Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iexplore.exe executing at startup and suspected malware in HJT scan


  • This topic is locked This topic is locked
20 replies to this topic

#1 blueviper

blueviper

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 17 January 2009 - 10:15 AM

I've checked autoruns and there is no mention of iexplore.exe in there at all. Also, no window pops up, it just the process that is running and usually uses up a lot of system resources.

DDS (Ver_09-01-07.01) - NTFSx86
Run by Jake at 10:13:56.67 on Sat 01/17/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1401 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Pidgin\pidgin.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Jake\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 127.0.0.1:80
mSearchAssistant = hxxp://www.google.com
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {CAFB2180-BA09-11DC-95FF-0800200C9A66} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [Copperhead] c:\program files\razer\copperhead\razerhid.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [CTHelper] CTHELPER.EXE
mExplorerRun: [ati2sgav] "c:\windows\system32\ati2sgav.exe"
StartupFolder: c:\docume~1\jake\startm~1\programs\startup\autoru~1\dropbox.lnk - c:\program files\dropbox\dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: jpmorgan.com\mcpuk1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jake\applic~1\mozilla\firefox\profiles\9uaj01hq.default\
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\jake\application data\mozilla\firefox\profiles\9uaj01hq.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07100121.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

---- FIREFOX POLICIES ----
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000

============= SERVICES / DRIVERS ===============

R1 NEOFLTR_550_12415;Juniper Networks TDI Filter Driver (NEOFLTR_550_12415);c:\windows\system32\drivers\NEOFLTR_550_12415.sys [2007-12-7 63008]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2008-1-28 3768]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2008-1-28 11596]
R4 uacFlt;Plantronics USB Audio Adapter EQ Filter Driver;c:\windows\system32\drivers\uacflt.sys [2008-1-28 21276]
S3 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2008-6-6 42512]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2008-10-19 184320]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]

=============== Created Last 30 ================

2009-01-15 15:54 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-01-15 15:35 <DIR> --d----- c:\program files\EA Games
2009-01-14 20:30 <DIR> --d----- c:\program files\Trend Micro
2009-01-12 14:20 1,908 a------- c:\windows\diagwrn.xml
2009-01-12 14:20 1,908 a------- c:\windows\diagerr.xml
2009-01-11 17:56 1,970,176 a------- c:\windows\system32\d3dx9.dll
2009-01-11 17:56 679,936 a------- c:\windows\system32\D3DX81ab.dll
2009-01-11 17:56 <DIR> --d----- c:\program files\Cheat Engine
2009-01-06 17:38 <DIR> --d----- c:\program files\Fix-it-up - Kates Adventure
2009-01-03 17:39 <DIR> --d----- c:\documents and settings\jake\workspace
2008-12-27 20:16 <DIR> --d----- c:\documents and settings\jake\.netbeans-derby
2008-12-27 20:12 <DIR> --d----- c:\documents and settings\jake\.netbeans
2008-12-27 20:12 <DIR> --d----- c:\documents and settings\jake\.netbeans-registration
2008-12-27 20:11 <DIR> --d----- c:\program files\NetBeans 6.5
2008-12-27 20:10 <DIR> --d----- c:\documents and settings\jake\.nbi
2008-12-26 21:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kontiki
2008-12-26 21:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Channel4
2008-12-26 20:31 <DIR> --d----- c:\windows\system32\syncdb
2008-12-25 13:11 <DIR> --d----- c:\windows\Top Chef
2008-12-25 11:56 <DIR> --d----- c:\program files\common files\ODBC
2008-12-24 23:53 30,120 a------- c:\windows\system32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
2008-12-24 23:53 30,120 a------- c:\windows\system32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
2008-12-24 23:53 11,564 a------- c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
2008-12-24 23:53 4,958,588 a------- c:\windows\{00000004-00000000-00000001-00001102-00000004-10031102}.BAK
2008-12-24 20:41 4,958,588 a------- c:\windows\{00000004-00000000-00000001-00001102-00000004-10031102}.CDF
2008-12-24 19:40 7,062 a------- c:\windows\system32\audiopid.vxd
2008-12-21 19:54 <DIR> --d----- c:\windows\system32\Defaults
2008-12-21 19:54 4,174,814 -------- c:\windows\system32\CT4MGM.SF2
2008-12-21 19:51 <DIR> --d----- c:\program files\Creative
2008-12-21 11:40 <DIR> --d----- c:\docume~1\jake\applic~1\DAEMON Tools Pro
2008-12-21 11:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2008-12-21 11:39 <DIR> --d----- c:\docume~1\jake\applic~1\DAEMON Tools Lite

==================== Find3M ====================

2009-01-14 16:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-07 09:04 38,344 a------- c:\windows\system32\drivers\CO_Mon.sys
2008-12-24 20:40 444,952 a------- c:\windows\system32\wrap_oal.dll
2008-12-24 20:40 109,080 a------- c:\windows\system32\OpenAL32.dll
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-07 09:19 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-05 22:12 215,872 a------- c:\windows\system32\drivers\truecrypt.sys
2008-10-28 17:55 239,863 a------- c:\windows\system32\ati2sgav.exe
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-22 19:21 22,328 a------- c:\docume~1\jake\applic~1\PnkBstrK.sys
2008-04-15 15:51 87,608 a------- c:\docume~1\jake\applic~1\inst.exe
2008-04-15 15:51 47,360 a------- c:\docume~1\jake\applic~1\pcouffin.sys
2008-01-28 19:49 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2006-07-05 05:33 472,000 a------- c:\windows\inf\wg311t\WG311T13.sys
2006-04-25 17:30 35,232 a------- c:\windows\inf\wg311t\ME_INST.EXE
2006-04-25 17:30 26,112 a------- c:\windows\inf\wg311t\install.exe
2008-05-11 10:12 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051120080512\index.dat

============= FINISH: 10:14:07.18 ===============

Attached Files


Edited by blueviper, 17 January 2009 - 10:16 AM.


BC AdBot (Login to Remove)

 


#2 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:17 PM

Posted 29 January 2009 - 11:36 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.
Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scans:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.



* Download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.com
DDS.scr
DDS.pif

* Double click on the DDS icon, allow it to run.
* A small box will open, with an explaination about the tool. No input is needed, the scan is running.
* Notepad will open with the results, click no to the Optional_Scan
* Follow the instructions that pop up for posting the results.
* Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#3 blueviper

blueviper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 30 January 2009 - 04:25 PM

Malwarebytes' Anti-Malware 1.33
Database version: 1709
Windows 5.1.2600 Service Pack 3

1/30/2009 4:15:50 PM
mbam-log-2009-01-30 (16-15-50).txt

Scan type: Full Scan (C:\|Z:\|)
Objects scanned: 239714
Time elapsed: 1 hour(s), 43 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



DDS (Ver_09-01-19.01) - NTFSx86
Run by Jake at 16:18:07.90 on Fri 01/30/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1230 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\TextPad 5\TextPad.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Jake\Desktop\DOWNLOADS\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 127.0.0.1:80
mSearchAssistant = hxxp://www.google.com
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {CAFB2180-BA09-11DC-95FF-0800200C9A66} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [Copperhead] c:\program files\razer\copperhead\razerhid.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mExplorerRun: [ati2sgav] "c:\windows\system32\ati2sgav.exe"
StartupFolder: c:\docume~1\jake\startm~1\programs\startup\autoru~1\dropbox.lnk - c:\program files\dropbox\dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: jpmorgan.com\mcpuk1
DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - hxxps://mcpuk1.jpmorgan.com/llclient/webvpn-amer/winxp/AXXPEE.dll
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} - hxxp://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219198089453
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jake\applic~1\mozilla\firefox\profiles\9uaj01hq.default\
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\jake\application data\mozilla\firefox\profiles\9uaj01hq.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07100121.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

---- FIREFOX POLICIES ----
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000

============= SERVICES / DRIVERS ===============

R1 NEOFLTR_550_12415;Juniper Networks TDI Filter Driver (NEOFLTR_550_12415);c:\windows\system32\drivers\NEOFLTR_550_12415.sys [2007-12-7 63008]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2008-1-28 3768]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2008-1-28 11596]
R4 uacFlt;Plantronics USB Audio Adapter EQ Filter Driver;c:\windows\system32\drivers\uacflt.sys [2008-1-28 21276]
S3 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2008-6-6 42512]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2008-10-19 184320]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]

=============== Created Last 30 ================

2009-01-28 19:38 <DIR> --d----- C:\NVIDIA
2009-01-25 22:01 203,976 a------- c:\windows\system32\RichTx32.ocx
2009-01-25 22:01 101,888 a------- c:\windows\system32\Vb6stkit.dll
2009-01-25 22:01 89,360 a------- c:\windows\system32\Vb5db.dll
2009-01-25 22:01 <DIR> --d----- c:\program files\Bullfighter
2009-01-19 22:11 4,958,588 a------- c:\windows\{00000004-00000000-00000001-00001102-00000004-10031102}.BAK
2009-01-19 18:14 <DIR> --d----- c:\program files\twhirl
2009-01-19 10:37 102,439 a------- c:\windows\system32\sipr3260.dll
2009-01-18 11:44 <DIR> --d----- c:\program files\DeductionPro 2008
2009-01-18 11:38 <DIR> --d----- c:\program files\TaxCut08
2009-01-15 15:54 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-01-15 15:35 <DIR> --d----- c:\program files\EA Games
2009-01-15 08:19 1,253,376 a------- c:\windows\system32\NvPVEnc.ax
2009-01-14 20:30 <DIR> --d----- c:\program files\Trend Micro
2009-01-12 14:20 1,908 a------- c:\windows\diagwrn.xml
2009-01-12 14:20 1,908 a------- c:\windows\diagerr.xml
2009-01-11 17:56 1,970,176 a------- c:\windows\system32\d3dx9.dll
2009-01-11 17:56 679,936 a------- c:\windows\system32\D3DX81ab.dll
2009-01-11 17:56 <DIR> --d----- c:\program files\Cheat Engine
2009-01-06 17:38 <DIR> --d----- c:\program files\Fix-it-up - Kates Adventure
2009-01-03 17:39 <DIR> --d----- c:\documents and settings\jake\workspace

==================== Find3M ====================

2009-01-14 16:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-07 11:28 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-01-07 09:04 38,344 a------- c:\windows\system32\drivers\CO_Mon.sys
2008-12-24 20:40 444,952 a------- c:\windows\system32\wrap_oal.dll
2008-12-24 20:40 109,080 a------- c:\windows\system32\OpenAL32.dll
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-10 09:45 70,936 a------- c:\windows\system32\PhysXLoader.dll
2008-12-07 09:19 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-05 22:12 215,872 a------- c:\windows\system32\drivers\truecrypt.sys
2008-12-04 09:28 24,344 a------- c:\windows\system32\PhysXDevice.dll
2008-10-22 19:21 22,328 a------- c:\docume~1\jake\applic~1\PnkBstrK.sys
2008-04-15 15:51 87,608 a------- c:\docume~1\jake\applic~1\inst.exe
2008-04-15 15:51 47,360 a------- c:\docume~1\jake\applic~1\pcouffin.sys
2008-01-28 19:49 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2006-07-05 05:33 472,000 a------- c:\windows\inf\wg311t\WG311T13.sys
2006-04-25 17:30 35,232 a------- c:\windows\inf\wg311t\ME_INST.EXE
2006-04-25 17:30 26,112 a------- c:\windows\inf\wg311t\install.exe
2008-05-11 10:12 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051120080512\index.dat

============= FINISH: 16:18:38.03 ===============

Attached Files



#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:17 PM

Posted 30 January 2009 - 07:44 PM

Question, isn't Dropshots an online service? Dropbox is part of that correct? But isn't it still an online service? Does it use IE?

StartupFolder: c:\docume~1\jake\startm~1\programs\startup\autoru~1\dropbox.lnk - c:\program files\dropbox\dropbox.exe

If I am wrong, could you attach an autoruns log?

Edited by Hoov, 30 January 2009 - 07:45 PM.

Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 blueviper

blueviper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 30 January 2009 - 08:47 PM

Dropbox is and has been uninstalled from my system for months. I guess the uninstaller missed that autorun shortcut but there is no longer a "c:\program files\dropbox\" on my computer. I think that dropbox hooks into the explorer similar to opening an ftp server through explorer but it has been such a long time that I can't remember exactly. I've deleted the shortcut referenced in your post as it isn't needed.

#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:17 PM

Posted 30 January 2009 - 09:18 PM

Try rebooting your computer to see if the problem is gone. If the autorun shortcut was there, it may have been just enough to trigger IE and confuse it. If it still does it, give me the autoruns log.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#7 blueviper

blueviper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 31 January 2009 - 10:00 AM

After turning on my computer this morning and checking, iexplorer is still starting up. Attached is the autoruns log.

Attached Files



#8 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:17 PM

Posted 31 January 2009 - 12:43 PM

Couple questions, first is Skype set to start and connect at startup? If it is, try setting it so connection has to be done manually. Also look in Lavasoft AdAware and see if there is any infection set to delete on reboot. If there is let me know.

If neither one of those pan out, I need you to go to the control panel, then to the Admin tools, and run the event viewer. Look in all of the logs and see if there is any warning entry (red circle with an exclamation mark) for IE or any other program that happens at startup. If there are none of these then

Please download RunScanner
  • Save it to a folder you create such as C:\Runscanner (this assumes Windows is installed on your C: drive).
  • Launch Runscanner by double-clicking runscanner.exe within the C:\Runscanner folder.
  • Vista users must also click Continue to open Runscanner when prompted by User Account Control (UAC)
  • Check Beginner Mode
  • Click Scan computer
  • Your will see a "Runscanner scan in progress" window displayed while Runscanner scans your system
  • At the conclusion of the scan, save the run file called runscanner.run to your documents folder or directly to the Runscanner folder. This is the file you will need to upload.
  • A runscanner.log file will automatically open in Notepad. Just close the Notepad window because, it is ONLY the runscanner.run file that we are interested in.
  • Next, zip up the runscanner.run file that you just saved.
  • I want you to upload the zipped runscanner.run file as an attachment in your next reply
  • To do that choose "Additional Options" under "Post Reply"
  • Browse to the zipped RUN file location and then click the "Post" button to attach the file.
  • I will review the run file, and then upload it back to you with items marked for deletion.
  • Please await my directions and the returned RUN file, and do not delete anything in the interim

Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#9 blueviper

blueviper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 31 January 2009 - 10:04 PM

Skype isn't set up to run at startup. Adaware found no malware. There were no warnings on the event viewer that happen during startup.

RunScanner log attached.

Attached Files



#10 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:17 PM

Posted 31 January 2009 - 10:53 PM

This log is going to take a while to go thru, there is a ton of info in it. So I probably won't get a response to you until the morning.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#11 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:17 PM

Posted 31 January 2009 - 11:45 PM

Have you run combofix on this system? Also can you tell me what kind of drive your F: drive is? Also does speedrunner sound familiar?

And would you Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum

Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#12 blueviper

blueviper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 01 February 2009 - 10:24 PM

I don't think that I've ever run combofix on this computer. F: was at one point a CD drive before I remapped all the drives on my computer. Speedrunner does sound familiar and after I searched on google I remembered that spybot s&d came up with an entry or 2 for it about month or so ago.


SDFix: Version 1.240
Run by Jake on Sun 02/01/2009 at 09:58 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-01 22:09:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:4c,df,9b,d7,df,46,13,16,b0,65,47,7b,b0,13,ac,bf,fe,dc,c3,fc,fc,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:e2,cb,3c,96,87,0a,ae,44,79,87,ac,f2,b3,11,29,6c,89,1a,50,c4,9a,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:2e,1c,eb,c0,6c,b9,e2,25,96,32,f1,f8,3e,f3,24,f5,b9,60,37,d0,95,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2e,70,1c,06,e7,fa,d1,68,9d,ea,c7,87,86,2e,db,10,d8,42,07,f7,52,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:b8,e2,eb,3b,e6,f0,ba,cb,4e,23,b6,19,24,6d,57,78,c1,73,b4,14,7e,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:4c,df,9b,d7,df,46,13,16,b0,65,47,7b,b0,13,ac,bf,fe,dc,c3,fc,fc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:e2,cb,3c,96,87,0a,ae,44,79,87,ac,f2,b3,11,29,6c,89,1a,50,c4,9a,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:2e,1c,eb,c0,6c,b9,e2,25,96,32,f1,f8,3e,f3,24,f5,b9,60,37,d0,95,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2e,70,1c,06,e7,fa,d1,68,9d,ea,c7,87,86,2e,db,10,d8,42,07,f7,52,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"
"C:\\Program Files\\Ruckus Player\\Ruckus.exe"="C:\\Program Files\\Ruckus Player\\Ruckus.exe:*:Enabled:Ruckus"
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"="C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\\Program Files\\CCP\\EVE TEST SERVER\\bin\\ExeFile.exe"="C:\\Program Files\\CCP\\EVE TEST SERVER\\bin\\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\\Program Files\\NewTek\\LightWave 3D 9\\Programs\\hub.exe"="C:\\Program Files\\NewTek\\LightWave 3D 9\\Programs\\hub.exe:*:Enabled:hub"
"C:\\Program Files\\NewTek\\LightWave 3D 9\\Programs\\lightwav.exe"="C:\\Program Files\\NewTek\\LightWave 3D 9\\Programs\\lightwav.exe:*:Enabled:lightwav"
"C:\\Program Files\\IDA\\idag.exe"="C:\\Program Files\\IDA\\idag.exe:*:Enabled:Interactive Disassembler (32-bit)"
"C:\\Program Files\\IDA\\idag64.exe"="C:\\Program Files\\IDA\\idag64.exe:*:Enabled:Interactive Disassembler (64-bit)"
"C:\\Program Files\\FlashGet\\FlashGet.exe"="C:\\Program Files\\FlashGet\\FlashGet.exe:*:Enabled:Flashget"
"C:\\Program Files\\Pollux Gamelabs\\Lost Empire - Immortals\\LostEmpire.exe"="C:\\Program Files\\Pollux Gamelabs\\Lost Empire - Immortals\\LostEmpire.exe:*:Enabled:Lost Empire - Immortals"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Gameforge4D\\AirRivals\\Launcher.atm"="C:\\Program Files\\Gameforge4D\\AirRivals\\Launcher.atm:Enabled:GameExe2"
"C:\\Program Files\\Gameforge4D\\AirRivals\\Res-Voip\\SCVoIP.exe"="C:\\Program Files\\Gameforge4D\\AirRivals\\Res-Voip\\SCVoIP.exe:Enabled:GameVoIP"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"="C:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy"
"C:\\Program Files\\Steam\\steamapps\\jojoyohan\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\jojoyohan\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Rohan\\rohanclient.exe"="C:\\Program Files\\Rohan\\rohanclient.exe:*:Enabled:Rohan Online Game"
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Program Files\\Combat Arms\\CombatArms.exe"="C:\\Program Files\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\\Program Files\\Combat Arms\\Engine.exe"="C:\\Program Files\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"
"C:\\Program Files\\Combat Arms\\NMService.exe"="C:\\Program Files\\Combat Arms\\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"="C:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)"
"C:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"="C:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)"
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="C:\\Program Files\\Electronic Arts\\EADM\\Core.exe:*:Disabled:EA Download Manager"
"C:\\Program Files\\Java\\jdk1.6.0_07\\jre\\bin\\java.exe"="C:\\Program Files\\Java\\jdk1.6.0_07\\jre\\bin\\java.exe:*:Enabled:Java™ Platform SE binary"
"C:\\Program Files\\Curse\\CurseClient.exe"="C:\\Program Files\\Curse\\CurseClient.exe:*:Enabled:Curse Client"
"C:\\Program Files\\Ventrilo\\Ventrilo.exe"="C:\\Program Files\\Ventrilo\\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Documents and Settings\\Jake\\Local Settings\\Temp\\Blizzard Launcher Temporary - 111c0018\\Launcher.exe"="C:\\Documents and Settings\\Jake\\Local Settings\\Temp\\Blizzard Launcher Temporary - 111c0018\\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Combat Arms\\CombatArms.exe"="C:\\Program Files\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\\Program Files\\Combat Arms\\Engine.exe"="C:\\Program Files\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"

Remaining Files :



Files with Hidden Attributes :

Tue 4 Mar 2008 24 A.SH. --- "C:\WINDOWS\S263800C8.tmp"
Sun 13 Apr 2008 1,695,232 A.SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Sun 13 Apr 2008 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Mon 28 Jan 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 16 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 6 Oct 2008 18,567 A..H. --- "C:\Documents and Settings\Jake\Desktop\backup\~WRL1583.tmp"
Fri 7 Dec 2007 32,838 ..SHR --- "C:\Documents and Settings\Jake\Local Settings\Temp\Juniper Networks\setup\NeoterisSetupApp.exe"

Finished!

#13 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:17 PM

Posted 01 February 2009 - 11:39 PM

Run ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

And then run StartupList and attach the log.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#14 blueviper

blueviper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 02 February 2009 - 03:51 PM

ComboFix 09-02-02.03 - Jake 2009-02-02 15:24:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1579 [GMT -5:00]
Running from: c:\documents and settings\Jake\Desktop\DOWNLOADS\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jake\Application Data\.#
c:\documents and settings\Jake\Application Data\.#\MBX@210@363280.###
c:\documents and settings\Jake\Application Data\.#\MBX@720@903280.###
c:\documents and settings\Jake\Application Data\.#\MBX@BD0@363280.###
c:\documents and settings\Jake\Application Data\.#\MBX@C70@903280.###
c:\documents and settings\Jake\Application Data\.#\MBX@E10@363280.###
c:\documents and settings\Jake\Application Data\.#\MBX@E60@903280.###
c:\documents and settings\Jake\Application Data\inst.exe
c:\documents and settings\Jake\Application Data\SMBOLS~1
c:\windows\system32\BReWErS.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\packet.dll
c:\windows\system32\Process.exe
c:\windows\system32\racle~1
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\tmp28.tmp
c:\windows\system32\tmp29.tmp
c:\windows\system32\tmp82.tmp
c:\windows\system32\tmp83.tmp
c:\windows\system32\VCCLSID.exe
c:\windows\system32\wpcap.dll
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-01-02 to 2009-02-02 )))))))))))))))))))))))))))))))
.

2009-02-01 21:57 . 2009-02-01 21:57 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-02-01 19:41 . 2009-02-01 22:12 <DIR> d-------- C:\SDFix
2009-01-30 16:48 . 2009-01-30 16:49 <DIR> d-------- c:\program files\County Fair
2009-01-28 19:38 . 2009-01-28 19:38 <DIR> d-------- C:\NVIDIA
2009-01-25 22:01 . 2009-01-25 22:06 <DIR> d-------- c:\program files\Bullfighter
2009-01-25 22:01 . 2000-05-22 01:00 203,976 --a------ c:\windows\system32\RichTx32.ocx
2009-01-25 22:01 . 1999-03-25 18:00 101,888 --a------ c:\windows\system32\Vb6stkit.dll
2009-01-25 22:01 . 1998-06-18 01:00 89,360 --a------ c:\windows\system32\Vb5db.dll
2009-01-19 22:11 . 2009-02-02 15:15 4,958,588 --a------ c:\windows\{00000004-00000000-00000001-00001102-00000004-10031102}.BAK
2009-01-19 18:14 . 2009-01-19 18:14 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-19 10:37 . 2002-12-10 02:20 102,439 --a------ c:\windows\system32\sipr3260.dll
2009-01-18 11:44 . 2009-01-31 14:36 <DIR> d-------- c:\program files\DeductionPro 2008
2009-01-18 11:38 . 2009-01-18 11:39 <DIR> d-------- c:\program files\TaxCut08
2009-01-15 15:54 . 2009-01-15 15:54 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-01-15 08:19 . 2009-01-15 08:19 1,253,376 --a------ c:\windows\system32\NvPVEnc.ax
2009-01-14 20:30 . 2009-01-14 20:30 <DIR> d-------- c:\program files\Trend Micro
2009-01-12 14:20 . 2009-01-12 14:21 1,908 --a------ c:\windows\diagwrn.xml
2009-01-12 14:20 . 2009-01-12 14:21 1,908 --a------ c:\windows\diagerr.xml
2009-01-11 17:56 . 2009-01-24 19:49 <DIR> d-------- c:\program files\Cheat Engine
2009-01-11 17:56 . 2007-12-26 17:30 1,970,176 --a------ c:\windows\system32\d3dx9.dll
2009-01-11 17:56 . 2007-12-26 17:30 679,936 --a------ c:\windows\system32\D3DX81ab.dll
2009-01-11 15:31 . 2009-01-11 16:00 <DIR> d-------- c:\documents and settings\Jake\Application Data\Download Manager
2009-01-06 17:38 . 2009-01-09 19:58 <DIR> d-------- c:\program files\Fix-it-up - Kates Adventure
2009-01-03 17:39 . 2009-01-03 17:39 <DIR> d-------- c:\documents and settings\Jake\workspace

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 20:25 --------- d-----w c:\documents and settings\Jake\Application Data\.purple
2009-02-02 20:16 --------- d-----w c:\documents and settings\Jake\Application Data\TeraCopy
2009-02-02 19:17 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-01 22:46 --------- d-----w c:\documents and settings\Jake\Application Data\Move Networks
2009-01-31 22:46 --------- d-----w c:\documents and settings\Jake\Application Data\Skype
2009-01-31 22:45 --------- d-----w c:\documents and settings\Jake\Application Data\skypePM
2009-01-29 00:40 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-29 00:39 --------- d-----w c:\program files\AGEIA Technologies
2009-01-28 18:51 --------- d-----w c:\documents and settings\Jake\Application Data\Ruckus Network
2009-01-27 20:04 --------- d-----w c:\program files\World of Warcraft
2009-01-19 22:52 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-19 15:38 --------- d-----w c:\documents and settings\Jake\Application Data\Vso
2009-01-19 15:26 --------- d-----w c:\program files\Password Safe
2009-01-18 16:44 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-18 16:40 --------- d-----w c:\documents and settings\Jake\Application Data\TaxCut
2009-01-18 16:38 --------- d-----w c:\documents and settings\All Users\Application Data\TaxCut
2009-01-15 21:05 --------- d-----w c:\program files\Steam
2009-01-15 20:33 --------- d-----w c:\documents and settings\Jake\Application Data\uTorrent
2009-01-15 13:19 6,301,248 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2009-01-15 01:29 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-14 22:49 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-14 21:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 21:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-14 02:38 --------- d-----w c:\program files\Pidgin
2009-01-14 02:37 --------- d-----w c:\program files\Common Files\GTK
2009-01-10 22:17 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-01-08 21:57 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-07 14:05 --------- d-----w c:\documents and settings\Jake\Application Data\Juniper Networks
2009-01-07 14:04 38,344 ----a-w c:\windows\system32\drivers\CO_Mon.sys
2009-01-07 14:04 --------- d-----w c:\documents and settings\Jake\Application Data\WholeSecurity
2009-01-03 21:06 --------- d-----w c:\documents and settings\Jake\Application Data\gtk-2.0
2008-12-28 01:12 --------- d-----w c:\program files\NetBeans 6.5
2008-12-27 15:57 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-27 02:23 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2008-12-27 02:20 --------- d-----w c:\documents and settings\All Users\Application Data\Channel4
2008-12-27 01:32 --------- d-----w c:\program files\Common Files\Adobe
2008-12-25 01:41 --------- d-----w c:\program files\Creative
2008-12-25 01:40 --------- d-----w c:\documents and settings\Jake\Application Data\Creative
2008-12-22 00:47 --------- d-----w c:\program files\QuickTime
2008-12-22 00:47 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2008-12-22 00:47 --------- d-----w c:\program files\Java
2008-12-22 00:47 --------- d-----w c:\program files\FlashGet
2008-12-22 00:47 --------- d-----w c:\program files\DivX
2008-12-22 00:47 --------- d-----w c:\program files\DAMN NFO Viewer
2008-12-21 16:40 --------- d-----w c:\documents and settings\Jake\Application Data\DAEMON Tools Pro
2008-12-21 16:40 --------- d-----w c:\documents and settings\Jake\Application Data\DAEMON Tools Lite
2008-12-21 16:40 --------- d-----w c:\documents and settings\Jake\Application Data\DAEMON Tools
2008-12-21 16:39 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2008-12-18 02:44 --------- d-----w c:\program files\Sun
2008-12-18 01:54 --------- d-----w c:\program files\TeraCopy
2008-12-17 23:42 --------- d-----w c:\program files\Defraggler
2008-12-17 21:02 --------- d-----w c:\documents and settings\Jake\Application Data\vlc
2008-12-14 18:21 --------- d-----w c:\documents and settings\Jake\Application Data\Songbird2
2008-12-14 18:15 --------- d-----w c:\documents and settings\Jake\Application Data\InfraRecorder
2008-12-12 00:07 --------- d-----w c:\documents and settings\Jake\Application Data\Foxit
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-06 03:12 215,872 ----a-w c:\windows\system32\drivers\truecrypt.sys
2008-10-23 00:21 22,328 ----a-w c:\documents and settings\Jake\Application Data\PnkBstrK.sys
2008-04-15 20:51 47,360 ----a-w c:\documents and settings\Jake\Application Data\pcouffin.sys
2008-01-29 00:49 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-05-11 15:12 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051120080512\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 c:\windows\system32\Ctxfihlp.exe]
"CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ruckus Player\\Ruckus.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Steam\\steamapps\\jojoyohan\\counter-strike source\\hl2.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"51722:TCP"= 51722:TCP:BT
"51722:UDP"= 51722:UDP:BT

R1 NEOFLTR_550_12415;Juniper Networks TDI Filter Driver (NEOFLTR_550_12415);c:\windows\system32\drivers\NEOFLTR_550_12415.sys [2007-12-07 63008]
R2 uacFlt;Plantronics USB Audio Adapter EQ Filter Driver;c:\windows\system32\drivers\uacflt.sys [2008-01-28 21276]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2008-01-28 3768]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2008-01-28 11596]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2008-10-19 184320]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f4e173a-96dd-11dd-8bb9-00111146e386}]
\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b15f8308-e45f-11dc-8a92-00111146e386}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-10-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 127.0.0.1:80
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: jpmorgan.com\mcpuk1
DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - hxxps://mcpuk1.jpmorgan.com/llclient/webvpn-amer/winxp/AXXPEE.dll
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\Jake\Application Data\Mozilla\Firefox\Profiles\9uaj01hq.default\
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Jake\Application Data\Mozilla\Firefox\Profiles\9uaj01hq.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07100121.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

---- FIREFOX POLICIES ----
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-02 15:27:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]
"Appinit_Dlls"="karna.dat"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\searchindexer.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
c:\program files\Razer\Copperhead\razertra.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-02-02 15:42:29 - machine was rebooted [Jake]
ComboFix-quarantined-files.txt 2009-02-02 20:42:27

Pre-Run: 137,730,441,216 bytes free
Post-Run: 137,603,358,720 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

270 --- E O F --- 2009-01-14 22:49:51



StartupList report, 2/2/2009, 3:50:46 PM
StartupList version 2.02.0
Started from: C:\DOCUME~1\Jake\LOCALS~1\Temp\7zO6.tmp\StartupList.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Logged on as 'Jake' to 'GUESTROOM'
* Using default options (see end of log for possible options)
==================================================

Running processes (36):

[C:\DOCUME~1\Jake\LOCALS~1\Temp\7zO6.tmp\StartupList.exe (43)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\asycfilt.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\ctagent.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSCOMCTL.OCX
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\MSVBVM60.DLL
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTDSAPI.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\wbem\fastprox.dll
C:\WINDOWS\system32\wbem\wbemcomn.dll
C:\WINDOWS\system32\wbem\wbemdisp.dll
C:\WINDOWS\system32\wbem\wbemprox.dll
C:\WINDOWS\system32\wbem\wbemsvc.dll
C:\WINDOWS\system32\wbem\wmiutils.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[C:\Program Files\7-Zip\7zFM.exe (46)]
C:\Program Files\7-Zip\7z.dll
C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL
C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\appHelp.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\System32\CSCDLL.dll
C:\WINDOWS\System32\cscui.dll
C:\WINDOWS\system32\ctagent.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\iertutil.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSImg32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\msxml3.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\Normaliz.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\MSVCR80.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll

[C:\Program Files\Bonjour\mDNSResponder.exe (31)]
C:\WINDOWS\system32\ACTIVEDS.dll
C:\WINDOWS\system32\adsldpc.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\IPHLPAPI.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MPRAPI.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (24)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WSOCK32.dll

[C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (84)]
C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll
C:\Program Files\HP\Digital Imaging\Bin\hpqimgr.dll
c:\program files\hp\digital imaging\bin\hpqmirsc.dll
C:\Program Files\HP\Digital Imaging\bin\ltkrn13n.dll
c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
c:\windows\assembly\gac\hpqmdmr\3.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
c:\windows\assembly\gac\hpqntrop\3.0.0.0__a53cf5803f4c3827\hpqntrop.dll
c:\windows\assembly\gac\hpqprrsc\3.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
c:\windows\assembly\gac\interop.hpdarc\1.0.0.0__19565c63d39c2842\interop.hpdarc.dll
c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.89__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
c:\windows\assembly\gac\lead.drawing\13.0.0.89__9cf889f53ea9b907\lead.drawing.dll
c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
c:\windows\assembly\gac\lead.windows.forms\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.dll
c:\windows\assembly\gac\lead.wrapper\13.0.0.89__9cf889f53ea9b907\lead.wrapper.dll
c:\windows\assembly\gac\lead\13.0.0.89__9cf889f53ea9b907\lead.dll
c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f7bc3533\mscorlib.dll
c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_fc7666e7\system.drawing.dll
c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_b5d4989f\system.windows.forms.dll
c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_78da6ddd\system.xml.dll
c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_0aa3e565\system.dll
c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL
c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll
c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\ATL71.DLL
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\ctagent.dll
C:\WINDOWS\system32\dciman32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\KERNEL32.dll
C:\WINDOWS\system32\MFC71.DLL
C:\WINDOWS\system32\MFC71ENU.DLL
C:\WINDOWS\system32\mscoree.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\MSVCP71.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHFOLDER.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll

[C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (63)]
C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll
C:\Program Files\HP\Digital Imaging\bin\hpoddcomm09.dll
C:\Program Files\HP\Digital Imaging\bin\hpodeb08.dll
C:\Program Files\HP\Digital Imaging\bin\hpodev08.dll
C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll
C:\Program Files\HP\Digital Imaging\bin\hpodvd09.dll
C:\Program Files\HP\Digital Imaging\bin\hposcn08.dll
C:\Program Files\HP\Digital Imaging\bin\hpoSCN08.rsc
C:\Program Files\HP\Digital Imaging\bin\hpoSTD08.dll
C:\Program Files\HP\Digital Imaging\bin\hpoSTD08.rsc
C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll
C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc
C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll
C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll
C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll
C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll
C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc
C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CFGMGR32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\ctagent.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hpzidr12.dll
C:\WINDOWS\system32\hpzipr12.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MFC42.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHFOLDER.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\STI.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\WTSAPI32.DLL
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (17)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[C:\Program Files\iPod\bin\iPodService.exe (29)]
C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL
C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CFGMGR32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\setupapi.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\Wtsapi32.dll
C:\WINDOWS\system32\xpsp2res.dll

[C:\Program Files\iTunes\iTunesHelper.exe (51)]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll
C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
C:\Program Files\QuickTime\QTSystem\QuickTime.qts
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\DCIMAN32.dll
C:\WINDOWS\system32\ddraw.dll
C:\WINDOWS\system32\DSOUND.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\iertutil.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\Normaliz.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\Wtsapi32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll

[C:\Program Files\Java\jre6\bin\jqs.exe (32)]
C:\Program Files\Java\jre6\bin\MSVCR71.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ODBC32.dll
C:\WINDOWS\system32\odbcbcp.dll
C:\WINDOWS\system32\odbcint.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\pdh.dll
C:\WINDOWS\system32\perfdisk.dll
C:\WINDOWS\system32\perfos.dll
C:\WINDOWS\system32\psapi.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[C:\Program Files\Java\jre6\bin\jusched.exe (40)]
C:\Program Files\Bonjour\mdnsNSP.dll
C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\iertutil.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\Iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\mswsock.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\Normaliz.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RASAPI32.dll
C:\WINDOWS\system32\rasman.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\sensapi.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\TAPI32.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (38)]
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDRes.dll
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LgLcdApi.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\DINPUT8.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hhctrl.ocx
C:\WINDOWS\system32\HID.DLL
C:\WINDOWS\system32\imagehlp.dll
C:\WINDOWS\system32\IMM32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSIMG32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\msxml3.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\Wtsapi32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll

[C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe (31)]
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LgLcdApi.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\HID.DLL
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\midimap.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\wdmaud.drv
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (33)]
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDDevices\LCDExtDevMngrEmulator.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\HID.DLL
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSIMG32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\oledlg.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\Wtsapi32.dll
C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll

[C:\Program Files\Mozilla Firefox\firefox.exe (85)]
C:\Program Files\Bonjour\mdnsNSP.dll
C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll
C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL
C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
C:\Program Files\Mozilla Firefox\freebl3.dll
C:\Program Files\Mozilla Firefox\js3250.dll
C:\Program Files\Mozilla Firefox\MOZCRT19.dll
C:\Program Files\Mozilla Firefox\nspr4.dll
C:\Program Files\Mozilla Firefox\nss3.dll
C:\Program Files\Mozilla Firefox\nssckbi.dll
C:\Program Files\Mozilla Firefox\nssdbm3.dll
C:\Program Files\Mozilla Firefox\nssutil3.dll
C:\Program Files\Mozilla Firefox\plc4.dll
C:\Program Files\Mozilla Firefox\plds4.dll
C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
C:\Program Files\Mozilla Firefox\smime3.dll
C:\Program Files\Mozilla Firefox\softokn3.dll
C:\Program Files\Mozilla Firefox\sqlite3.dll
C:\Program Files\Mozilla Firefox\ssl3.dll
C:\Program Files\Mozilla Firefox\xpcom.dll
C:\Program Files\Mozilla Firefox\xul.dll
C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\appHelp.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMDLG32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\CRYPTUI.dll
C:\WINDOWS\System32\CSCDLL.dll
C:\WINDOWS\System32\cscui.dll
C:\WINDOWS\system32\ctagent.dll
C:\WINDOWS\system32\dbghelp.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\iertutil.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.dll
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\mscms.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSIMG32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\msxml3.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\Normaliz.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\shdocvw.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\MSVCR80.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll

[C:\Program Files\Razer\Copperhead\razerhid.exe (33)]
C:\Program Files\Razer\Copperhead\download.dll
C:\Program Files\Razer\Copperhead\ISPdll.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\appHelp.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\iertutil.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSImg32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\wtsapi32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[C:\Program Files\Razer\Copperhead\razerofa.exe (13)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll

[C:\Program Files\Razer\Copperhead\razertra.exe (37)]
C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL
C:\Program Files\Razer\Copperhead\razerlan.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\appHelp.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\iertutil.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSImg32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\Normaliz.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\MSVCR80.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[C:\WINDOWS\explorer.exe (107)]
C:\Program Files\iTunes\iTunesMiniPlayer.dll
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
C:\Program Files\Microsoft Office\Office12\GrooveMisc.dll
C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL
C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\actxprxy.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\appHelp.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\BatMeter.dll
C:\WINDOWS\system32\BROWSEUI.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\credui.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\CRYPTUI.dll
C:\WINDOWS\System32\CSCDLL.dll
C:\WINDOWS\System32\cscui.dll
C:\WINDOWS\system32\ctagent.dll
C:\WINDOWS\System32\davclnt.dll
C:\WINDOWS\system32\dot3api.dll
C:\WINDOWS\system32\dot3dlg.dll
C:\WINDOWS\System32\drprov.dll
C:\WINDOWS\system32\eappcfg.dll
C:\WINDOWS\system32\eappprxy.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\ieframe.dll
C:\WINDOWS\system32\iertutil.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LINKINFO.dll
C:\WINDOWS\system32\midimap.dll
C:\WINDOWS\system32\MLANG.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\MSImg32.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\msxml3.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\System32\NETRAP.dll
C:\WINDOWS\system32\NETSHELL.dll
C:\WINDOWS\System32\NETUI0.dll
C:\WINDOWS\System32\NETUI1.dll
C:\WINDOWS\system32\Normaliz.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\System32\ntlanman.dll
C:\WINDOWS\system32\ntshrui.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\OneX.DLL
C:\WINDOWS\system32\PortableDeviceApi.dll
C:\WINDOWS\system32\PortableDeviceTypes.dll
C:\WINDOWS\system32\POWRPROF.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHDOCVW.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SSDPAPI.dll
C:\WINDOWS\system32\stobject.dll
C:\WINDOWS\system32\themeui.dll
C:\WINDOWS\system32\upnp.dll
C:\WINDOWS\system32\upnpui.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\wdmaud.drv
C:\WINDOWS\system32\webcheck.dll
C:\WINDOWS\system32\WINHTTP.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WTSAPI32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\MSVCR80.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[C:\WINDOWS\system32\acs.exe (33)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\athcfg11.dll
C:\WINDOWS\system32\athcfg11Res.dll
C:\WINDOWS\system32\CFGMGR32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MFC42.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSVCIRT.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\setupapi.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\Comctl32.dll

[C:\WINDOWS\system32\ctfmon.exe (24)]
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSUTB.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[C:\WINDOWS\system32\CTHELPER.EXE (42)]
C:\WINDOWS\CTDCRES.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.DLL
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\ctagent.dll
C:\WINDOWS\SYSTEM32\CTDC0001.DLL
C:\WINDOWS\SYSTEM32\CTDCIFCE.DLL
C:\WINDOWS\SYSTEM32\CTDPROXY.DLL
C:\WINDOWS\SYSTEM32\ctosuser.dll
C:\WINDOWS\system32\ctspkhlp.dll
C:\WINDOWS\system32\DSOUND.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\KsUser.dll
C:\WINDOWS\system32\MFC42.dll
C:\WINDOWS\system32\midimap.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\SYSTEM32\PIAPROXY.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\wdmaud.drv
C:\WINDOWS\SYSTEM32\WINMM.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll

[C:\WINDOWS\system32\HPZipm12.exe (20)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\HPZidr12.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll

[C:\WINDOWS\system32\lsass.exe (57)]
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\AUTHZ.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\dssenh.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\ipsecsvc.dll
C:\WINDOWS\system32\kerberos.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LSASRV.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msprivs.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\netlogon.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTDSAPI.dll
C:\WINDOWS\system32\oakley.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\psbase.dll
C:\WINDOWS\system32\pstorsvc.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\SAMSRV.dll
C:\WINDOWS\system32\scecli.dll
C:\WINDOWS\system32\schannel.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\setupapi.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\w32time.dll
C:\WINDOWS\system32\wdigest.dll
C:\WINDOWS\system32\WINIPSEC.DLL
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[C:\WINDOWS\system32\notepad.exe (26)]
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\ctagent.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll

[C:\WINDOWS\system32\nvsvc32.exe (36)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\nvapi.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\POWRPROF.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\wtsapi32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[C:\WINDOWS\system32\RUNDLL32.EXE (28)]
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\nvapi.dll
C:\WINDOWS\system32\NvMcTray.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[C:\WINDOWS\system32\SearchIndexer.exe (55)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\dbghelp.dll
C:\WINDOWS\system32\en-us\tQuery.dll.mui
C:\WINDOWS\system32\esent.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\infosoft.dll
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LangWrbk.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\Msidle.dll
C:\WINDOWS\system32\msscb.dll
C:\WINDOWS\system32\mssprxy.dll
C:\WINDOWS\system32\MSSRCH.DLL
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\perfproc.dll
C:\WINDOWS\system32\PROPSYS.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\query.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\TQUERY.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\WTSAPI32.dll
C:\WINDOWS\system32\XmlLite.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[C:\WINDOWS\system32\services.exe (26)]
C:\WINDOWS\AppPatch\AcAdProc.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\AUTHZ.dll
C:\WINDOWS\system32\eventlog.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NCObjAPI.DLL
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SCESRV.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\umpnpmgr.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\wtsapi32.dll

[C:\WINDOWS\System32\smss.exe (1)]
C:\WINDOWS\system32\ntdll.dll

[C:\WINDOWS\system32\spoolsv.exe (61)]
C:\Program Files\Bonjour\mdnsNSP.dll
C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\cnbjmon.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hpzlnt12.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\inetpp.dll
C:\WINDOWS\system32\Iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\localspl.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\msonpmon.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\mswsock.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\NETRAP.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTDSAPI.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\pdf995mon.dll
C:\WINDOWS\system32\pjlmon.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\sfc_os.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\msonpppr.dll
C:\WINDOWS\system32\SPOOLSS.DLL
C:\WINDOWS\system32\tcpmon.dll
C:\WINDOWS\system32\usbmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\win32spl.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\winspool.drv
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\MSVCR80.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[C:\WINDOWS\System32\svchost.exe (159)]
C:\Program Files\Bonjour\mdnsNSP.dll
C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
c:\windows\pchealth\helpctr\binaries\pchsvc.dll
C:\WINDOWS\System32\ACTIVEDS.dll
C:\WINDOWS\System32\adsldpc.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
c:\windows\system32\ATL.DLL
c:\windows\system32\audiosrv.dll
c:\windows\system32\AUTHZ.dll
c:\windows\system32\browser.dll
C:\WINDOWS\System32\Cabinet.dll
c:\windows\system32\certcli.dll
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\System32\CLUSAPI.DLL
C:\WINDOWS\system32\colbact.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\system32\comsvcs.dll
c:\windows\system32\credui.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\System32\cryptdll.dll
c:\windows\system32\cryptsvc.dll
C:\WINDOWS\system32\CRYPTUI.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\dot3dlg.dll
c:\windows\system32\EapolQec.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\ersvc.dll
c:\windows\system32\es.dll
c:\windows\system32\ESENT.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\System32\h323.tsp
c:\windows\system32\HID.DLL
C:\WINDOWS\System32\hidphone.tsp
c:\windows\system32\hidserv.dll
C:\WINDOWS\System32\hnetcfg.dll
C:\WINDOWS\system32\iertutil.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\System32\ipconf.tsp
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ipnathlp.dll
C:\WINDOWS\system32\kerberos.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\kmddsp.tsp
C:\WINDOWS\System32\MPRAPI.dll
C:\WINDOWS\System32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
c:\windows\system32\msi.dll
C:\WINDOWS\System32\MSIDLE.DLL
C:\WINDOWS\System32\mspatcha.dll
C:\WINDOWS\system32\msv1_0.dll
c:\windows\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\msxml3.dll
C:\WINDOWS\system32\MTXCLU.DLL
C:\WINDOWS\system32\NCObjAPI.DLL
C:\WINDOWS\System32\ndptsp.tsp
C:\WINDOWS\system32\NETAPI32.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\netman.dll
C:\WINDOWS\System32\NETRAP.dll
c:\windows\system32\netshell.dll
C:\WINDOWS\system32\Normaliz.dll
C:\WINDOWS\system32\ntdll.dll
c:\windows\system32\NTDSAPI.dll
C:\WINDOWS\System32\ntlsapi.dll
C:\WINDOWS\System32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\POWRPROF.dll
C:\WINDOWS\System32\PSAPI.DLL
c:\windows\system32\QUtil.dll
C:\WINDOWS\System32\rasadhlp.dll
C:\WINDOWS\System32\RASAPI32.dll
C:\WINDOWS\System32\raschap.dll
C:\WINDOWS\System32\RASDLG.dll
C:\WINDOWS\System32\rasman.dll
c:\windows\system32\rasmans.dll
C:\WINDOWS\System32\rasppp.dll
C:\WINDOWS\System32\RASQEC.DLL
C:\WINDOWS\System32\rastapi.dll
C:\WINDOWS\System32\rastls.dll
C:\WINDOWS\System32\RESUTILS.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\rsaenh.dll
c:\windows\system32\rtutils.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\System32\SCHANNEL.dll
c:\windows\system32\schedsvc.dll
c:\windows\system32\seclogon.dll
C:\WINDOWS\system32\Secur32.dll
c:\windows\system32\sens.dll
C:\WINDOWS\System32\SETUPAPI.dll
C:\WINDOWS\System32\sfc.dll
C:\WINDOWS\System32\sfc_os.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\System32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\srsvc.dll
c:\windows\system32\srvsvc.dll
C:\WINDOWS\system32\SSDPAPI.dll
C:\WINDOWS\System32\SXS.DLL
C:\WINDOWS\System32\TAPI32.dll
c:\windows\system32\tapisrv.dll
c:\windows\system32\trkwks.dll
C:\WINDOWS\System32\unimdm.tsp
C:\WINDOWS\System32\uniplat.dll
C:\WINDOWS\system32\upnp.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\VSSAPI.DLL
c:\windows\system32\w32time.dll
C:\WINDOWS\system32\wbem\esscli.dll
C:\WINDOWS\system32\wbem\FastProx.dll
C:\WINDOWS\system32\wbem\ncprov.dll
C:\WINDOWS\system32\wbem\repdrvfs.dll
C:\WINDOWS\system32\wbem\wbemcomn.dll
C:\WINDOWS\system32\wbem\wbemcore.dll
C:\WINDOWS\system32\wbem\wbemess.dll
C:\WINDOWS\system32\wbem\wbemsvc.dll
C:\WINDOWS\system32\wbem\wmiprvsd.dll
c:\windows\system32\wbem\wmisvc.dll
C:\WINDOWS\system32\wbem\wmiutils.dll
C:\WINDOWS\System32\WINHTTP.dll
C:\WINDOWS\system32\WININET.dll
c:\windows\system32\WINIPSEC.DLL
C:\WINDOWS\System32\WINMM.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\System32\WinSCard.dll
C:\WINDOWS\System32\winspool.drv
C:\WINDOWS\System32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
c:\windows\system32\wkssvc.dll
C:\WINDOWS\system32\WLDAP32.dll
c:\windows\system32\WMI.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\wscsvc.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WSOCK32.dll
c:\windows\system32\WTSAPI32.dll
C:\WINDOWS\system32\wuaueng.dll
c:\windows\system32\wuauserv.dll
c:\windows\system32\WZCSAPI.DLL
c:\windows\system32\wzcsvc.dll
C:\WINDOWS\System32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[C:\WINDOWS\System32\svchost.exe (33)]
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\System32\HTTPAPI.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\System32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\System32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\System32\strmfilt.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
c:\windows\system32\w3ssl.dll
C:\WINDOWS\System32\WINMM.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\System32\WS2_32.dll
C:\WINDOWS\System32\WS2HELP.dll
C:\WINDOWS\System32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[C:\WINDOWS\system32\svchost.exe (38)]
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\actxprxy.dll
C:\WINDOWS\system32\ADVAPI32.dll
c:\windows\system32\CFGMGR32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hpgwiamd.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
c:\windows\system32\mscms.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
c:\windows\system32\setupapi.DLL
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
c:\windows\system32\wiaservc.dll
C:\WINDOWS\system32\WINMM.dll
c:\windows\system32\WINSPOOL.DRV
c:\windows\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[C:\WINDOWS\system32\svchost.exe (48)]
C:\WINDOWS\AppPatch\AcGenral.DLL
c:\windows\system32\ACTIVEDS.dll
c:\windows\system32\adsldpc.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
c:\windows\system32\ATL.DLL
c:\windows\system32\AUTHZ.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
c:\windows\system32\ICAAPI.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msi.dll
c:\windows\system32\mstlsapi.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\REGAPI.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\Secur32.dll
c:\windows\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
c:\windows\system32\termsrv.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[C:\WINDOWS\system32\winlogon.exe (64)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\AUTHZ.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\cscdll.dll
C:\WINDOWS\system32\cscui.dll
C:\WINDOWS\System32\dimsntfy.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\midimap.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSGINA.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NDdeApi.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ODBC32.dll
C:\WINDOWS\system32\odbcint.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PROFMAP.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\REGAPI.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\sfc.dll
C:\WINDOWS\system32\sfc_os.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SHSVCS.dll
C:\WINDOWS\system32\sxs.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\wdmaud.drv
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSCARD.DLL
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WlNotify.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WTSAPI32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

--------------------

Autostart folders:

[Startup (2)]
AutorunsDisabled
desktop.ini

[User Startup (2)]
AutorunsDisabled
desktop.ini

[Common Startup (4)]
AutorunsDisabled
desktop.ini
HP Digital Imaging Monitor.lnk
HP Image Zone Fast Start.lnk

[User Common Startup (4)]
AutorunsDisabled
desktop.ini
HP Digital Imaging Monitor.lnk
HP Image Zone Fast Start.lnk

--------------------

Task Scheduler jobs (1):

AppleSoftwareUpdate.job

--------------------

IniMapping values:

System NT shell = Explorer.exe

--------------------

Autostarting batch files:

[autoexec.nt]
@echo off
lh %SystemRoot%\system32\mscdexnt.exe
lh %SystemRoot%\system32\redir
lh %SystemRoot%\system32\dosx
SET BLASTER=A220 I5 D1 P330 T3

[config.nt]
dos=high, umb
device=%SystemRoot%\system32\himem.sys
files=40

--------------------

On-reboot actions:

BootExecute = autocheck autochk *

--------------------

Shell commands:

.bat - MS-DOS Batch File - "%1" %*
.cmd - Windows NT Command Script - "%1" %*
.com - MS-DOS Application - "%1" %*
.exe - Application - "%1" %*
.hta - HTML Application - C:\WINDOWS\system32\mshta.exe "%1" %*
.js - JScript Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.jse - JScript Encoded Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.pif - Shortcut to MS-DOS Program - "%1" %*
.scr - Screen Saver - "%1" /S
.txt - Text Document - "C:\Program Files\TextPad 5\TextPad.exe" -s
.vbe - VBScript Encoded Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.vbs - VBScript Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.wsf - Windows Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.wsh - Windows Script Host Settings File - C:\WINDOWS\System32\WScript.exe "%1" %*

--------------------

Services:

[NT Services (41)]
Apple Mobile Device = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Atheros Configuration Service = C:\WINDOWS\system32\acs.exe
Automatic Updates = C:\WINDOWS\system32\svchost.exe -k netsvcs
Bonjour Service = "C:\Program Files\Bonjour\mDNSResponder.exe"
Computer Browser = C:\WINDOWS\system32\svchost.exe -k netsvcs
Cryptographic Services = C:\WINDOWS\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher = C:\WINDOWS\system32\svchost -k DcomLaunch
DHCP Client = C:\WINDOWS\system32\svchost.exe -k netsvcs
Distributed Link Tracking Client = C:\WINDOWS\system32\svchost.exe -k netsvcs
DNS Client = C:\WINDOWS\system32\svchost.exe -k NetworkService
Error Reporting Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
Event Log = C:\WINDOWS\system32\services.exe
Help and Support = C:\WINDOWS\System32\svchost.exe -k netsvcs
HID Input Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
IPSEC Services = C:\WINDOWS\system32\lsass.exe
Java Quick Starter = "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
NVIDIA Display Driver Service = C:\WINDOWS\system32\nvsvc32.exe
Plug and Play = C:\WINDOWS\system32\services.exe
Pml Driver HPZ12 = C:\WINDOWS\system32\HPZipm12.exe
Print Spooler = C:\WINDOWS\system32\spoolsv.exe
Protected Storage = C:\WINDOWS\system32\lsass.exe
Remote Procedure Call (RPC) = C:\WINDOWS\system32\svchost -k rpcss
Secondary Logon = C:\WINDOWS\System32\svchost.exe -k netsvcs
Security Accounts Manager = C:\WINDOWS\system32\lsass.exe
Security Center = C:\WINDOWS\System32\svchost.exe -k netsvcs
Server = C:\WINDOWS\system32\svchost.exe -k netsvcs
Shell Hardware Detection = C:\WINDOWS\System32\svchost.exe -k netsvcs
System Event Notification = C:\WINDOWS\system32\svchost.exe -k netsvcs
System Restore Service = C:\WINDOWS\system32\svchost.exe -k netsvcs
Task Scheduler = C:\WINDOWS\System32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper = C:\WINDOWS\system32\svchost.exe -k LocalService
Themes = C:\WINDOWS\System32\svchost.exe -k netsvcs
WebClient = C:\WINDOWS\system32\svchost.exe -k LocalService
Windows Audio = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Firewall/Internet Connection Sharing (ICS) = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Image Acquisition (WIA) = C:\WINDOWS\system32\svchost.exe -k imgsvc
Windows Management Instrumentation = C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Search = C:\WINDOWS\system32\SearchIndexer.exe /Embedding
Windows Time = C:\WINDOWS\System32\svchost.exe -k netsvcs
Wireless Zero Configuration = C:\WINDOWS\System32\svchost.exe -k netsvcs
Workstation = C:\WINDOWS\system32\svchost.exe -k netsvcs

[SafeBoot services (Minimal boot)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
dmboot.sys
dmio.sys
dmload.sys
sermouse.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
PCI Configuration
PNP Filter
Primary disk
SCSI Class
System Bus Extender

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
aawservice
AppMgmt
CryptSvc
DcomLaunch
dmadmin
dmserver
EventLog
HelpSvc
Netlogon
PlugPlay
RpcSs
SRService
vds
WinMgmt

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}

* Volume shadow copy *
{533C5B84-EC70-11D2-9505-00C04F79DEAF}


[SafeBoot services (Minimal boot + network support)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
dmboot.sys
dmio.sys
dmload.sys
ip6fw.sys
ipnat.sys
rdpcdd.sys
rdpdd.sys
rdpwd.sys
sermouse.sys
tdpipe.sys
tdtcp.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
NDIS
NDIS Wrapper
NetBIOSGroup
NetDDEGroup
Network
NetworkProvider
PCI Configuration
PNP Filter
PNP_TDI
Primary disk
SCSI Class
Streams Drivers
System Bus Extender
TDI

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* Net *
{4D36E972-E325-11CE-BFC1-08002BE10318}

* NetClient *
{4D36E973-E325-11CE-BFC1-08002BE10318}

* NetService *
{4D36E974-E325-11CE-BFC1-08002BE10318}

* NetTrans *
{4D36E975-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
aawservice
AFD
AppMgmt
Browser
CryptSvc
DcomLaunch
Dhcp
dmadmin
dmserver
DnsCache
EventLog
HelpSvc
LanmanServer
LanmanWorkstation
LmHosts
Messenger
Ndisuio
NetBIOS
NetBT
Netlogon
NetMan
NtLmSsp
PlugPlay
rdsessmgr
RpcSs
SharedAccess
SRService
Tcpip
termservice
WinMgmt
WZCSVC

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}


[SafeBoot: Alternate shell]
cmd.exe (not enabled)

--------------------

Driver filters:

[Class filters]
* Disk drives *
- Upper filters
PartMgr.sys

* DVD/CD-ROM drives *
- Upper filters
GEARAspiWDM.sys

* Infrared devices *
- Upper filters
IRENUM.sys

* Keyboards *
- Upper filters
kbdclass.sys

* Medium Changers *
- Upper filters
GEARAspiWDM.sys

* Mice and other pointing devices *
- Upper filters
mouclass.sys

* Storage volumes *
- Upper filters
VolSnap.sys

* Tape drives *
- Upper filters
GEARAspiWDM.sys



[Device filters]
* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* Communications Port *
- Upper filters
serenum.sys

* Direct Parallel *
- Lower filters
PtiLink.sys

* Plantronics USB Audio Adapter *
- Upper filters
UacFlt.sys

* Razer Copperhead USB Mouse *
- Lower filters
UsbFltr.sys

* Razer Copperhead USB Mouse *
- Lower filters
UsbFltr.sys

* Terminal Server Keyboard Driver *
- Upper filters
kbdclass.sys

* Terminal Server Mouse Driver *
- Upper filters
mouclass.sys

* WAN Miniport (IP) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPPOE) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPTP) *
- Lower filters
NdisTapi.sys



--------------------

Print monitors (8):

BJ Language Monitor - cnbjmon.dll
hpzlnt12 - hpzlnt12.dll
Local Port - localspl.dll
PDF995 Monitor - pdf995mon.dll
PJL Language Monitor - pjlmon.dll
Send To Microsoft OneNote Monitor - msonpmon.dll
Standard TCP/IP Port - tcpmon.dll
USB Monitor - usbmon.dll

--------------------

WinLogon autoruns:

UserInit = C:\WINDOWS\system32\userinit.exe,
VmApplet = rundll32 shell32,Control_RunDLL "sysdm.cpl"

[Notify (10)]
crypt32chain = crypt32.dll
cryptnet = cryptnet.dll
cscdll = cscdll.dll
dimsntfy = %SystemRoot%\System32\dimsntfy.dll
ScCertProp = wlnotify.dll
Schedule = wlnotify.dll
sclgntfy = sclgntfy.dll
SensLogn = WlNotify.dll
termsrv = wlnotify.dll
wlballoon = wlnotify.dll

[Group policy extensions (9)]
Microsoft Disk Quota = dskquota.dll
Internet Explorer Zonemapping = iedkcs32.dll
Windows Search Group Policy Extension = %SystemRoot%\System32\srchadmin.dll
Security = scecli.dll
Internet Explorer Branding = iedkcs32.dll
EFS recovery = scecli.dll
802.3 Group Policy = dot3gpclnt.dll
Microsoft Offline Files = %SystemRoot%\System32\cscui.dll
Software Installation = appmgmts.dll

--------------------

Policies:

[This user]
* Primary policies *
- (6)
A2271109-F10C-49FA-AB3D-A26A2F1E9895 = {AC9A633D-CC6C-4569-BAFE-2ACE9E26CD9E}
E628A196-F4D0-42c8-B4FD-85588053362E = {8E066694-2FE5-4907-86BA-68D89350506E}
590B764B-1AAA-45dd-84B1-67B39C3D89BD = {87578F63-FA98-4C1C-8281-F610FFB7AB73}
6358B007-B0A4-45b6-B3CC-486BA4906109 = {5C35C6B4-2BE8-4BFF-85EE-9686218BE403}
205F0409-5B2C-447A-84B7-E0CE7CA5AECE = {7FCA6383-2649-4EC3-8BDC-05F201918C6D}
4E9BCA8A-3B2C-46f9-B779-318E7C5CF5BF = {C22F2827-F112-4CF9-B710-8770BE8E4D7D}

* Alternate policies *
- Software\Microsoft\Windows\CurrentVersion\policies\Explorer (3)
NoDriveTypeAutoRun = dword: 323
NoDriveAutoRun = dword: 67108863
NoDrives = dword: 0

- (6)
A2271109-F10C-49FA-AB3D-A26A2F1E9895 = {AC9A633D-CC6C-4569-BAFE-2ACE9E26CD9E}
E628A196-F4D0-42c8-B4FD-85588053362E = {8E066694-2FE5-4907-86BA-68D89350506E}
590B764B-1AAA-45dd-84B1-67B39C3D89BD = {87578F63-FA98-4C1C-8281-F610FFB7AB73}
6358B007-B0A4-45b6-B3CC-486BA4906109 = {5C35C6B4-2BE8-4BFF-85EE-9686218BE403}
205F0409-5B2C-447A-84B7-E0CE7CA5AECE = {7FCA6383-2649-4EC3-8BDC-05F201918C6D}
4E9BCA8A-3B2C-46f9-B779-318E7C5CF5BF = {C22F2827-F112-4CF9-B710-8770BE8E4D7D}



[All users]
* Primary policies *
- Software\Policies\Microsoft\Windows\BITS (1)
MaxFilesPerJob = dword: 20000

- Software\Policies\Microsoft\Windows\Installer (1)
EnableAdminTSRemote = dword: 1

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000} (7)
ClassName = ipsecFilter
description = Matches all ICMP packets between this computer and any other computer.
name = ipsecFilter{72385235-70fa-11d1-864c-14a300000000}
ipsecName = All ICMP Traffic
ipsecID = {72385235-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1201562370

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000} (7)
ClassName = ipsecFilter
description = Matches all IP packets from this computer to any other computer, except broadcast, multicast, Kerberos, RSVP and ISAKMP (IKE).
name = ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}
ipsecName = All IP Traffic
ipsecID = {7238523a-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1201562370

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}
ipsecID = {72385231-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1201562370

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}
ipsecID = {72385234-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1201562370

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}
ipsecID = {72385237-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1201562370

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}
ipsecID = {7238523d-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1201562370

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Accepts unsecured communication, but requests clients to establish trust and security methods. Will communicate insecurely to untrusted clients if they do not respond to request.
name = ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}
ipsecName = Request Security (Optional)
ipsecID = {72385233-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {3f91a81a-7647-11d1-864d-d46a00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1201562370

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Permit unsecured IP packets to pass through.
name = ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
ipsecName = Permit
ipsecID = {7238523b-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {8a171dd2-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1201562370

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients.
name = ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}
ipsecName = Require Security
ipsecID = {7238523f-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {3f91a81a-7647-11d1-864d-d46a00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1201562370

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{80e4a6d3-38e6-49c6-9bb3-9b648086955c} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{80e4a6d3-38e6-49c6-9bb3-9b648086955c}
ipsecID = {80e4a6d3-38e6-49c6-9bb3-9b648086955c}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1201562370

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{def7beac-8f5c-464a-ab45-bc0ef726cfe3} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{def7beac-8f5c-464a-ab45-bc0ef726cfe3}
ipsecID = {def7beac-8f5c-464a-ab45-bc0ef726cfe3}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1201562370

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{fca60808-1a5f-4de9-aaf4-e273bee78a87} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{fca60808-1a5f-4de9-aaf4-e273bee78a87}
ipsecID = {fca60808-1a5f-4de9-aaf4-e273bee78a87}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1201562370

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{049ae4d4-5c6b-482a-bf4d-8d92fc6a56cb} (8)
ClassName = ipsecNFA
name = ipsecNFA{049ae4d4-5c6b-482a-bf4d-8d92fc6a56cb}
ipsecName = Request Security (Optional) Rule
description = For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request.
ipsecID = {049ae4d4-5c6b-482a-bf4d-8d92fc6a56cb}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1201562370

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{22912789-83b1-4bf3-ba3b-9e96f5b5b6b1} (6)
ClassName = ipsecNFA
name = ipsecNFA{22912789-83b1-4bf3-ba3b-9e96f5b5b6b1}
ipsecID = {22912789-83b1-4bf3-ba3b-9e96f5b5b6b1}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{fca60808-1a5f-4de9-aaf4-e273bee78a87}
whenChanged = dword: 1201562370

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{4b252208-b108-4d44-99b7-3bac9bfb2235} (8)
ClassName = ipsecNFA
name = ipsecNFA{4b252208-b108-4d44-99b7-3bac9bfb2235}
ipsecName = Require Security
description = Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients.
ipsecID = {4b252208-b108-4d44-99b7-3bac9bfb2235}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1201562370

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{9eede2a6-3dcb-449c-9f6c-d60a31ad2a2a} (6)
ClassName = ipsecNFA
name = ipsecNFA{9eede2a6-3dcb-449c-9f6c-d60a31ad2a2a}
ipsecID = {9eede2a6-3dcb-449c-9f6c-d60a31ad2a2a}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{def7beac-8f5c-464a-ab45-bc0ef726cfe3}
whenChanged = dword: 1201562370

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{c64b323f-4ef2-4990-b20f-78e9c951ca0c} (6)
ClassName = ipsecNFA
name = ipsecNFA{c64b323f-4ef2-4990-b20f-78e9c951ca0c}
ipsecID = {c64b323f-4ef2-4990-b20f-78e9c951ca0c}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{80e4a6d3-38e6-49c6-9bb3-9b648086955c}
whenChanged = dword: 1201562370

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{e26b5fda-c37a-4fbb-9743-922f8379ba65} (8)
ClassName = ipsecNFA
name = ipsecNFA{e26b5fda-c37a-4fbb-9743-922f8379ba65}
ipsecName = Permit unsecure ICMP packets to pass through.
description = Permit unsecure ICMP packets to pass through.
ipsecID = {e26b5fda-c37a-4fbb-9743-922f8379ba65}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1201562370

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{fab09589-0142-4482-adc4-4391748cb2dd} (8)
ClassName = ipsecNFA
name = ipsecNFA{fab09589-0142-4482-adc4-4391748cb2dd}
ipsecName = Permit unsecure ICMP packets to pass through.
description = Permit unsecure ICMP packets to pass through.
ipsecID = {fab09589-0142-4482-adc4-4391748cb2dd}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1201562370

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request.
name = ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}
ipsecName = Server (Request Security)
ipsecID = {72385230-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1201562370

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = Communicate normally (unsecured). Use the default response rule to negotiate with servers that request security. Only the requested protocol and port traffic with that server is secured.
name = ipsecPolicy{72385236-70fa-11d1-864c-14a300000000}
ipsecName = Client (Respond Only)
ipsecID = {72385236-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1201562370

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = For all IP traffic, always require security using Kerberos trust. Do NOT allow unsecured communication with untrusted clients.
name = ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}
ipsecName = Secure Server (Require Security)
ipsecID = {7238523c-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1201562370

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers (4)
TransparentEnabled = dword: 1
DefaultLevel = dword: 262144
AuthenticodeEnabled = dword: 0
PolicyScope = dword: 0

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} (4)
Description = Stop the download of this file
FriendlyName = Mdac11.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} (4)
Description = Stop the download of this file
FriendlyName = mdac20.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} (4)
Description = Stop the download of this file
FriendlyName = mdac20_a.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} (4)
Description = Stop the download of this file
FriendlyName = _msadc10.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} (4)
Description = Stop the download of this file
FriendlyName = msadc11.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} (2)
Description =
SaferFlags = dword: 0

- Software\Policies\Microsoft\Windows\System (1)
Allow-LogonScript-NetbiosDisabled = dword: 1

- Software\Policies\Microsoft\Windows\WiredL2\GP_Policy (1)
@ =

* Alternate policies *
- Software\Microsoft\Windows\CurrentVersion\policies\Explorer (3)
NoDriveAutoRun = dword: 67108863
NoDriveTypeAutoRun = dword: 323
NoDrives = dword: 0

- Software\Microsoft\Windows\CurrentVersion\policies\NonEnum (3)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = dword: 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = dword: 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = dword: 32

- Software\Microsoft\Windows\CurrentVersion\policies\system (6)
dontdisplaylastusername = dword: 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = dword: 1
undockwithoutlogon = dword: 1
DisableRegistryTools = dword: 0



--------------------

Browser Helper Objects (4):

Java™ Plug-In 2 SSV Helper = {DBC80044-A445-435b-BC74-9C25C1C588A9} = C:\Program Files\Java\jre6\bin\jp2ssv.dll
JQSIEStartDetectorImpl = {E7E6F031-17CE-4C07-BC86-EABFE594F69C} = C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Skype add-on (mastermind) = {22BF413B-C6D2-4d91-82A9-A0F997BA588C} = C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSVHelper Class = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} = C:\Program Files\Java\jre6\bin\ssv.dll

--------------------

ActiveX objects (15):

BASEIE40_W2K - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
BRANDING.CAB - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
BRANDING.CAB - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
DOTNETFRAMEWORKS - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
IE4Shell_NT - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
IEACCESS - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
IEUDINIT - {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
MailNews - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
Messenger - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
NetMeeting - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
OEACCESS - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
Theme Component - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
WAB - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
WMPACCESS - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

--------------------

Internet Explorer toolbars:

[This user]
* ShellBrowser (1) *
&Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll


--------------------

Internet Explorer buttons/tools (7):

- -
Sun Java Console - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
Send to OneNote - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Research - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
@xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

--------------------

Internet Explorer menu extensions:

[This user (1)]
E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

--------------------

Internet Explorer Bands (9):

Groove Folder Synchronization - {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
IE Search Band - {30D02401-6A81-11d0-8274-00C04FD5AE38} - C:\WINDOWS\system32\ieframe.dll
&Tip of the Day - {4D5C8C25-D075-11d0-B416-00C04FB90376} - C:\WINDOWS\system32\shdocvw.dll
&Discuss - {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} - shdocvw.dll
File Search Explorer Band - {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - C:\WINDOWS\system32\SHELL32.dll
Favorites Band - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
History Band - {EFA24E62-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
Explorer Band - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
&Research - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

--------------------

Downloaded Program Files (10):

Confidence Online for Web Applications - {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - C:\Documents and Settings\Jake\Application Data\WholeSecurity\AXXPEE.dll - https://mcpuk1.jpmorgan.com/llclient/webvpn...inxp/AXXPEE.dll
(no name) - {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - (no file) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
F-Secure Health Check 1.0 - {5CE72DD0-4695-4D18-A4D3-3367ACD37578} - C:\WINDOWS\Downloaded Program Files\fscax.dll - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab
Creative Software AutoUpdate - {6C269571-C6D7-4818-BCA4-32A035E8C884} - C:\WINDOWS\DOWNLO~1\CTSUEngn.ocx - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab
MUWebControl Class - {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - C:\WINDOWS\system32\muweb.dll - http://update.microsoft.com/microsoftupdat...b?1219198089453
Java Runtime Environment 1.6.0 - {8AD9C840-044E-11D1-B3E9-00805F499D93} - C:\Program Files\Java\jre6\bin\jp2iexp.dll - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
(no name) - {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - (no file) - http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab
Java Runtime Environment 1.6.0 - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - C:\Program Files\Java\jre6\bin\jp2iexp.dll - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
Java Runtime Environment 1.6.0 - {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
Creative Software AutoUpdate Support Package - {F6ACF75C-C32C-447B-9BEF-46B766368D29} - C:\WINDOWS\DOWNLO~1\CTPID.ocx - http://www.creative.com/softwareupdate/su/...15106/CTPID.cab

--------------------

URL search hooks:

[This user (1)]
Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll

--------------------

Explorer clones:

C:\WINDOWS\explorer.exe

--------------------

Image File Execution Options (1):

Your Image File Name Here without a path = ntsd -d

--------------------

ContextMenuHandlers:

[* (10)]
7-Zip = {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zip.dll
Notepad++ = {120B94B5-2E6A-4F13-94D0-414BCB64FA0F} = C:\Program Files\Notepad++\nppcm.dll
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll
Open With = {09799AFB-AD67-11d1-ABCD-00C04FC30936} = C:\WINDOWS\system32\SHELL32.dll
Open With EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = C:\WINDOWS\system32\SHELL32.dll
Start Menu Pin = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = C:\WINDOWS\system32\SHELL32.dll
TeraCopy = {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} = C:\Program Files\TeraCopy\TeraCopyExt.dll
TextPad = {ABECE8A0-FF84-4efb-82AE-9B3181CE097D} = C:\Program Files\TextPad 5\System\shellext32.dll
WinRAR = {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX = {6C467336-8281-4E60-8204-430CED96822D} = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

[Drive (6)]
Disk Copy Extension = {59099400-57FF-11CE-BD94-0020AF85B590} = diskcopy.dll
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll
Portable Devices Menu = {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} = C:\WINDOWS\system32\wpdshext.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
ShellFolder for CD Burning = {fbeb8a05-beee-4442-804e-409d6c4515e9} = C:\WINDOWS\system32\SHELL32.dll
TeraCopy = {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} = C:\Program Files\TeraCopy\TeraCopyExt.dll

[Folder (5)]
MBAMShlExt = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
TeraCopy = {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} = C:\Program Files\TeraCopy\TeraCopyExt.dll
UnlockerShellExtension = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll
WinRAR = {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX = {6C467336-8281-4E60-8204-430CED96822D} = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

[CompressedFolder (1)]
Compressed (zipped) Folder Context Menu = {b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} = C:\WINDOWS\system32\zipfldr.dll

[Directory (7)]
7-Zip = {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zip.dll
EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = C:\WINDOWS\system32\SHELL32.dll
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
TeraCopy = {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} = C:\Program Files\TeraCopy\TeraCopyExt.dll
WinRAR = {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX = {6C467336-8281-4E60-8204-430CED96822D} = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

[Directory\Background (5)]
00nView = {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll
New = {D969A300-E7FF-11d0-A93B-00A0C90F2719} = C:\WINDOWS\system32\SHELL32.dll
NvCplDesktopContext = {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll
TeraCopy = {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} = C:\Program Files\TeraCopy\TeraCopyExt.dll
XXX Groove GFS Context Menu Handler XXX = {6C467336-8281-4E60-8204-430CED96822D} = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

[InternetShortcut (2)]
Internet Shortcut = {FBF23B40-E3F0-101B-8488-00AA003E56F8} = C:\WINDOWS\system32\ieframe.dll
TeraCopy = {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} = C:\Program Files\TeraCopy\TeraCopyExt.dll

[AllFileSystemObjects (4)]
MBAMShlExt = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
Send To = {7BA4C740-9E81-11CF-99D3-00AA004AE837} = C:\WINDOWS\system32\SHELL32.dll
UnlockerShellExtension = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll
XXX Groove GFS Context Menu Handler XXX = {6C467336-8281-4E60-8204-430CED96822D} = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

--------------------

ColumnHandlers (4):

(no name) - {0D2E74C4-3C34-11d2-A27E-00C04FC30871} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {24F14F01-7B1C-11d1-838f-0000F80461CF} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {24F14F02-7B1C-11d1-838f-0000F80461CF} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {66742402-F9B9-11D1-A202-0000F81FEDEE} - C:\WINDOWS\system32\SHELL32.dll

--------------------

ShellExecuteHooks (3):

Groove GFS Stub Execution Hook = {56F9679E-7826-4C84-81F3-532071A8BCC5} = C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
Groove GFS Stub Execution Hook = {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
URL Exec Hook = {AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

--------------------

Approved Shell Extensions:

[All users (231)]
%DESC_PublishDropTarget% - {60fd46de-f830-4894-a628-6fa81bc0190d} - C:\WINDOWS\system32\photowiz.dll
&Address - {01E04581-4EEE-11d0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll
&Links - {F2CF5485-4E02-4f68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll
.CAB file viewer - {0CD7A5C0-9F37-11CE-AE65-08002B2E1262} - cabview.dll
7-Zip Shell Extension - {23170F69-40C1-278A-1000-000100020000} - C:\Program Files\7-Zip\7-zip.dll
Accessible - {7e653215-fa25-46bd-a339-34a2790f3cb7} - C:\WINDOWS\system32\browseui.dll
ActiveX Cache Folder - {88C6C381-2E85-11D0-94DE-444553540000} - C:\WINDOWS\system32\occache.dll
Address EditBox - {A08C11D2-A228-11d0-825B-00AA005B4383} - C:\WINDOWS\system32\browseui.dll
Administrative Tools - {D20EA4E1-3957-11d2-A40B-0C5020524153} - C:\WINDOWS\system32\shdocvw.dll
Audio Media Properties Handler - {875CB1A1-0F29-45de-A1AE-CFB4950D0B78} - C:\WINDOWS\system32\shmedia.dll
Augmented Shell Folder - {91EA3F8B-C99B-11d0-9815-00C04FD91972} - C:\WINDOWS\system32\browseui.dll
Augmented Shell Folder 2 - {6413BA2C-B461-11d1-A18A-080036B11A03} - C:\WINDOWS\system32\browseui.dll
Auto Update Property Sheet Extension - {5F327514-6C5E-4d60-8F16-D07FA08A78ED} - C:\WINDOWS\system32\wuaucpl.cpl
Autoplay for SlideShow - {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} -
Avi Properties Handler - {87D62D94-71B3-4b9a-9489-5FE6850DC73E} - C:\WINDOWS\system32\shmedia.dll
BandProxy - {F61FFEC1-754F-11d0-80CA-00AA005B4383} - C:\WINDOWS\system32\browseui.dll
Briefcase - {85BBD920-42A0-1069-A2E4-08002B30309D} - syncui.dll
CDF Extension Copy Hook - {67EA19A0-CCEF-11d0-8024-00C04FD75D13} - C:\WINDOWS\system32\shdocvw.dll
Code Download Agent - {7D559C10-9FE9-11d0-93F7-00AA0059CE02} - C:\WINDOWS\system32\webcheck.dll
Compatibility Page - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} - SlayerXP.dll
Compressed (zipped) Folder - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} - C:\WINDOWS\system32\zipfldr.dll
Compressed (zipped) Folder Right Drag Handler - {BD472F60-27FA-11cf-B8B4-444553540000} - C:\WINDOWS\system32\zipfldr.dll
Compressed (zipped) Folder SendTo Target - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} - C:\WINDOWS\system32\zipfldr.dll
ConnectionAgent - {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} - C:\WINDOWS\system32\webcheck.dll
Crypto PKO Extension - {7444C717-39BF-11D1-8CD9-00C04FC29D45} - C:\WINDOWS\system32\cryptext.dll
Crypto Sign Extension - {7444C719-39BF-11D1-8CD9-00C04FC29D45} - C:\WINDOWS\system32\cryptext.dll
Custom MRU AutoCompleted List - {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} - C:\WINDOWS\system32\browseui.dll
Darwin App Publisher - {CFCCC7A0-A282-11D1-9082-006008059382} - C:\WINDOWS\system32\appwiz.cpl
Desktop Explorer - {1CDB2949-8F65-4355-8456-263E7C208A5D} - C:\WINDOWS\system32\nvshell.dll
Desktop Explorer Menu - {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - C:\WINDOWS\system32\nvshell.dll
DfsShell - {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} - C:\WINDOWS\system32\dfsshlex.dll
Directory Context Menu Verbs - {62AE1F9A-126A-11D0-A14B-0800361B1103} - C:\WINDOWS\system32\dsuiext.dll
Directory Object Find - {163FDC20-2ABC-11d0-88F0-00A024AB2DBB} - C:\WINDOWS\system32\dsquery.dll
Directory Property UI - {0D45D530-764B-11d0-A1CA-00AA00C16E65} - C:\WINDOWS\system32\dsuiext.dll
Directory Query UI - {8A23E65E-31C2-11d0-891C-00A024AB2DBB} - C:\WINDOWS\system32\dsquery.dll
Directory Start/Search Find - {F020E586-5264-11d1-A532-0000F8757D7E} - C:\WINDOWS\system32\dsquery.dll
Disk Copy Extension - {59099400-57FF-11CE-BD94-0020AF85B590} - diskcopy.dll
Disk Quota UI - {7988B573-EC89-11cf-9C00-00AA00A14F56} - dskquoui.dll
Display Adapter CPL Extension - {42071712-76d4-11d1-8b24-00a0c9068ff3} - deskadp.dll
Display Monitor CPL Extension - {42071713-76d4-11d1-8b24-00a0c9068ff3} - deskmon.dll
Display Panning CPL Extension - {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll
Display TroubleShoot CPL Extension - {f92e8c40-3d33-11d2-b1aa-080036a75b03} - deskperf.dll
Download Status - {22BF0C20-6DA7-11D0-B373-00A0C9034938} - C:\WINDOWS\system32\browseui.dll
DS Security Page - {4E40F770-369C-11d0-8922-00A024AB2DBB} - dssec.dll
E-mail - {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Encryption Context Menu - {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} -
Explorer Band - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
Extensions Manager Folder - {692F0339-CBAA-47e6-B5B5-3B84DB604E87} - C:\WINDOWS\system32\extmgr.dll
Favorites Band - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
Fonts - {BD84B380-8CA2-1069-AB1D-08000948F534} - fontext.dll
Fonts - {D20EA4E1-3957-11d2-A40B-0C5020524152} - C:\WINDOWS\system32\shdocvw.dll
For &People... - {32714800-2E5F-11d0-8B85-00AA0044F941} - C:\Program Files\Outlook Express\wabfind.dll
FTP Folders Webview - {63da6ec0-2e98-11cf-8d82-444553540000} - C:\WINDOWS\system32\msieftp.dll
Fusion Cache - {1D2680C9-0E2A-469d-B787-065558BC7D43} - c:\WINDOWS\system32\mscoree.dll
GDI+ file thumbnail extractor - {3F30C968-480A-4C6C-862D-EFC0897BB84B} - C:\WINDOWS\system32\shimgvw.dll
Get a Passport Wizard - {58f1f272-9240-4f51-b6d4-fd63d1618591} - C:\WINDOWS\system32\netplwiz.dll
Global Folder Settings - {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} - C:\WINDOWS\system32\browseui.dll
Groove Explorer Icon Overlay 1 (GFS Unread Stub) - {99FD978C-D287-4F50-827F-B2C658EDA8E7} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove Explorer Icon Overlay 2 (GFS Stub) - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) - {920E6DB1-9907-4370-B3A0-BAFC03D81399} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove Explorer Icon Overlay 3 (GFS Folder) - {16F3DD56-1AF5-4347-846D-7C10C4192619} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove Explorer Icon Overlay 4 (GFS Unread Mark) - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove GFS Context Menu Handler - {6C467336-8281-4E60-8204-430CED96822D} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove GFS Explorer Bar - {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove GFS Stub Icon Handler - {A449600E-1DC6-4232-B948-9BD794D62056} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove XML Icon Handler - {387E725D-DC16-4D76-B310-2C93ED4752A0} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Help and Support - {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Help and Support - {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
History - {FF393560-C2A7-11CF-BFF4-444553540000} - C:\WINDOWS\system32\ieframe.dll
HTML Thumbnail Extractor - {EAB841A0-9550-11cf-8C16-00805F1408F3} - C:\WINDOWS\system32\shimgvw.dll
HyperTerminal Icon Ext - {88895560-9AA2-1069-930E-00AA0030EBC8} - C:\WINDOWS\system32\hticons.dll
ICC Profile - {DBCE2480-C732-101B-BE72-BA78E9AD5B27} - C:\WINDOWS\system32\icmui.dll
ICM Monitor Management - {5DB2625A-54DF-11D0-B6C4-0800091AA605} - C:\WINDOWS\System32\icmui.dll
ICM Printer Management - {675F097E-4C4D-11D0-B6C1-0800091AA605} - C:\WINDOWS\system32\icmui.dll
ICM Scanner Management - {176d6597-26d3-11d1-b350-080036a75b03} - icmui.dll
IE AutoComplete - {3028902F-6374-48b2-8DC6-9725E775B926} - C:\WINDOWS\system32\ieframe.dll
IE BandProxy - {73CFD649-CD48-4fd8-A272-2070EA56526B} - C:\WINDOWS\system32\ieframe.dll
IE Custom MRU AutoCompleted List - {FDE7673D-2E19-4145-8376-BBD58C4BC7BA} - C:\WINDOWS\system32\ieframe.dll
IE Fade Task - {1C1EDB47-CE22-4bbb-B608-77B48F83C823} - C:\WINDOWS\system32\ieframe.dll
IE IShellFolderBand - {6CF48EF8-44CD-45d2-8832-A16EA016311B} - C:\WINDOWS\system32\ieframe.dll
IE Menu Band - {4B78D326-D922-44f9-AF2A-07805C2A3560} - C:\WINDOWS\system32\ieframe.dll
IE Menu Desk Bar - {205D7A97-F16D-4691-86EF-F3075DCCA57D} - C:\WINDOWS\system32\ieframe.dll
IE Menu Site - {44C76ECD-F7FA-411c-9929-1B77BA77F524} - C:\WINDOWS\system32\ieframe.dll
IE Microsoft BrowserBand - {07C45BB1-4A8C-4642-A1F5-237E7215FF66} - C:\WINDOWS\system32\ieframe.dll
IE Microsoft History AutoComplete List - {6038EF75-ABFC-4e59-AB6F-12D397F6568D} - C:\WINDOWS\system32\ieframe.dll
IE Microsoft Multiple AutoComplete List Container - {B31C5FAE-961F-415b-BAF0-E697A5178B94} - C:\WINDOWS\system32\ieframe.dll
IE Microsoft Shell Folder AutoComplete List - {9D958C62-3954-4b44-8FAB-C4670C1DB4C2} - C:\WINDOWS\system32\ieframe.dll
IE MRU AutoComplete List - {98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} - C:\WINDOWS\system32\ieframe.dll
IE Navigation Bar - {43886CD5-6529-41c4-A707-7B3C92C05E68} - C:\WINDOWS\system32\ieframe.dll
IE Registry Tree Options Utility - {F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} - C:\WINDOWS\system32\ieframe.dll
IE RSS Feeder Folder - {9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} - C:\WINDOWS\system32\ieframe.dll
IE Search Band - {30D02401-6A81-11d0-8274-00C04FD5AE38} - C:\WINDOWS\system32\ieframe.dll
IE Shell Band Site Menu - {E6EE9AAC-F76B-4947-8260-A9F136138E11} - C:\WINDOWS\system32\ieframe.dll
IE Shell Rebar BandSite - {BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} - C:\WINDOWS\system32\ieframe.dll
IE Tracking Shell Menu - {6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} - C:\WINDOWS\system32\ieframe.dll
IE User Assist - {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} - C:\WINDOWS\system32\ieframe.dll
IE4 Suite Splash Screen - {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\system32\shdocvw.dll
In-pane search - {169A0691-8DF9-11d1-A1C4-00C04FD75D13} - C:\WINDOWS\system32\browseui.dll
Installed Apps Enumerator - {0B124F8F-91F0-11D1-B8B5-006008059382} - C:\WINDOWS\system32\appwiz.cpl
Internet - {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Internet Name Space - {871C5380-42A0-1069-A2EA-08002B30309D} - C:\WINDOWS\system32\ieframe.dll
InternetShortcut - {FBF23B40-E3F0-101B-8488-00AA003E56F8} - C:\WINDOWS\system32\ieframe.dll
ISFBand OC - {131A6951-7F78-11D0-A979-00C04FD705A2} - C:\WINDOWS\system32\shdocvw.dll
iTunes - {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - C:\Program Files\iTunes\iTunesMiniPlayer.dll
Microsoft Agent Character Property Sheet Handler - {143A62C8-C33B-11D1-84FE-00C04FA34A14} - C:\WINDOWS\msagent\agentpsh.dll
Microsoft AutoComplete - {00BB2763-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\system32\browseui.dll
Microsoft Browser Architecture - {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} - C:\WINDOWS\system32\shdocvw.dll
Microsoft Browser Architecture - {BC476F4C-D9D7-4100-8D4E-E043F6DEC409} - C:\WINDOWS\system32\ieframe.dll
Microsoft BrowserBand - {7BA4C742-9E81-11CF-99D3-00AA004AE837} - C:\WINDOWS\system32\browseui.dll
Microsoft Data Link - {2206CDB2-19C1-11D1-89E0-00C04FD7A829} - C:\Program Files\Common Files\System\Ole DB\oledb32.dll
Microsoft DocProp Inplace Calendar Control - {6A205B57-2567-4A2C-B881-F787FAB579A3} - C:\WINDOWS\system32\docprop2.dll
Microsoft DocProp Inplace Droplist Combo Control - {0EEA25CC-4362-4A12-850B-86EE61B0D3EB} - C:\WINDOWS\system32\docprop2.dll
Microsoft DocProp Inplace Edit Box Control - {A9CF0EAE-901A-4739-A481-E35B73E47F6D} - C:\WINDOWS\system32\docprop2.dll
Microsoft DocProp Inplace ML Edit Box Control - {8EE97210-FD1F-4B19-91DA-67914005F020} - C:\WINDOWS\system32\docprop2.dll
Microsoft DocProp Inplace Time Control - {28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} - C:\WINDOWS\system32\docprop2.dll
Microsoft DocProp Shell Ext - {883373C3-BF89-11D1-BE35-080036B11A03} - C:\WINDOWS\system32\docprop2.dll
Microsoft History AutoComplete List - {00BB2764-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\system32\browseui.dll
Microsoft Internet Toolbar - {5E6AB780-7743-11CF-A12B-00AA004AE837} - C:\WINDOWS\system32\browseui.dll
Microsoft Multiple AutoComplete List Container - {00BB2765-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\system32\browseui.dll
Microsoft Office HTML Icon Handler - {42042206-2D85-11D3-8CFF-005004838597} - C:\Program Files\Microsoft Office\Office12\msohevi.dll
Microsoft Office Metadata Handler - {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
Microsoft Office OneNote Namespace Extension for Windows Desktop Search - {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
Microsoft Office Outlook Custom Icon Handler - {0006F045-0000-0000-C000-000000000046} - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
Microsoft Office Outlook Desktop Icon Handler - {00020D75-0000-0000-C000-000000000046} - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
Microsoft Office Thumbnail Handler - {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
Microsoft Shell Folder AutoComplete List - {03C036F1-A186-11D0-824A-00AA005B4383} - C:\WINDOWS\system32\browseui.dll
Microsoft Url History Service - {3C374A40-BAE4-11CF-BF7D-00AA006946EE} - C:\WINDOWS\system32\ieframe.dll
Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll
Microsoft.XPS.Shell.Metadata.1 - {45670FA8-ED97-4F44-BC93-305082590BFB} - C:\WINDOWS\System32\XPSSHHDR.DLL
Microsoft.XPS.Shell.Thumbnail.1 - {44121072-A222-48f2-A58A-6D9AD51EBBE9} - C:\WINDOWS\System32\XPSSHHDR.DLL
Midi Properties Handler - {A6FD9E45-6E44-43f9-8644-08598F5A74D9} - C:\WINDOWS\system32\shmedia.dll
MMC Icon Handler - {7A80E4A8-8005-11D2-BCF8-00C04F72C717} - C:\WINDOWS\System32\mmcshext.dll
MRU AutoComplete List - {6756A641-DE71-11d0-831B-00AA005B4383} - C:\WINDOWS\system32\browseui.dll
Multimedia File Property Sheet - {00022613-0000-0000-C000-000000000046} - mmsys.cpl
MyDocs Copy Hook - {ECF03A33-103D-11d2-854D-006008059367} - C:\WINDOWS\system32\mydocs.dll
MyDocs Drop Target - {ECF03A32-103D-11d2-854D-006008059367} - C:\WINDOWS\system32\mydocs.dll
MyDocs Properties - {4a7ded0a-ad25-11d0-98a8-0800361b1103} - C:\WINDOWS\system32\mydocs.dll
Network Connections - {7007ACC7-3202-11D1-AAD2-00805FC1270E} - C:\WINDOWS\system32\NETSHELL.dll
Network Connections - {992CFFA0-F557-101A-88EC-00DD010CCC48} - C:\WINDOWS\system32\NETSHELL.dll
NTFS Security Page - {1F2E5C40-9550-11CE-99D2-00AA006E086C} - rshx32.dll
NvCpl DesktopContext Class - {A70C977A-BF00-412C-90B7-034C51DA2439} - C:\WINDOWS\system32\nvcpl.dll
nView Desktop Context Menu - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - C:\WINDOWS\system32\nvshell.dll
Office Document Property Handler - {97e467b4-98c6-4f19-9588-161b7773d6f6} - C:\WINDOWS\system32\propsys.dll
Offline Files Folder - {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} - C:\WINDOWS\System32\cscui.dll
Offline Files Folder Options - {10CFC467-4392-11d2-8DB4-00C04FA31A66} - C:\WINDOWS\System32\cscui.dll
Offline Files Menu - {750fdf0e-2a26-11d1-a3ea-080036587f03} - C:\WINDOWS\System32\cscui.dll
OLE Docfile Property Page - {3EA48300-8CF6-101B-84FB-666CCB9BCD32} - docprop.dll
Play on my TV helper - {FFB699E0-306A-11d3-8BD1-00104B6F7516} - C:\WINDOWS\system32\nvcpl.dll
PlusPack CPL Extension - {41E300E0-78B6-11ce-849B-444553540000} - C:\WINDOWS\system32\themeui.dll
Portable Devices - {35786D3C-B075-49b9-88DD-029876E11C01} - C:\WINDOWS\system32\wpdshext.dll
Portable Devices Menu - {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} - C:\WINDOWS\system32\wpdshext.dll
Portable Media Devices - {640167b4-59b0-47a6-b335-a6b3c0695aea} - C:\WINDOWS\system32\Audiodev.dll
PostAgent - {D8BD2030-6FC9-11D0-864F-00AA006809D9} - C:\WINDOWS\system32\webcheck.dll
Previous Versions - {9DB7A13C-F208-4981-8353-73CC61AE2783} - C:\WINDOWS\system32\twext.dll
Previous Versions Property Page - {596AB062-B4D2-4215-9F74-E9109B0A8153} - C:\WINDOWS\system32\twext.dll
Print Ordering via the Web - {add36aa8-751a-4579-a266-d66f5202ccbb} - C:\WINDOWS\system32\netplwiz.dll
Printers Security Page - {F37C5810-4D3F-11d0-B4BF-00AA00BBB723} - rshx32.dll
Registry Tree Options Utility - {AF4F6510-F982-11d0-8595-00AA004CD6D8} - C:\WINDOWS\system32\browseui.dll
Remote Sessions CPL Extension - {F0152790-D56E-4445-850E-4F3117DB740C} - C:\WINDOWS\system32\remotepg.dll
Run... - {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Scanners & Cameras - {3F953603-1008-4f6e-A73A-04AAC7A992F1} - wiashext.dll
Scanners & Cameras - {83bbcbf3-b28a-4919-a5aa-73027445d672} - wiashext.dll
Scanners & Cameras - {905667aa-acd6-11d2-8080-00805f6596d2} - wiashext.dll
Scanners & Cameras - {E211B736-43FD-11D1-9EFB-0000F8757FCD} - wiashext.dll
Scanners & Cameras - {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} - wiashext.dll
Scheduled Tasks - {D6277990-4C6A-11CF-8D87-00AA0060F5BF} - C:\WINDOWS\system32\mstask.dll
Search - {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Search Assistant OC - {9461b922-3c5a-11d2-bf8b-00c04fb93661} - C:\WINDOWS\system32\shdocvw.dll
Sendmail service - {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} - C:\WINDOWS\system32\sendmail.dll
Sendmail service - {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} - C:\WINDOWS\system32\sendmail.dll
Set Program Access and Defaults - {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Shell Application Manager - {352EC2B7-8B9A-11D1-B8AE-006008059382} - C:\WINDOWS\system32\appwiz.cpl
Shell Automation Inproc Service - {0A89A860-D7B1-11CE-8350-444553540000} - C:\WINDOWS\system32\shdocvw.dll
Shell Band Site Menu - {ECD4FC4E-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
Shell DeskBar - {ECD4FC4C-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
Shell DeskBarApp - {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} - C:\WINDOWS\system32\browseui.dll
Shell DocObject Viewer - {E7E4BC40-E76A-11CE-A9BB-00AA004AE837} - C:\WINDOWS\system32\ieframe.dll
Shell extensions for file compression - {764BF0E1-F219-11ce-972D-00AA00A14F56} -
Shell extensions for Microsoft Windows Network objects - {59be4990-f85c-11ce-aff7-00aa003ca9f6} - ntlanui2.dll
Shell extensions for sharing - {40dd6e20-7c17-11ce-a804-00aa003ca9f6} - ntshrui.dll
Shell extensions for sharing - {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} - ntshrui.dll
Shell extensions for Windows Script Host - {60254CA5-953B-11CF-8C96-00AA00B8708C} - C:\WINDOWS\system32\wshext.dll
Shell Icon Handler for Application References - {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} - c:\WINDOWS\system32\dfshim.dll
Shell Image Data Factory - {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} - C:\WINDOWS\system32\shimgvw.dll
Shell Image Property Handler - {eb9b1153-3b57-4e68-959a-a3266bc3d7fe} - C:\WINDOWS\system32\shimgvw.dll
Shell Image Verbs - {e84fda7c-1d6a-45f6-b725-cb260c236066} - C:\WINDOWS\system32\shimgvw.dll
Shell properties for a DS object - {9E51E0D0-6E0F-11d2-9601-00C04FA31A86} - C:\WINDOWS\system32\dsquery.dll
Shell Publishing Wizard Object - {6b33163c-76a5-4b6c-bf21-45de9cd503a1} - C:\WINDOWS\system32\netplwiz.dll
Shell Rebar BandSite - {ECD4FC4D-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
Shell Scrap DataHandler - {56117100-C0CD-101B-81E2-00AA004AE837} - shscrap.dll
Shell Search Band - {21569614-B795-46b1-85F4-E737A8DC09AD} - C:\WINDOWS\system32\browseui.dll
ShellLink for Application References - {e82a2d71-5b2f-43a0-97b8-81be15854de8} - c:\WINDOWS\system32\dfshim.dll
Subscription Folder - {F5175861-2688-11d0-9C5E-00AA00A45957} - C:\WINDOWS\system32\webcheck.dll
Subscription Mgr - {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} - C:\WINDOWS\system32\webcheck.dll
Summary Info Thumbnail handler (DOCFILES) - {9DBD2C50-62AD-11d0-B806-00C04FD706EC} - C:\WINDOWS\system32\shimgvw.dll
Taskbar and Start Menu - {0DF44EAA-FF21-4412-828E-260A8728E7F1} -
Tasks Folder Icon Handler - {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} - C:\WINDOWS\system32\mstask.dll
Tasks Folder Shell Extension - {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} - C:\WINDOWS\system32\mstask.dll
Temporary Internet Files - {7BD29E00-76C1-11CF-9DD0-00A0C9034933} - C:\WINDOWS\system32\ieframe.dll
Temporary Internet Files - {7BD29E01-76C1-11CF-9DD0-00A0C9034933} - C:\WINDOWS\system32\ieframe.dll
TeraCopy - {A7005AF0-D6E8-48AF-8DFA-023B1CF660A7} - C:\Program Files\TeraCopy\TeraCopy.dll
TeraCopy - {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} - C:\Program Files\TeraCopy\TeraCopyExt.dll
The Internet - {3DC7A020-0ACD-11CF-A9BB-00AA004AE837} - C:\WINDOWS\system32\ieframe.dll
Track Popup Bar - {acf35015-526e-4230-9596-becbe19f0ac9} - C:\WINDOWS\system32\browseui.dll
TrayAgent - {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} - C:\WINDOWS\system32\webcheck.dll
TridentImageExtractor - {7376D660-C583-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\system32\browseui.dll
TrojanHunter Menu Shell Extension - {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} -
Universal Plug and Play Devices - {e57ce731-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll
UnlockerShellExtension - {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} - C:\Program Files\Unlocker\UnlockerCOM.dll
User Accounts - {7A9D77BD-5403-11d2-8785-2E0420524153} -
User Assist - {DD313E04-FEFF-11d1-8ECD-0000F87A470C} - C:\WINDOWS\system32\browseui.dll
Video Media Properties Handler - {40C3D757-D6E4-4b49-BB41-0E5BBEA28817} - C:\WINDOWS\system32\shmedia.dll
Video Thumbnail Extractor - {c5a40261-cd64-4ccf-84cb-c394da41d590} - C:\WINDOWS\system32\shmedia.dll
Wav Properties Handler - {E4B29F9D-D390-480b-92FD-7DDB47101D71} - C:\WINDOWS\system32\shmedia.dll
Web Folders - {BDEADF00-C265-11D0-BCED-00A0C90AB50F} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
Web Printer Shell Extension - {77597368-7b15-11d0-a0c2-080036af3f03} - printui.dll
Web Publishing Wizard - {CC6EEFFB-43F6-46c5-9619-51D571967F7D} - C:\WINDOWS\system32\netplwiz.dll
Web Search - {07798131-AF23-11d1-9111-00A0C98BA67D} - C:\WINDOWS\system32\browseui.dll
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
WebCheck SyncMgr Handler - {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} - C:\WINDOWS\system32\webcheck.dll
WebCheckChannelAgent - {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} - C:\WINDOWS\system32\webcheck.dll
WebCheckWebCrawler - {08165EA0-E946-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
Windows Desktop Search - {13E7F612-F261-4391-BEA2-39DF4F3FA311} - C:\Program Files\Windows Desktop Search\msnlExt.dll
Windows Media Player Add to Playlist Context Menu Handler - {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} - C:\WINDOWS\system32\wmpshell.dll
Windows Media Player Burn Audio CD Context Menu Handler - {8DD448E6-C188-4aed-AF92-44956194EB1F} - C:\WINDOWS\system32\wmpshell.dll
Windows Media Player Play as Playlist Context Menu Handler - {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} - C:\WINDOWS\system32\wmpshell.dll
Windows Search Deskbar - {97090E2F-3062-4459-855B-014F0D3CDBB1} - C:\Program Files\Windows Desktop Search\deskbar.dll
Windows Search Shell Service - {da67b8ad-e81b-4c70-9b91b417b5e33527} -
WinRAR shell extension - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll

[This user (1)]
Web Folders - {BDEADF00-C265-11d0-BCED-00A0C90AB50F} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL

--------------------

Registry 'Run' keys:

[User Run]
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

[System Run]
Copperhead = C:\Program Files\Razer\Copperhead\razerhid.exe
CTHelper = CTHELPER.EXE
CTxfiHlp = CTXFIHLP.EXE
HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
Launch LCDMon = "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
Launch LGDCore = "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
nwiz = nwiz.exe /install
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
SunJavaUpdateSched = "C:\Program Files\Java\jre6\bin\jusched.exe"

--------------------

Registry 'Run' subkeys:

[User Run]
* AdobeUpdater *
@ =


[System Run]
* AutorunsDisabled *
LogitechQuickCamRibbon = "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
AppleSyncNotifier = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
GrooveMonitor = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime


--------------------

Protocols:

[Pluggable MIME filters (9)]
application/octet-stream = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = mscoree.dll
application/x-complus = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = mscoree.dll
application/x-msdownload = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = mscoree.dll
Class Install Handler = {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} = C:\WINDOWS\system32\urlmon.dll
deflate = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\system32\urlmon.dll
gzip = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\system32\urlmon.dll
lzdhtml = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml = {733AC4CB-F1A4-11d0-B951-00A0C90312E1} = C:\WINDOWS\system32\SHELL32.dll
text/xml = {807563E5-5146-11D5-A672-00B0D022E945} = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

[Protocol handlers (23)]
about = {3050F406-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\system32\mshtml.dll
cdl = {3dd53d40-7b8b-11D0-b013-00aa0059ce02} = C:\WINDOWS\system32\urlmon.dll
dvd = {12D51199-0DB5-46FE-A120-47A3D7D937CC} = C:\WINDOWS\system32\msvidctl.dll
file = {79eac9e7-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
ftp = {79eac9e3-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
gopher = {79eac9e4-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
grooveLocalGWS = {88FED34C-F0CA-4636-A375-3CB6248B04CD} = C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
http = {79eac9e2-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
https = {79eac9e5-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
its = {9D148291-B9C8-11D0-A4CC-0000F80149F6} = C:\WINDOWS\system32\itss.dll
javascript = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\system32\mshtml.dll
local = {79eac9e7-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
mailto = {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\system32\mshtml.dll
mhtml = {05300401-BCBC-11d0-85E3-00C04FD85AB4} = C:\WINDOWS\system32\inetcomm.dll
mk = {79eac9e6-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
ms-help = {314111c7-a502-11d2-bbca-00c04f8ec294} = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its = {9D148291-B9C8-11D0-A4CC-0000F80149F6} = C:\WINDOWS\system32\itss.dll
res = {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\system32\mshtml.dll
skype4com = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
sysimage = {76E67A63-06E9-11D2-A840-006008059382} = C:\WINDOWS\system32\mshtml.dll
tv = {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} = C:\WINDOWS\system32\msvidctl.dll
vbscript = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\system32\mshtml.dll
wia = {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} = C:\WINDOWS\system32\wiascr.dll

--------------------

WOW compatibility:

cmdline = C:\WINDOWS\system32\ntvdm.exe
wowcmdline = C:\WINDOWS\system32\ntvdm.exe -a C:\WINDOWS\system32\krnl386

[KnownDlls (16-bit) (40)]
avicap.dll
avifile.dll
comm.drv
commdlg.dll
compobj.dll
ctl3dv2.dll
ddeml.dll
keyboard.drv
lanman.drv
mapi.dll
mciavi.drv
mciseq.drv
mciwave.drv
mmsystem.dll
mouse.drv
msacm.dll
msvideo.dll
netapi.dll
ole2.dll
ole2disp.dll
ole2nls.dll
olecli.dll
olesvr.dll
pmspl.dll
progman.exe
rasapi16.dll
shell.dll
sound.drv
storage.dll
system.drv
timer.drv
toolhelp.dll
typelib.dll
vga.drv
wfwnet.drv
win87em.dll
winoldap.mod
winsock.dll
winspool.exe
wowdeb.exe

[KnownDlls (32-bit) (20)]
advapi32.dll
comdlg32.dll
gdi32.dll
imagehlp.dll
kernel32.dll
lz32.dll
ole32.dll
oleaut32.dll
olecli32.dll
olecnv32.dll
olesvr32.dll
olethk32.dll
rpcrt4.dll
shell32.dll
url.dll
urlmon.dll
user32.dll
version.dll
wininet.dll
wldap32.dll

--------------------

ShellServiceObjectDelayLoad:

[All users (6)]
CDBurn = {fbeb8a05-beee-4442-804e-409d6c4515e9} = C:\WINDOWS\system32\SHELL32.dll
PostBootReminder = {7849596a-48ea-486e-8937-a2a3009f31a9} = C:\WINDOWS\system32\SHELL32.dll
SysTray = {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
UPnPMonitor = {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll
WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll
WPDShServiceObj = {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------

SharedTaskScheduler (2):

Browseui preloader = {438755C2-A8BA-11D1-B96B-00A0C90312E1} = C:\WINDOWS\system32\browseui.dll
Component Categories cache daemon = {8C7461EF-2B13-11d2-BE35-3078302C2030} = C:\WINDOWS\system32\browseui.dll

--------------------

Winsock LSP:

[Protocols (20)]
MSAFD Tcpip [TCP/IP] - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD Tcpip [UDP/IP] - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
RSVP UDP Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\WINDOWS\system32\rsvpsp.dll
RSVP TCP Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\WINDOWS\system32\rsvpsp.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{DF5DA847-16EB-40AE-A253-B4BEF73513D0}] SEQPACKET 7 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{DF5DA847-16EB-40AE-A253-B4BEF73513D0}] DATAGRAM 7 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{661D86A2-4EA0-4458-ACFE-3E6B157DF458}] SEQPACKET 6 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{661D86A2-4EA0-4458-ACFE-3E6B157DF458}] DATAGRAM 6 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D47C8640-0D60-44FA-A800-BBE6551161C9}] SEQPACKET 5 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D47C8640-0D60-44FA-A800-BBE6551161C9}] DATAGRAM 5 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D43DC8CB-DE54-4A45-91AF-191B9388F5F0}] SEQPACKET 0 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D43DC8CB-DE54-4A45-91AF-191B9388F5F0}] DATAGRAM 0 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{3A5B9944-C81B-418B-A957-8D405B78EB12}] SEQPACKET 1 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{3A5B9944-C81B-418B-A957-8D405B78EB12}] DATAGRAM 1 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F81F1481-0946-4EFB-AD32-E219E5AC01CE}] SEQPACKET 2 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F81F1481-0946-4EFB-AD32-E219E5AC01CE}] DATAGRAM 2 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{BDC636F2-42CF-4B65-B61C-44BB5F81A04F}] SEQPACKET 3 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{BDC636F2-42CF-4B65-B61C-44BB5F81A04F}] DATAGRAM 3 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{4E53D6C9-D079-4503-BD11-FEB55B806EB6}] SEQPACKET 4 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{4E53D6C9-D079-4503-BD11-FEB55B806EB6}] DATAGRAM 4 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll

[Namespace Providers (6)]
Juniper Secure DNS (Top) - {E90A7329-700E-4312-ABC0-9B384BBB53BF} - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll
NTDS - {3B2637EE-E580-11CF-A555-00C04FD8D4AC} - C:\WINDOWS\System32\winrnr.dll
Network Location Awareness (NLA) Namespace - {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} - C:\WINDOWS\System32\mswsock.dll
Tcpip - {22059D40-7E9E-11CF-AE5A-00AA00A7112B} - C:\WINDOWS\System32\mswsock.dll
Juniper Secure DNS (Bottom) - {1D6E0AAC-9B6B-41CB-BE12-32582FC83AE8} - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll
mdnsNSP - {B600E6E9-553B-4A19-8696-335E5C896153} - C:\Program Files\Bonjour\mdnsNSP.dll

--------------------

Hijack points:

[Reset web settings URLs]
SearchAssistant =
CustomizeSearch =
START_PAGE_URL =
SEARCH_PAGE_URL =
MS_START_PAGE_URL =

[Internet Explorer URLs]
* This user *
- Internet Explorer\Main (3)
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Start Page = http://www.google.com

- Internet Explorer\Desktop\General (2)
BackupWallpaper = %APPDATA%\Mozilla\Firefox\Desktop Background.bmp
Wallpaper = %APPDATA%\Mozilla\Firefox\Desktop Background.bmp

* All users *
- Internet Explorer\Main (5)
Default_Page_Url = http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_Url = http://go.microsoft.com/fwlink/?LinkId=54896
Local Page = %SystemRoot%\system32\blank.htm
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Start Page = http://www.google.com

- Internet Explorer\Search (2)
CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

- Internet Explorer\AboutURLs (6)
blank = res://mshtml.dll/blank.htm
DesktopItemNavigationFailure = res://ieframe.dll/navcancl.htm
NavigationCanceled = res://ieframe.dll/navcancl.htm
NavigationFailure = res://ieframe.dll/navcancl.htm
OfflineInformation = res://ieframe.dll/offcancl.htm
PostNotCached = res://ieframe.dll/repost.htm



[Default URL prefixes]
default = http://
ftp = ftp://
gopher = gopher://
home = http://
mosaic = http://
www = http://

[Hosts file location]
DatabasePath = C:\WINDOWS\System32\drivers\etc\hosts

--------------------

Protection & disabled items:

[Hosts file (1)]
* 127.0.0.1 *
localhost


[ActiveX killbits (209)]
&Address - {01E04581-4EEE-11d0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll
(no name) - {083863F1-70DE-11d0-BD40-00A0C911CE86} - C:\WINDOWS\system32\devenum.dll
(no name) - {53C74826-AB99-4D33-ACA4-3117F51D3788} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {b4b3aecb-dfd6-11d1-9daa-00805f85cfe3} - C:\WINDOWS\system32\CLBCatQ.DLL
(no name) - {e846f0a0-d367-11d1-8286-00a0c9231c29} - C:\WINDOWS\system32\clbcatex.dll
(no name) - {f5078f26-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll
(no name) - {FEF10FA2-355E-4E06-9381-9B24D7F7CC88} - C:\WINDOWS\system32\SHELL32.dll
9x8Resize - {BC0D69A8-0923-4EEE-9375-9239F5A38B92} - C:\Program Files\Movie Maker\wmm2filt.dll
ACM Class Manager - {33d9a761-90c8-11d0-bd43-00a0c911ce86} - C:\WINDOWS\system32\devenum.dll
ActiveXPlugin Object - {06DD38D3-D187-11CF-A80D-00C04FD74AD8} - C:\WINDOWS\system32\plugin.ocx
ADODB.Stream - {00000566-0000-0010-8000-00AA006D2EA4} - C:\Program Files\Common Files\System\ado\msado15.dll
AEPlugIn Class - {E8C31D11-6FD2-4659-AD75-155FA143F42B} - C:\Program Files\Movie Maker\wmm2ae.dll
Allocator Fix - {C0D076C5-E4C6-4561-8BF4-80DA8DB819D7} - C:\Program Files\Movie Maker\wmm2filt.dll
AsyncMHandler Class - {3DA2AA3E-3D96-11D2-9BD2-204C4F4F5020} - C:\Program Files\Pollux Gamelabs\Lost Empire - Immortals\msdxm.ocx
Bitmap - {4F3E50BD-A9D7-4721-B0E1-00CB42A0A747} - C:\Program Files\Movie Maker\wmm2filt.dll
Briefcase - {85bbd920-42a0-1069-a2e4-08002b30309d} - syncui.dll
CEnroll Class - {43F8F289-7A20-11D0-8F06-00C04FC295E1} - C:\WINDOWS\system32\xenroll.dll
Certificate Class - {E38FD381-6404-4041-B5E9-B2739258941F} - c:\Program Files\Common Files\Microsoft Shared\CAPICOM\CapiCom.dll
Certificates Class - {17E3A1C3-EA8A-4970-AF29-7F54610B1D4C} - c:\Program Files\Common Files\Microsoft Shared\CAPICOM\CapiCom.dll
Certificates Class - {FBAB033B-CDD0-4C5E-81AB-AEA575CD1338} - c:\Program Files\Common Files\Microsoft Shared\CAPICOM\CapiCom.dll
cfw Class - {ECABAFC0-7F19-11D2-978E-0000F8757E2A} - C:\WINDOWS\system32\comsvcs.dll
Chain Class - {65104D73-BA60-4160-A95A-4B4782E7AA62} - c:\Program Files\Common Files\Microsoft Shared\CAPICOM\CapiCom.dll
CLSID_ApprenticeICW - {8EE42293-C315-11D0-8D6F-00A0C9A06E1F} - C:\WINDOWS\system32\inetcfg.dll
CLSID_CCommAcctImport - {1AA06BA1-0E88-11d1-8391-00C04FBD7C09} - C:\WINDOWS\system32\msoeacct.dll
CLSID_CDIDeviceActionConfigPage - {18ab439e-fcf4-40d4-90da-f79baa3b0655} - C:\WINDOWS\system32\diactfrm.dll
ColleagueImportAddIn Class - {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120} - C:\PROGRA~1\MICROS~2\Office12\ADDINS\COLLEA~1.DLL
CommunicationManager - {67dcc487-aa48-11d1-8f4f-00c04fb611c7} - C:\WINDOWS\system32\msdtctm.dll
ContentCollection Class - {7CB9D4F5-C492-42A4-93B1-3F7D6946470D} - C:\Program Files\Hp\Common\RulesEngine.dll
DirectControl Class - {39A2C2A6-4778-11D2-9BDB-204C4F4F5020} - C:\Program Files\Pollux Gamelabs\Lost Empire - Immortals\msdxm.ocx
DirectX Transform Wrapper Property Page - {1B544C24-FD0B-11CE-8C63-00AA0044B520} - C:\Program Files\Movie Maker\wmm2filt.dll
DiskManagement.Connection - {fd78d554-4c6e-11d0-970d-00a0c9191601} - C:\WINDOWS\System32\dmdskmgr.dll
Dutch_Dutch Stemmer - {860d28d0-8bf4-11ce-be59-00aa0051fe20} - infosoft.dll
English_UK Stemmer - {d99f7670-7f1a-11ce-be57-00aa0051fe20} - infosoft.dll
English_US Stemmer - {eeed4c20-7f1b-11ce-be57-00aa0051fe20} - infosoft.dll
Frame Eater - {6C68955E-F965-4249-8E18-F0977B1D2899} - C:\Program Files\Movie Maker\wmm2filt.dll
Free Threaded XML DOM Document 2.6 - {f5078f1c-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll
French_French Stemmer - {2a6eb050-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll
FTP Folder Web View Automation - {210DA8A2-7445-11D1-91F7-006097DF5BD4} - C:\WINDOWS\system32\msieftp.dll
German_German Stemmer - {510a4910-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll
H323MSP Class - {0F1BE7F8-45CA-11D2-831F-00A0244D2298} - C:\WINDOWS\system32\h323msp.dll
HHCtrl Object - {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} - C:\WINDOWS\system32\hhctrl.ocx
HHCtrl Object - {ADB880A6-D8FF-11CF-9377-00AA003B7A11} - C:\WINDOWS\system32\hhctrl.ocx
HPDevice Class - {60178279-6D62-43af-A336-77925651A4C6} - C:\Program Files\Hp\Common\HPeDiag.dll
HPDeviceUtil Class - {DC4F9DA0-DB05-4BB0-8FB2-03A80FE98772} - C:\Program Files\Hp\Common\HPeDiag.dll
HPFileUtil Class - {CDAF9CEC-F3EC-4B22-ABA3-9726713560F8} - C:\Program Files\Hp\Common\HPeDiag.dll
HPIniFileUtil Class - {93441C07-E57E-4086-B912-F323D741A9D8} - C:\Program Files\Hp\Common\HPeDiag.dll
HPLogicalDriveInfo Class - {17E67D4A-23A1-40D8-A049-EE34C0AF756A} - C:\Program Files\Hp\Common\HPeDiag.dll
HPOperatingSystem Class - {784F2933-6BDD-4E5F-B1BA-A8D99B603649} - C:\Program Files\Hp\Common\HPeDiag.dll
HPPDriverRead Class - {4774922A-8983-4ECC-94FD-7235F06F53A1} - C:\Program Files\Hp\Common\HPeDiag.dll
HPPDriversCollection Class - {DE233AFF-8BD5-457E-B7F0-702DBEA5A828} - C:\Program Files\Hp\Common\HPeDiag.dll
HPPJobRead Class - {E12DA4F2-BDFB-4EAD-B12F-2725251FA6B0} - C:\Program Files\Hp\Common\HPeDiag.dll
HPPJobsCollection Class - {B9C13CD0-5A97-4C6B-8A50-7638020E2462} - C:\Program Files\Hp\Common\HPeDiag.dll
HPPMonitorRead Class - {C94188F6-0F9F-46B3-8B78-D71907BD8B77} - C:\Program Files\Hp\Common\HPeDiag.dll
HPPMonitorsCollection Class - {AB049B11-607B-46C8-BBF7-F4D6AF301046} - C:\Program Files\Hp\Common\HPeDiag.dll
HPPPortRead Class - {6470DE80-1635-4B5D-93A3-3701CE148A79} - C:\Program Files\Hp\Common\HPeDiag.dll
HPPPortsCollection Class - {910E7ADE-7F75-402D-A4A6-BB1A82362FCA} - C:\Program Files\Hp\Common\HPeDiag.dll
HPPProcessorsCollection Class - {42C68651-1700-4750-A81F-A1F5110E0F66} - C:\Program Files\Hp\Common\HPeDiag.dll
HPPrinterRead Class - {BF931895-AF82-467A-8819-917C6EE2D1F3} - C:\Program Files\Hp\Common\HPeDiag.dll
HPPrintersCollection Class - {C70D0641-DDE1-4FD7-A4D4-DA187B80741D} - C:\Program Files\Hp\Common\HPeDiag.dll
HPRegUtil Class - {0C378864-D5C4-4D9C-854C-432E3BEC9CCB} - C:\Program Files\Hp\Common\HPeDiag.dll
HPScript Class - {5E6F22B3-7DF6-4C64-8AD0-1A6CC1351085} - C:\Program Files\Hp\Common\HPScripting.dll
HPScript2 Class - {B5201019-B9A8-411C-A7AC-CEA856A63C00} - C:\Program Files\Hp\Common\HPScripting.dll
HPSpoolerEnum Class - {CF6866F9-B67C-4B24-9957-F91E91E788DC} - C:\Program Files\Hp\Common\HPeDiag.dll
HPSpoolerRead Class - {A95845D8-8463-4605-B5FB-4F8CFBAC5C47} - C:\Program Files\Hp\Common\HPeDiag.dll
HPSystemBoardInfo Class - {AB237044-8A3B-42BB-9EE1-9BFA6721D9ED} - C:\Program Files\Hp\Common\HPeDiag.dll
IAVIStream & IAVIFile Proxy - {0002000D-0000-0000-C000-000000000046} - avifil32.dll
ICM Class Manager - {33d9a760-90c8-11d0-bd43-00a0c911ce86} - C:\WINDOWS\system32\devenum.dll
IndexServer Simple Command Creator - {c7b6c04a-cbb5-11d0-bb4c-00c04fc2f410} - C:\WINDOWS\system32\query.dll
InstallEngineCtl Object - {6E449683-C509-11CF-AAFA-00AA00B6015C} - C:\WINDOWS\system32\asctrls.ocx
IPConfMSP Class - {0F1BE7F7-45CA-11D2-831F-00A0244D2298} - C:\WINDOWS\system32\confmsp.dll
Italian_Italian Stemmer - {6d36ce10-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll
LexRefBilingualTextContext Class - {75C11604-5C51-48B2-B786-DF5E51D10EC9} - C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1CORE.DLL
LexRefStEsObject Class - {4CFB5280-800B-4367-848F-5A13EBF27F1D} - C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.DLL
LexRefStFrObject Class - {B3E0E785-BD78-4366-9560-B7DABE2723BE} - C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.DLL
MarshalableTI Class - {466d66fa-9616-11d2-9342-0000f875ae17} - C:\WINDOWS\system32\msconf.dll
Media Streaming Dynamic Terminal - {AED6483F-3304-11D2-86F1-006008B0E5D2} - C:\WINDOWS\system32\termmgr.dll
MessageMover Class - {ecabb0bf-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll
Microsoft Agent Control 1.5 - {F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5} - C:\WINDOWS\msagent\agentctl.dll
Microsoft Common Browser Architecture - {AF604EFE-8897-11D1-B944-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
Microsoft DDS 80 - {C795D2FE-7776-11D8-9070-00065B840D9C} - c:\Program Files\Common Files\Microsoft Shared\MSDesigners8\msdds.dll
Microsoft DDS Form 2.0 - {77D2C92E-7779-11D8-9070-00065B840D9C} - c:\Program Files\Common Files\Microsoft Shared\MSDesigners8\msddsf.dll
Microsoft DDS Generic Class 80 - {77D2C902-7779-11D8-9070-00065B840D9C} - c:\Program Files\Common Files\Microsoft Shared\MSDesigners8\msdds.dll
Microsoft DDS Icon Control 80 - {77D2C926-7779-11D8-9070-00065B840D9C} - c:\Program Files\Common Files\Microsoft Shared\MSDesigners8\msdds.dll
Microsoft DDS Layout Manager 80 - {77D2C915-7779-11D8-9070-00065B840D9C} - c:\Program Files\Common Files\Microsoft Shared\MSDesigners8\msddslm.dll
Microsoft DDS Library Shape Control 80 - {77D2C905-7779-11D8-9070-00065B840D9C} - c:\Program Files\Common Files\Microsoft Shared\MSDesigners8\msdds.dll
Microsoft DDS Oblique LineRoute 80 - {77D2C917-7779-11D8-9070-00065B840D9C} - c:\Program Files\Common Files\Microsoft Shared\MSDesigners8\msddslm.dll
Microsoft DDS Picture Shape Control 80 - {77D2C908-7779-11D8-9070-00065B840D9C} - c:\Program Files\Common Files\Microsoft Shared\MSDesigners8\msdds.dll
Microsoft DDS Polyline Control 80 - {77D2C91E-7779-11D8-9070-00065B840D9C} - c:\Program Files\Common Files\Microsoft Shared\MSDesigners8\msdds.dll
Microsoft DDS Rectilinear Layout 80 - {77D2C916-7779-11D8-9070-00065B840D9C} - c:\Program Files\Common Files\Microsoft Shared\MSDesigners8\msddslm.dll
Microsoft DDS Text Control 80 - {77D2C923-7779-11D8-9070-00065B840D9C} - c:\Program Files\Common Files\Microsoft Shared\MSDesigners8\msdds.dll
Microsoft DDSform 80 2.1 Font - {D1E5C5AF-21FB-11D9-ADCD-00065B840D9C} - c:\Program Files\Common Files\Microsoft Shared\MSDesigners8\msddsf.dll
Microsoft DDSform 80 2.1 FontNew - {77D2C92D-7779-11D8-9070-00065B840D9C} - c:\Program Files\Common Files\Microsoft Shared\MSDesigners8\msddsf.dll
Microsoft DDSform 80 2.1 FormPackage - {77D2C931-7779-11D8-9070-00055B840D9C} - c:\Program Files\Common Files\Microsoft Shared\MSDesigners8\msddsf.dll
Microsoft DocHost User Interface Handler - {7057e952-bd1b-11d1-8919-00c04fc2c836} - C:\WINDOWS\system32\ieframe.dll
Microsoft Help 2.0 Contents Control - {314111B8-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxvz.dll
Microsoft Help 2.0 Index Control - {314111C6-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxvz.dll
Microsoft HTA Document 6.0 - {3050F5C8-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
Microsoft Html Document for Popup Window - {3050F67D-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
Microsoft Html Popup Window - {3050f667-98b5-11cf-bb82-00aa00bdce0b} - C:\WINDOWS\system32\mshtml.dll
Microsoft HTML Window Security Proxy - {3050F391-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
Microsoft Index Server Scope Administration Object - {3bc4f3a7-652a-11d1-b4d4-00c04fc2db8d} - C:\WINDOWS\system32\ciodm.dll
Microsoft Movie Maker Age Filter - {ADEADEB8-E54B-11D1-9A72-0000F875EADE} - C:\Program Files\Movie Maker\wmm2fxa.dll
Microsoft MovieMaker Fade In Fade Out - {EC85D8F1-1C4E-46E4-A748-7AA04E7C0496} - C:\Program Files\Movie Maker\wmm2fxa.dll
Microsoft MPEG-4 Video Decompressor Property page - {598eba02-b49a-11d2-a1c1-00609778ea66} - C:\WINDOWS\system32\mpg4ds32.ax
Microsoft MS Audio Decompressor Control Property page - {8FE7E181-BB96-11D2-A1CB-00609778EA66} - C:\WINDOWS\system32\msadds32.ax
Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
Microsoft Rich Textbox Control 6.0 (SP4) - {3B7C8860-D78F-101B-B9B5-04021C009402} - C:\WINDOWS\system32\RichTx32.ocx
Microsoft Visual Web Developer 12.0 Editor Window - {1D0191C5-F6EF-47AC-82E9-7CE841BBD0EF} - C:\PROGRA~1\MI15E2~1\VWD\FPEDITAX.DLL
Microsoft WBEM Event Subsystem - {5d08b586-343a-11d0-ad46-00c04fd8fdff} - C:\WINDOWS\system32\wbem\wbemess.dll
MidiOut Class Manager - {4efe2452-168a-11d1-bc76-00c04fb9453b} - C:\WINDOWS\system32\devenum.dll
MMStream Class - {49C47CE5-9BA4-11D0-8212-00C04FC32C45} - C:\WINDOWS\system32\amstream.dll
Movie Maker Special Effect 1 Input - {B4DC8DD9-2CC1-4081-9B2B-20D7030234EF} - C:\Program Files\Movie Maker\wmm2fxa.dll
Movie Maker Special Effect 2 Inputs - {C63344D8-70D3-4032-9B32-7A3CAD5091A5} - C:\Program Files\Movie Maker\wmm2fxa.dll
Movie Maker Special Effect Inplace 1 Input - {353359C1-39E1-491b-9951-464FD8AB071C} - C:\Program Files\Movie Maker\wmm2fxa.dll
Movie Maker Video Adjustments - {5A20FD6F-F8FE-4A22-9EE7-307D72D09E6E} - C:\Program Files\Movie Maker\wmm2fxa.dll
MSP Class - {4DDB6D36-3BC1-11D2-86F2-006008B0E5D2} - C:\WINDOWS\system32\wavemsp.dll
MTSEvents Class - {ECABB0AB-7F19-11D2-978E-0000F8757E2A} - C:\WINDOWS\system32\comsvcs.dll
Multimedia File Property Sheet - {00022613-0000-0000-c000-000000000046} - mmsys.cpl
NDFXArtEffects - {E673DCF2-C316-4C6F-AA96-4E4DC6DC291E} - C:\Program Files\Movie Maker\wmm2fxb.dll
Network Connections - {7007acc7-3202-11d1-aad2-00805fc1270e} - C:\WINDOWS\system32\NETSHELL.dll
Network Connections - {992cffa0-f557-101a-88ec-00dd010ccc48} - C:\WINDOWS\system32\NETSHELL.dll
Network Connections Tray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} - C:\WINDOWS\system32\NETSHELL.dll
Outlook Express Address Book - {233A9694-667E-11d1-9DFB-006097D50408} - %ProgramFiles%\Outlook Express\msoe.dll
Outlook Progress Ctl - {0006F071-0000-0000-C000-000000000046} - C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
PostBootReminder object - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll
PSDispatch - {00020420-0000-0000-c000-000000000046} - oleaut32.dll
PSEnumVariant - {00020421-0000-0000-C000-000000000046} - oleaut32.dll
PSOAInterface - {00020424-0000-0000-c000-000000000046} - oleaut32.dll
PSSupportErrorInfo - {DF0B3D60-548F-101B-8E65-08002B2BD119} - oleaut32.dll
PSTypeComp - {00020425-0000-0000-C000-000000000046} - oleaut32.dll
PSTypeInfo - {00020422-0000-0000-C000-000000000046} - oleaut32.dll
PSTypeLib - {00020423-0000-0000-C000-000000000046} - oleaut32.dll
Queued Components Recorder - {ecabafc2-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll
RDSServer.DataFactory - {9381D8F5-0288-11d0-9501-00AA00B911A5} - C:\Program Files\Common Files\System\msadc\msadcf.dll
Record Queue - {5B4B05EB-1F63-446B-AAD1-E10A34D650E0} - C:\Program Files\Movie Maker\wmm2filt.dll
Redirect - {42B07B28-2280-4937-B035-0293FB812781} - C:\WINDOWS\system32\dxtmsft.dll
RefEdit.Ctrl - {00024512-0000-0000-C000-000000000046} - C:\Program Files\Microsoft Office\Office12\REFEDIT.DLL
RegWizCtrl - {50E5E3D1-C07E-11D0-B9FD-00A0249F6B00} - C:\WINDOWS\system32\regwizc.dll
SafeWia Class - {0DAD5531-BF31-43AC-A513-1F8926BBF5EC} - C:\WINDOWS\system32\wiascr.dll
Script Encoder Object - {32DA2B15-CFED-11D1-B747-00C04FC2B085} - C:\WINDOWS\system32\scrrun.dll
ScriptHost Class - {BC2971B9-2A4F-44C8-8D7F-04E027544828} - C:\Program Files\Hp\Common\HPScripting.dll
ScriptUtil Class - {DF1F1C17-6A29-45fb-A3C6-9825908E062E} - C:\Program Files\Hp\Common\RulesEngine.dll
SdpConferenceBlob Class - {9B2719DD-B696-11D0-A489-00C04FD91AC0} - C:\WINDOWS\system32\sdpblb.dll
Search Assistant Control - {47c6c527-6204-4f91-849d-66e234dee015} - c:\windows\srchasst\srchui.dll
ShellFolder for CD Burning - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll
Shockwave ActiveX Control - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\WINDOWS\system32\Adobe\Director\SwDir.dll
Shortcut - {00021401-0000-0000-C000-000000000046} - shell32.dll
ShotDetect - {CFFB1FC7-270D-4986-B299-FECF3F0E42DB} - C:\Program Files\Movie Maker\wmm2filt.dll
Spanish_Modern Stemmer - {b0516ff0-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll
SpSharedRecoContext Class - {47206204-5ECA-11D2-960F-00C04F8EE628} - C:\Program Files\Common Files\Microsoft Shared\Speech\sapi.dll
SpSharedRecognizer Class - {3BEE4890-4FE9-4A37-8C1E-5E7E12791C1F} - C:\Program Files\Common Files\Microsoft Shared\Speech\sapi.dll
Start Menu - {4622AD11-FF23-11d0-8D34-00A0C90F2719} - C:\WINDOWS\system32\SHELL32.dll
Stetch - {F44BB2D0-F070-463E-9433-B0CCF3CFD627} - C:\Program Files\Movie Maker\wmm2filt.dll
Store Class - {78E61E52-0E57-4456-A2F2-517492BCBF8F} - c:\Program Files\Common Files\Microsoft Shared\CAPICOM\CapiCom.dll
Swedish_Default Stemmer - {9478f640-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll
System Monitor Source Properties - {0CF32AA1-7571-11D0-93C4-00AA00A3DDEA} - C:\WINDOWS\system32\sysmon.ocx
SysTray - {35cec8a3-2be6-11d2-8773-92e220524153} - C:\WINDOWS\system32\stobject.dll
SysTrayInvoker - {730f6cdc-2c86-11d2-8773-92e220524153} - C:\WINDOWS\system32\stobject.dll
TipGW Init - {F117831B-C052-11d1-B1C0-00C04FC2F3EF} - C:\WINDOWS\system32\msdtctm.dll
Trident HTMLEditor - {3050F4F5-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtmled.dll
Trun Gateway Protocol Class - {37de7045-5056-456f-8409-c871e0f8b0e0} - C:\WINDOWS\system32\msdtctm.dll
VFW Capture Class Manager - {860bb310-5d01-11d0-bd3b-00a0c911ce86} - C:\WINDOWS\system32\devenum.dll
Video Effect (1 input) Class Manager - {cc7bfb42-f175-11d1-a392-00e0291f3959} - C:\WINDOWS\system32\qedit.dll
Video Effect (2 input) Class Manager - {cc7bfb43-f175-11d1-a392-00e0291f3959} - C:\WINDOWS\system32\qedit.dll
Video Mixing Renderer 9 - {51B4ABF3-748F-4E3B-A276-C828330E926A} - C:\WINDOWS\system32\quartz.dll
Video Render Dynamic Terminal - {AED6483E-3304-11D2-86F1-006008B0E5D2} - C:\WINDOWS\system32\termmgr.dll
VideoPort Object - {CE292861-FC88-11D0-9E69-00C04FD7C15B} - C:\WINDOWS\system32\qdvd.dll
VMR Allocator Presenter 9 - {2D2E24CB-0CD5-458F-86EA-3E6FA22C8E64} - C:\WINDOWS\system32\quartz.dll
VMR ImageSync 9 - {E4979309-7A32-495E-8A92-7B014AAD4961} - C:\WINDOWS\system32\quartz.dll
WaveIn Class Manager - {33D9A762-90C8-11d0-BD43-00A0C911CE86} - C:\WINDOWS\system32\devenum.dll
WaveOut and DSound Class Manager - {e0f158e1-cb04-11d0-bd4e-00a0c911ce86} - C:\WINDOWS\system32\devenum.dll
Wbem Scripting Object Path - {172BDDF8-CEEA-11D1-8B05-00600806D9B6} - C:\WINDOWS\system32\wbem\wbemdisp.dll
WDM Instance Provider - {d2d588b5-d081-11d0-99e0-00c04fc2f8ec} - C:\WINDOWS\system32\wbem\wmiprov.dll
WIA FileSystem USD - {d2923b86-15f1-46ff-a19a-de825f919576} - C:\WINDOWS\system32\fsusd.dll
WIA Video Preview Class - {457A23DF-6F2A-4684-91D0-317FB768D87C} - C:\WINDOWS\system32\camocx.dll
Windows Media Video Decompressor Property page - {9AADA567-04E0-11D4-9148-00C04F610D24} - C:\WINDOWS\system32\wmv8ds32.ax
WM Color Converter Filter - {CC45B0B0-72D8-4652-AE5F-5E3E266BE7ED} - C:\Program Files\Movie Maker\wmm2filt.dll
WM TV Out Smooth Picture Filter - {41D2B841-7692-4C83-AFD3-F60E845341AF} - C:\Program Files\Movie Maker\wmm2filt.dll
WM VIH2 Fix - {586FB486-5560-4FF3-96DF-1118C96AF456} - C:\Program Files\Movie Maker\wmm2filt.dll
WMI ADSI Extension - {F0975AFE-5C7F-11D2-8B74-00104B2AFB41} - C:\WINDOWS\system32\wbem\wbemads.dll
WMIObjectBroker Class - {7F5B7F63-F06F-4331-8A26-339E03C0AE3D} - c:\Program Files\Common Files\Microsoft Shared\WMI\wmiscriptutils.dll
WMT Audio Analyzer - {1CB1623E-BBEC-4E8D-B2DF-DC08C6F4627C} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Black Frame Generator - {2EA10031-0033-450E-8072-E27D9E768142} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT DeInterlace Filter - {C8F209F8-480E-454C-94A4-5392D88EBA0F} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT DeInterlace Prop Page - {A2EDA89A-0966-4B91-9C18-AB69F098187F} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT DirectX Transform Wrapper - {AECF5D2E-7A18-4DD2-BDCD-29B6F615B448} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT DV Extract Filter - {E476CBFF-E229-4524-B6B7-228A3129D1C7} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT FormatConversion - {2D20D4BB-B47E-4FB7-83BD-E3C2EE250D26} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT FormatConversion Prop Page - {E188F7A3-A04E-413E-99D1-D79A45F70305} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Import Filter - {4D4C9FEF-ED80-47EA-A3FA-3215FDBB33AB} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Interlacer - {C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Log Filter - {92883667-E95C-443D-AC96-4CACA27BEB6E} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT MuxDeMux Filter - {01002B17-5D93-4551-81E4-831FEF780A53} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Sample Info Filter - {7F1232EE-44D7-4494-AB8B-CC61B10E21A5} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Screen capture Filter - {31087270-d348-432c-899e-2d2f38ff29a0} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Screen Capture Filter Task Page - {679E132F-561B-42F8-846C-A70DBDC62999} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Switch Filter - {EF105BC3-C064-45F1-AD53-6D8A8578D01B} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Virtual Renderer - {930FD02C-BBE7-4EB9-91CF-FC45CC91E3E6} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Virtual Source - {C44C65C7-FDF1-453D-89A5-BCC28F5D69F9} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Volume - {EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C} - C:\Program Files\Movie Maker\wmm2filt.dll
XML Data Source Object 2.6 - {f5078f1f-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll
XML Document 2.6 - {f5078f22-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll
XML Document 2.6 - {f5078f28-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll
XML DOM Document 2.6 - {f5078f1b-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll
XML HTTP 2.6 - {f5078f1e-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll
XML Moniker 2.6 - {f5078f29-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll
XML Parser 2.6 - {f5078f20-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll
XML Schema Cache 2.6 - {f5078f1d-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll
XSL Template 2.6 - {f5078f21-c551-11d3-89b9-0000f81fe221} - C:\WINDOWS\system32\msxml2.dll

[Stopped/disabled NT Services]
* Stopped (55) *
.NET Runtime Optimization Service v2.0.50727_X86 = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Application Layer Gateway Service = C:\WINDOWS\System32\alg.exe
Application Management = C:\WINDOWS\system32\svchost.exe -k netsvcs
ASP.NET State Service = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Background Intelligent Transfer Service = C:\WINDOWS\system32\svchost.exe -k netsvcs
COM+ Event System = C:\WINDOWS\system32\svchost.exe -k netsvcs
COM+ System Application = C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Distributed Transaction Coordinator = C:\WINDOWS\system32\msdtc.exe
Extensible Authentication Protocol Service = C:\WINDOWS\System32\svchost.exe -k eapsvcs
Fast User Switching Compatibility = C:\WINDOWS\System32\svchost.exe -k netsvcs
FLEXnet Licensing Service = "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
Health Key and Certificate Management Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
HTTP SSL = C:\WINDOWS\System32\svchost.exe -k HTTPFilter
IMAPI CD-Burning COM Service = C:\WINDOWS\system32\imapi.exe
Indexing Service = C:\WINDOWS\system32\cisvc.exe
InstallDriver Table Manager = "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
iPod Service = "C:\Program Files\iPod\bin\iPodService.exe"
Lavasoft Ad-Aware Service = "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
Logical Disk Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs
Logical Disk Manager Administrative Service = C:\WINDOWS\System32\dmadmin.exe /com
Microsoft Office Diagnostics Service = "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
Microsoft Office Groove Audit Service = "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
MS Software Shadow Copy Provider = C:\WINDOWS\system32\dllhost.exe /Processid:{B0397B62-1ACD-4D3C-9E74-2178FD18C3FB}
Net Logon = C:\WINDOWS\system32\lsass.exe
NetMeeting Remote Desktop Sharing = C:\WINDOWS\system32\mnmsrvc.exe
Network Access Protection Agent = C:\WINDOWS\System32\svchost.exe -k netsvcs
Network Connections = C:\WINDOWS\System32\svchost.exe -k netsvcs
Network Location Awareness (NLA) = C:\WINDOWS\system32\svchost.exe -k netsvcs
Network Provisioning Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
NT LM Security Support Provider = C:\WINDOWS\system32\lsass.exe
Office Source Engine = "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Performance Logs and Alerts = C:\WINDOWS\system32\smlogsvc.exe
Portable Media Serial Number Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
QoS RSVP = C:\WINDOWS\system32\rsvp.exe
Remote Access Auto Connection Manager = C:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Access Connection Manager = C:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Desktop Help Session Manager = C:\WINDOWS\system32\sessmgr.exe
Remote Procedure Call (RPC) Locator = C:\WINDOWS\system32\locator.exe
Removable Storage = C:\WINDOWS\system32\svchost.exe -k netsvcs
Smart Card = C:\WINDOWS\System32\SCardSvr.exe
SoundMovieServer = "C:\WINDOWS\system32\snmvtsvc.exe"
SSDP Discovery Service = C:\WINDOWS\system32\svchost.exe -k LocalService
Telephony = C:\WINDOWS\System32\svchost.exe -k netsvcs
Terminal Services = C:\WINDOWS\System32\svchost -k DComLaunch
Uninterruptible Power Supply = C:\WINDOWS\System32\ups.exe
Universal Plug and Play Device Host = C:\WINDOWS\system32\svchost.exe -k LocalService
User Privilege Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
Volume Shadow Copy = C:\WINDOWS\System32\vssvc.exe
Windows CardSpace = "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
Windows Driver Foundation - User-mode Driver Framework = C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
Windows Installer = C:\WINDOWS\system32\msiexec.exe /V
Windows Media Player Network Sharing Service = "C:\Program Files\Windows Media Player\WMPNetwk.exe"
Windows Presentation Foundation Font Cache 3.0.0.0 = c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Wired AutoConfig = C:\WINDOWS\System32\svchost.exe -k dot3svc
WMI Performance Adapter = C:\WINDOWS\system32\wbem\wmiapsrv.exe

* Stopped & disabled (12) *
Alerter = C:\WINDOWS\system32\svchost.exe -k LocalService
ClipBook = C:\WINDOWS\system32\clipsrv.exe
Messenger = C:\WINDOWS\system32\svchost.exe -k netsvcs
Net.Tcp Port Sharing Service = "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Network DDE = C:\WINDOWS\system32\netdde.exe
Network DDE DSDM = C:\WINDOWS\system32\netdde.exe
Routing and Remote Access = C:\WINDOWS\system32\svchost.exe -k netsvcs
SQL Server (SQLEXPRESS) = "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
SQL Server Active Directory Helper = "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe"
SQL Server Browser = "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
SQL Server VSS Writer = "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
Visual Studio 2008 Remote Debugger = "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90


[Windows XP Security]
* Security Center *
- This user
FirstRun = dword: 1
AntiVirusDisableNotify = dword: 1
FirewallDisableNotify = dword: 1
UpdatesDisableNotify = dword: 1

- All users
FirstRunDisabled = dword: 1
AntiVirusDisableNotify = dword: 0
FirewallDisableNotify = dword: 0
UpdatesDisableNotify = dword: 0
AntiVirusOverride = dword: 1
FirewallOverride = dword: 0

* System Restore *
- All users
DisableSR = dword: 0
CreateFirstRunRp = dword: 1
DSMin = dword: 200
DSMax = dword: 400
RPSessionInterval = dword: 0
RPGlobalInterval = dword: 86400
RPLifeInterval = dword: 7776000
CompressionBurst = dword: 60
TimerInterval = dword: 120
DiskPercent = dword: 12
ThawInterval = dword: 900
RestoreDiskSpaceError = dword: 0



==================================================
= Other users on this computer: Default user =
==================================================
--------------------

Autostart folders:

[Startup]
AutorunsDisabled
desktop.ini

[User Startup]
AutorunsDisabled
desktop.ini

--------------------

IniMapping values:

User screensaver = logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (2) *
NoDriveTypeAutoRun = dword: 145
NoDriveAutoRun = dword: 67108863


--------------------

Hijack points:

[Internet Explorer URLs]
* Internet Explorer\Main (2) *
Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome



==================================================
= Other users on this computer: LOCAL SERVICE =
==================================================
--------------------

Autostart folders:

[User Startup]
AutorunsDisabled
desktop.ini

--------------------

IniMapping values:

User screensaver = C:\WINDOWS\System32\logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145



==================================================
= Other users on this computer: NETWORK SERVICE =
==================================================
--------------------

Autostart folders:

[User Startup]
AutorunsDisabled
desktop.ini

--------------------

IniMapping values:

User screensaver = C:\WINDOWS\System32\logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145



==================================================
= Other users on this computer: SYSTEM =
==================================================
--------------------

Autostart folders:

[Startup]
AutorunsDisabled
desktop.ini

[User Startup]
AutorunsDisabled
desktop.ini

--------------------

IniMapping values:

User screensaver = logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (2) *
NoDriveTypeAutoRun = dword: 145
NoDriveAutoRun = dword: 67108863


--------------------

Hijack points:

[Internet Explorer URLs]
* Internet Explorer\Main (2) *
Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome



==================================================
= Other hardware configurations: Last known good =
==================================================
--------------------

On-reboot actions:

BootExecute = autocheck autochk *

--------------------

Services:

[NT Services (41)]
Apple Mobile Device = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Atheros Configuration Service = C:\WINDOWS\system32\acs.exe
Automatic Updates = C:\WINDOWS\system32\svchost.exe -k netsvcs
Bonjour Service = "C:\Program Files\Bonjour\mDNSResponder.exe"
Computer Browser = C:\WINDOWS\system32\svchost.exe -k netsvcs
Cryptographic Services = C:\WINDOWS\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher = C:\WINDOWS\system32\svchost -k DcomLaunch
DHCP Client = C:\WINDOWS\system32\svchost.exe -k netsvcs
Distributed Link Tracking Client = C:\WINDOWS\system32\svchost.exe -k netsvcs
DNS Client = C:\WINDOWS\system32\svchost.exe -k NetworkService
Error Reporting Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
Event Log = C:\WINDOWS\system32\services.exe
Help and Support = C:\WINDOWS\System32\svchost.exe -k netsvcs
HID Input Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
IPSEC Services = C:\WINDOWS\system32\lsass.exe
Java Quick Starter = "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
NVIDIA Display Driver Service = C:\WINDOWS\system32\nvsvc32.exe
Plug and Play = C:\WINDOWS\system32\services.exe
Pml Driver HPZ12 = C:\WINDOWS\system32\HPZipm12.exe
Print Spooler = C:\WINDOWS\system32\spoolsv.exe
Protected Storage = C:\WINDOWS\system32\lsass.exe
Remote Procedure Call (RPC) = C:\WINDOWS\system32\svchost -k rpcss
Secondary Logon = C:\WINDOWS\System32\svchost.exe -k netsvcs
Security Accounts Manager = C:\WINDOWS\system32\lsass.exe
Security Center = C:\WINDOWS\System32\svchost.exe -k netsvcs
Server = C:\WINDOWS\system32\svchost.exe -k netsvcs
Shell Hardware Detection = C:\WINDOWS\System32\svchost.exe -k netsvcs
System Event Notification = C:\WINDOWS\system32\svchost.exe -k netsvcs
System Restore Service = C:\WINDOWS\system32\svchost.exe -k netsvcs
Task Scheduler = C:\WINDOWS\System32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper = C:\WINDOWS\system32\svchost.exe -k LocalService
Themes = C:\WINDOWS\System32\svchost.exe -k netsvcs
WebClient = C:\WINDOWS\system32\svchost.exe -k LocalService
Windows Audio = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Firewall/Internet Connection Sharing (ICS) = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Image Acquisition (WIA) = C:\WINDOWS\system32\svchost.exe -k imgsvc
Windows Management Instrumentation = C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Search = C:\WINDOWS\system32\SearchIndexer.exe /Embedding
Windows Time = C:\WINDOWS\System32\svchost.exe -k netsvcs
Wireless Zero Configuration = C:\WINDOWS\System32\svchost.exe -k netsvcs
Workstation = C:\WINDOWS\system32\svchost.exe -k netsvcs

[SafeBoot services (Minimal boot)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
dmboot.sys
dmio.sys
dmload.sys
sermouse.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
PCI Configuration
PNP Filter
Primary disk
SCSI Class
System Bus Extender

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
aawservice
AppMgmt
CryptSvc
DcomLaunch
dmadmin
dmserver
EventLog
HelpSvc
Netlogon
PlugPlay
PSEXESVC
RpcSs
SRService
vds
WinMgmt

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}

* Volume shadow copy *
{533C5B84-EC70-11D2-9505-00C04F79DEAF}


[SafeBoot services (Minimal boot + network support)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
dmboot.sys
dmio.sys
dmload.sys
ip6fw.sys
ipnat.sys
rdpcdd.sys
rdpdd.sys
rdpwd.sys
sermouse.sys
tdpipe.sys
tdtcp.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
NDIS
NDIS Wrapper
NetBIOSGroup
NetDDEGroup
Network
NetworkProvider
PCI Configuration
PNP Filter
PNP_TDI
Primary disk
SCSI Class
Streams Drivers
System Bus Extender
TDI

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* Net *
{4D36E972-E325-11CE-BFC1-08002BE10318}

* NetClient *
{4D36E973-E325-11CE-BFC1-08002BE10318}

* NetService *
{4D36E974-E325-11CE-BFC1-08002BE10318}

* NetTrans *
{4D36E975-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
aawservice
AFD
AppMgmt
Browser
CryptSvc
DcomLaunch
Dhcp
dmadmin
dmserver
DnsCache
EventLog
HelpSvc
LanmanServer
LanmanWorkstation
LmHosts
Messenger
Ndisuio
NetBIOS
NetBT
Netlogon
NetMan
NtLmSsp
PlugPlay
PSEXESVC
rdsessmgr
RpcSs
SharedAccess
SRService
Tcpip
termservice
WinMgmt
WZCSVC

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}


[SafeBoot: Alternate shell]
cmd.exe (not enabled)

--------------------

Driver filters:

[Class filters]
* Infrared devices *
- Upper filters
IRENUM.sys

* Medium Changers *
- Upper filters
GEARAspiWDM.sys

* Storage volumes *
- Upper filters
VolSnap.sys

* Tape drives *
- Upper filters
GEARAspiWDM.sys



[Device filters]
* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* Communications Port *
- Upper filters
serenum.sys

* Direct Parallel *
- Lower filters
PtiLink.sys

* Plantronics USB Audio Adapter *
- Upper filters
UacFlt.sys

* Razer Copperhead USB Mouse *
- Lower filters
UsbFltr.sys

* Razer Copperhead USB Mouse *
- Lower filters
UsbFltr.sys

* Terminal Server Keyboard Driver *
- Upper filters
kbdclass.sys

* Terminal Server Mouse Driver *
- Upper filters
mouclass.sys

* WAN Miniport (IP) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPPOE) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPTP) *
- Lower filters
NdisTapi.sys



--------------------

Print monitors (8):

BJ Language Monitor - cnbjmon.dll
hpzlnt12 - hpzlnt12.dll
Local Port - localspl.dll
PDF995 Monitor - pdf995mon.dll
PJL Language Monitor - pjlmon.dll
Send To Microsoft OneNote Monitor - msonpmon.dll
Standard TCP/IP Port - tcpmon.dll
USB Monitor - usbmon.dll

--------------------

WOW compatibility:

cmdline = C:\WINDOWS\system32\ntvdm.exe
wowcmdline = C:\WINDOWS\system32\ntvdm.exe -a C:\WINDOWS\system32\krnl386

[KnownDlls (16-bit) (40)]
avicap.dll
avifile.dll
comm.drv
commdlg.dll
compobj.dll
ctl3dv2.dll
ddeml.dll
keyboard.drv
lanman.drv
mapi.dll
mciavi.drv
mciseq.drv
mciwave.drv
mmsystem.dll
mouse.drv
msacm.dll
msvideo.dll
netapi.dll
ole2.dll
ole2disp.dll
ole2nls.dll
olecli.dll
olesvr.dll
pmspl.dll
progman.exe
rasapi16.dll
shell.dll
sound.drv
storage.dll
system.drv
timer.drv
toolhelp.dll
typelib.dll
vga.drv
wfwnet.drv
win87em.dll
winoldap.mod
winsock.dll
winspool.exe
wowdeb.exe

[KnownDlls (32-bit) (20)]
advapi32.dll
comdlg32.dll
gdi32.dll
imagehlp.dll
kernel32.dll
lz32.dll
ole32.dll
oleaut32.dll
olecli32.dll
olecnv32.dll
olesvr32.dll
olethk32.dll
rpcrt4.dll
shell32.dll
url.dll
urlmon.dll
user32.dll
version.dll
wininet.dll
wldap32.dll


--------------------------------------------------
End of report, 174,554 bytes

Commandline options:
/showempty - Show empty sections
/showcmts - Show comments in .bat files
/noshowclsids - Hide class IDs
/noshowprivate - Hide usernames and computer name
/noshowusers - Hide entries from other users
/noshowhardware - Hide entries from other hardware configurations
/showlargehosts - Show hosts file even when more than 1000 lines are in it
/showlargezones - Show Zones even when more than 1000 domains are in them
/autosave - Run hidden, automatically save a report and quit
/autosavepath: - Specify where to save log, when using /autosave.
Use surrounding quotes for paths with spaces.

#15 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:17 PM

Posted 02 February 2009 - 04:09 PM

The size of the startup list file is why I asked you to attach it.

How is your computer doing now, I did not expect combofix to find so much.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users