007-10-22 17:21 51,200 --a------ E:\WINDOWS\system32\dumphive.exe
2007-10-22 17:21 25,600 --a------ E:\WINDOWS\system32\WS2Fix.exe
2007-10-22 16:03 <DIR> d-------- E:\Documents and Settings\Legolad_g\Application Data\Grisoft
2007-10-22 16:03 10,872 --a------ E:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-22 15:48 4,616 --a------ E:\WINDOWS\system32\tmp.reg
2007-10-22 13:38 <DIR> d-------- E:\Program Files\a-squared Anti-Malware
2007-10-22 09:49 <DIR> d-------- E:\Program Files\Spyware Doctor
2007-10-22 09:49 <DIR> d-------- E:\Documents and Settings\Legolad_g\Application Data\PC Tools
2007-10-22 09:49 626,688 --a------ E:\WINDOWS\system32\msvcr80.dll
2007-10-22 09:49 79,688 --a------ E:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-22 09:49 62,280 --a------ E:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-22 09:49 41,288 --a------ E:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-22 09:49 29,000 --a------ E:\WINDOWS\system32\drivers\kcom.sys
2007-10-20 18:38 <DIR> d-------- E:\Program Files\Bonjour
2007-10-20 18:31 <DIR> d-------- E:\Program Files\Common Files\Macrovision Shared
2007-10-20 18:19 <DIR> d-------- E:\Program Files\MagicISO
2007-10-20 15:16 <DIR> d-------- E:\Documents and Settings\Legolad_g\.thumbnails
2007-10-20 15:14 <DIR> d-------- E:\Documents and Settings\Legolad_g\Application Data\gtk-2.0
2007-10-20 15:14 <DIR> d-------- E:\Documents and Settings\Legolad_g\.gimp-2.2
2007-10-20 15:13 <DIR> d-------- E:\Program Files\GIMP-2.0
2007-10-20 15:11 <DIR> d-------- E:\Program Files\Common Files\GTK
2007-10-20 14:56 <DIR> d-------- E:\Program Files\GIMPex
2007-10-11 20:23 <DIR> d-------- E:\Program Files\Valve
2007-10-11 18:56 <DIR> d-------- E:\Program Files\Steam
2007-10-03 14:48 <DIR> d-------- E:\Program Files\iTunes
2007-10-03 14:48 <DIR> d-------- E:\Program Files\iPod
2007-09-30 13:25 <DIR> d-------- E:\Program Files\MediaMonkey

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-22 00:09 --------- d-----w E:\Program Files\Microsoft IntelliPoint
2007-10-20 23:19 --------- d-----w E:\Documents and Settings\Legolad_g\Application Data\uTorrent
2007-10-20 22:38 --------- d-----w E:\Program Files\Common Files\Adobe
2007-10-15 23:51 --------- d-----w E:\Program Files\World of Warcraft
2007-10-07 20:48 --------- d-----w E:\Program Files\Java
2007-10-06 03:04 --------- d-----w E:\Documents and Settings\Legolad_g\Application Data\Bioshock
2007-10-05 02:55 --------- d-----w E:\Program Files\Logitech
2007-10-05 02:55 --------- d-----w E:\Program Files\Common Files\logishrd
2007-09-28 01:46 --------- d-----w E:\Program Files\ACD Systems
2007-09-27 15:14 --------- d-----w E:\Documents and Settings\Legolad_g\Application Data\Apple Computer
2007-09-23 19:00 --------- d-----w E:\Program Files\Apple Software Update
2007-09-10 23:22 --------- d-----w E:\Program Files\microsoft frontpage
2007-09-10 23:22 --------- d-----w E:\Documents and Settings\Legolad_g\Application Data\Microsoft Web Folders
2007-09-06 10:05 94,416 ----a-w E:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w E:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w E:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w E:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 26,624 ----a-w E:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-02 22:15 --------- d-----w E:\Program Files\Common Files\Blizzard Entertainment
2007-09-02 17:14 --------- d-----w E:\Program Files\NVIDIA Corporation
2007-09-02 17:08 --------- d-----w E:\Program Files\Common Files\InstallShield
2007-08-31 01:20 --------- d--h--w E:\Program Files\InstallShield Installation Information
2007-08-31 01:20 --------- d-----w E:\Program Files\LucasArts
2007-08-31 01:17 --------- d-----w E:\Documents and Settings\Legolad_g\Application Data\Vso
2007-08-31 01:04 94,208 ----a-w E:\WINDOWS\system32\drivers\ezplay.sys
2007-08-31 01:04 94,208 ----a-w E:\Documents and Settings\Legolad_g\Application Data\ezplay.sys
2007-08-31 01:04 47,360 ----a-w E:\WINDOWS\system32\drivers\pcouffin.sys
2007-08-31 01:04 47,360 ----a-w E:\Documents and Settings\Legolad_g\Application Data\pcouffin.sys
2007-08-31 01:04 --------- d-----w E:\Program Files\VSO
2007-08-31 00:35 --------- d-----w E:\Program Files\CDBurnerXP Pro 3
2007-08-31 00:33 --------- d-----w E:\Documents and Settings\Legolad_g\Application Data\DeepBurner
2007-08-31 00:31 --------- d-----w E:\Program Files\Astonsoft
2007-08-26 03:45 --------- d-----w E:\Program Files\MSN Messenger
2007-08-24 17:16 --------- d-----w E:\Program Files\uTorrent
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{232D2677-68EE-4FA1-B988-279EBC8969ED}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 06:06]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 E:\WINDOWS\system32\HdAShCut.exe]
"IntelliPoint"="E:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 19:15]
"amd_dc_opt"="E:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 15:00 E:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 E:\WINDOWS\SkyTel.exe]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="E:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2007-08-17 16:23]
"nwiz"="nwiz.exe" [2007-08-17 16:23 E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2007-08-17 16:23]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"LogitechCommunicationsManager"="E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02]
"LogitechQuickCamRibbon"="E:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06]
"IMJPMIG8.1"="E:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 01:31]
"IMEKRMIG6.1"="E:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 08:00]
"MSPY2002"="E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 01:31]
"PHIME2002ASync"="E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 01:32]
"PHIME2002A"="E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 01:32]
"SDTray"="E:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27]
"RegistryMechanic"="E:\Program Files\Registry Mechanic\regmech.exe" [2007-09-20 17:10]
"a-squared"="E:\Program Files\a-squared Anti-Malware\a2guard.exe" [2007-08-31 20:24]
"!AVG Anti-Spyware"="E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"MsnMsgr"="E:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"NVIDIA nTune"="E:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32]
"Steam"="e:\program files\steam\steam.exe" [2007-10-11 18:57]
"SpybotSD TeaTimer"="E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gijrrbkv]
gijrrbkv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjghh]
jkkjghh.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R0 AmdAcpi;AmdAcpi Bus Filter Driver;E:\WINDOWS\system32\DRIVERS\AmdAcpi.sys
R3 AmdLLD;AMD Low Level Device Driver;E:\WINDOWS\system32\DRIVERS\AmdLLD.sys
R3 amdtools;AMD Special Tools Driver;E:\WINDOWS\system32\DRIVERS\AmdTools.sys
R3 TarFltr;Razer Tarantula USB Keyboard;E:\WINDOWS\system32\Drivers\UsbFltr.sys
S3 AMDPCI;AMDPCI;\??\E:\DOCUME~1\LEGOLA~1\LOCALS~1\Temp\AMDPCI.sys
S3 cpuz;cpuz;\??\C:\SOFTWARE\APPs\Everest Diag\Other Diagnostic tool\A64 Yweaker\cpuz.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-16 15:13:03 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-23 20:26:04
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-23 20:28:39 - machine was rebooted
.
--- E O F ---






A-SQUARED ANTI-MALWARE LOG
a-squared Anti-Malware - Version 3.0
Last update: 10/22/2007 3:01:23 PM

Scan settings:

Objects: Memory, Traces, Cookies, C:\, E:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 10/22/2007 3:01:31 PM

Value: HKEY_CLASSES_ROOT\CLSID\{8C11E411-860C-4BAE-A0F4-CBE8DAE6B84C}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{9583E033-1CCC-446E-A858-317A0620EE66}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{9E6A5B24-1FBC-42D9-870D-07D5C5738075}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{EA6DA0D5-1021-4F55-ACBA-D1D8BA7EAB2C}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{EE12598F-BD9F-4BAD-BB13-D49829A024FE}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C11E411-860C-4BAE-A0F4-CBE8DAE6B84C}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9583E033-1CCC-446E-A858-317A0620EE66}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E6A5B24-1FBC-42D9-870D-07D5C5738075}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA6DA0D5-1021-4F55-ACBA-D1D8BA7EAB2C}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE12598F-BD9F-4BAD-BB13-D49829A024FE}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:101 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:102 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:103 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:124 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:135 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:145 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:146 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:173 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:245 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:485 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:530 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:531 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:647 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:650 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:654 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:655 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:656 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:657 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:658 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:659 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:660 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:661 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:662 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:663 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:664 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:665 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:666 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:667 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:668 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:669 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:670 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:671 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:672 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:673 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:674 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:675 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:676 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:677 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:678 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:679 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:680 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:681 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:682 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:683 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:684 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:685 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:686 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:687 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:688 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:689 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:690 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:691 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:692 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:693 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:694 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:695 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:696 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:697 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:698 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:699 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:700 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:800 detected: Trace.TrackingCookie
E:\Documents and Settings\Legolad_g\Application Data\Mozilla\Firefox\Profiles\bnuq233c.default\cookies.txt:801 detected: Trace.TrackingCookie
C:\MUSIC\loops n stuff\Drumkits\HipHop.Tools.Mad.Fx.WAV-DViSO\dv-htmf.r00/dv-htmf.bin detected: Heuristic.ArchiveBomb
C:\MUSIC\loops n stuff\Drumkits\HipHop.Tools.Mad.Fx.WAV-DViSO\dv-htmf.r01/dv-htmf.bin detected: Heuristic.ArchiveBomb
C:\MUSIC\loops n stuff\Drumkits\HipHop.Tools.Mad.Fx.WAV-DViSO\dv-htmf.r02/dv-htmf.bin detected: Heuristic.ArchiveBomb
C:\MUSIC\loops n stuff\Drumkits\HipHop.Tools.Mad.Fx.WAV-DViSO\dv-htmf.r03/dv-htmf.bin detected: Heuristic.ArchiveBomb
C:\MUSIC\loops n stuff\Drumkits\HipHop.Tools.Mad.Fx.WAV-DViSO\dv-htmf.r04/dv-htmf.bin detected: Heuristic.ArchiveBomb
C:\MUSIC\loops n stuff\Drumkits\HipHop.Tools.Mad.Fx.WAV-DViSO\dv-htmf.r05/dv-htmf.bin detected: Heuristic.ArchiveBomb
C:\MUSIC\loops n stuff\Drumkits\HipHop.Tools.Urban.Warfare.WAV-DViSO\dv-htuw.r00/dv-htuw.bin detected: Heuristic.ArchiveBomb
C:\MUSIC\loops n stuff\Drumkits\HipHop.Tools.Urban.Warfare.WAV-DViSO\dv-htuw.r01/dv-htuw.bin detected: Heuristic.ArchiveBomb
C:\MUSIC\loops n stuff\Drumkits\HipHop.Tools.Urban.Warfare.WAV-DViSO\dv-htuw.r02/dv-htuw.bin detected: Heuristic.ArchiveBomb
C:\MUSIC\loops n stuff\Drumkits\HipHop.Tools.Urban.Warfare.WAV-DViSO\dv-htuw.r03/dv-htuw.bin detected: Heuristic.ArchiveBomb
C:\MUSIC\loops n stuff\Drumkits\HipHop.Tools.Urban.Warfare.WAV-DViSO\dv-htuw.r04/dv-htuw.bin detected: Heuristic.ArchiveBomb
C:\MUSIC\loops n stuff\Drumkits\Mpc-Samples West-Coast Drums for MPC4000-ViH\v-mswcod.r00/v-mswcod.iso detected: Heuristic.ArchiveBomb
C:\MUSIC\loops n stuff\Sample Fusion - Killer Tweaks II\samples.part01.rar/Sys-100 Clickbass_G1.wav detected: Heuristic.ArchiveBomb

Scanned

Files: 83918
Traces: 336700
Cookies: 942
Processes: 42

Found

Files: 13
Traces: 10
Cookies: 63
Processes: 0
Registry keys: 0

Scan end: 10/22/2007 3:30:00 PM
Scan time: 12:28:29 AM

#3 legolad

legolad
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 23 October 2007 - 12:16 AM

VUNDOFIX LOG

VundoFix V6.5.10

Checking Java version...

Scan started at 7:17:38 PM 10/22/2007

Listing files found while scanning....

E:\WINDOWS\system32\gijrrbkv.dll

Beginning removal...

Attempting to delete E:\WINDOWS\system32\gijrrbkv.dll
E:\WINDOWS\system32\gijrrbkv.dll Has been deleted!

Performing Repairs to the registry.
Done!





SMITFRAUDFIX LOG #1

SmitFraudFix v2.240

Scan done at 17:22:23.45, Mon 10/22/2007
Run from C:\SOFTWARE\APPs\regmechanic\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

Process

E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Spyware Doctor\swdsvc.exe
E:\WINDOWS\system32\taskmgr.exe
E:\WINDOWS\system32\cmd.exe
E:\WINDOWS\System32\wbem\wmiprvse.exe
E:\WINDOWS\System32\wbem\wmiprvse.exe
E:\WINDOWS\explorer.exe

hosts


E:\


E:\WINDOWS


E:\WINDOWS\system


E:\WINDOWS\Web


E:\WINDOWS\system32


E:\WINDOWS\system32\LogFiles


E:\Documents and Settings\Legolad_g


E:\Documents and Settings\Legolad_g\Application Data


Start Menu


E:\DOCUME~1\LEGOLA~1\FAVORI~1


Desktop


E:\Program Files


Corrupted keys


Desktop Components



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Rustock



DNS

Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{33545510-CE66-4244-A65D-13041999B094}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{33545510-CE66-4244-A65D-13041999B094}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{33545510-CE66-4244-A65D-13041999B094}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


Scanning for wininet.dll infection


End







SMITFRAUDFIX LOG #2
SmitFraudFix v2.240

Scan done at 17:12:10.43, Mon 10/22/2007
Run from C:\SOFTWARE\APPs\regmechanic\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

Process

E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Spyware Doctor\svcntaux.exe
E:\Program Files\Spyware Doctor\swdsvc.exe
E:\Program Files\Spyware Doctor\SDTrayApp.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\system32\cmd.exe
E:\WINDOWS\System32\wbem\wmiprvse.exe

hosts


E:\


E:\WINDOWS


E:\WINDOWS\system


E:\WINDOWS\Web


E:\WINDOWS\system32


E:\WINDOWS\system32\LogFiles


E:\Documents and Settings\Legolad_g


E:\Documents and Settings\Legolad_g\Application Data


Start Menu


E:\DOCUME~1\LEGOLA~1\FAVORI~1


Desktop


E:\Program Files


Corrupted keys


Desktop Components



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Rustock



DNS

Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{33545510-CE66-4244-A65D-13041999B094}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{33545510-CE66-4244-A65D-13041999B094}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{33545510-CE66-4244-A65D-13041999B094}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


Scanning for wininet.dll infection


End








SMITFRAUDFIX LOG #3
SmitFraudFix v2.240

Scan done at 17:14:06.59, Mon 10/22/2007
Run from C:\SOFTWARE\APPs\regmechanic\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts


127.0.0.1 localhost

Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


DNS

Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{33545510-CE66-4244-A65D-13041999B094}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{33545510-CE66-4244-A65D-13041999B094}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{33545510-CE66-4244-A65D-13041999B094}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:57 PM

Posted 23 October 2007 - 01:01 PM

Hello legolad,

Welcome to Bleeping Computer :thumbsup:

Delete all those tools :

Smitfraudfix
Combofix, and it's accompanying folder C:\Qoobox
Vundofix


Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O20 - Winlogon Notify: gijrrbkv - gijrrbkv.dll (file missing)
O20 - Winlogon Notify: jkkjghh - jkkjghh.dll (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - E:\WINDOWS\system32\svchost.exm.exe (file missing)


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer.

Are your other scans coming up clean now? How is it running? Please post a new Hijackthis log in your reply.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 legolad

legolad
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 23 October 2007 - 02:41 PM

Excellent. Thank you sir or madam Teacup.

I am getting a number of Registry Mechanic warnings about missing shortcuts etc when I reboot, but no further trojans, malware, spyware, black doors, etc.

All three of those entries were in the HijackThis scan. I selected all three, made sure no other apps were running, then clicked "Fix Checked". I rebooted and re-scanned and all three are still there. Perhaps I need to do this in Safe Mode?

Here's the new HijackThis scan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:35:21 PM, on 10/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
E:\WINDOWS\Explorer.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\Microsoft IntelliPoint\ipoint.exe
E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
E:\Program Files\QuickTime\QTTask.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
E:\Program Files\Logitech\QuickCam\Quickcam.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\WINDOWS\system32\ctfmon.exe
E:\program files\steam\steam.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\a-squared Anti-Malware\a2service.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
E:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\PROGRA~1\MOZILL~1\FIREFOX.EXE
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [IntelliPoint] "E:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [amd_dc_opt] E:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "E:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] E:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RegistryMechanic] E:\Program Files\Registry Mechanic\regmech.exe /S
O4 - HKLM\..\Run: [a-squared] "E:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "E:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://24.99.16.69/VatDec.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176335842061
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176335986092
O20 - Winlogon Notify: gijrrbkv - E:\WINDOWS\
O20 - Winlogon Notify: jkkjghh - E:\WINDOWS\
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - E:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - E:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - E:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - E:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - E:\WINDOWS\system32\svchost.exm.exe (file missing)

--
End of file - 9089 bytes

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:57 PM

Posted 23 October 2007 - 03:20 PM

Hello,

Disable Tea Timer and try it again. ;)

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:57 PM

Posted 05 November 2007 - 03:57 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users