Report of CESAM: Anti-Malware v1.0.0.6866
http://www.cesam-antimalware.com/
Saved at 11:37:11 on 07.07.2008

OS: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
Default Browser: Apple Inc. Safari Web Browser 3.0.3 (522.15.5)

Scanner Settings
Rootkits detection (twice-scan)
Retrieve files information
Check Microsoft signatures

Filters
Trusted records
Empty records
Hidden registry records (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active records
Disabled records

  Risk level Name Publisher Full Path Status
AppInit DLLs
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
Boot Execute
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager
||||   "BootExecute" "Microsoft Corporation" C:\WINDOWS\System32\autochk.exe File signed by Microsoft
Common
%SystemRoot%
HKCU\SOFTWARE\Classes\exefile\shell\open\command
HKCU\SOFTWARE\Microsoft\Command Processor
HKCU\SOFTWARE\Mirabilis\ICQ\Agent\Apps
HKLM\SOFTWARE\Classes\exefile\shell\open\command
       "{Default}" "%1" %* System default value
HKLM\SOFTWARE\Microsoft\Command Processor
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\SOFTWARE\Microsoft\Windows Script Host\Locations
HKLM\SOFTWARE\Microsoft\Windows Scripting Host\Locations
||||   "CScript" "Microsoft Corporation" C:\WINDOWS\System32\cscript.exe File signed by Microsoft
||||   "WScript" "Microsoft Corporation" C:\WINDOWS\System32\wscript.exe File signed by Microsoft
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls
Control Panel Objects
%SystemRoot%\system32
||||   "access.cpl" "Microsoft Corporation" C:\WINDOWS\system32\access.cpl File signed by Microsoft
||||   "appwiz.cpl" "Microsoft Corporation" C:\WINDOWS\system32\appwiz.cpl File signed by Microsoft
||||   "desk.cpl" "Microsoft Corporation" C:\WINDOWS\system32\desk.cpl File signed by Microsoft
||||   "hdwwiz.cpl" "Microsoft Corporation" C:\WINDOWS\system32\hdwwiz.cpl File signed by Microsoft
||||   "inetcpl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\inetcpl.cpl File signed by Microsoft
||||   "intl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\intl.cpl File signed by Microsoft
||||   "joy.cpl" "Microsoft Corporation" C:\WINDOWS\system32\joy.cpl File signed by Microsoft
||||   "main.cpl" "Microsoft Corporation" C:\WINDOWS\system32\main.cpl File signed by Microsoft
||||   "mmsys.cpl" "Microsoft Corporation" C:\WINDOWS\system32\mmsys.cpl File signed by Microsoft
||||   "ncpa.cpl" "Microsoft Corporation" C:\WINDOWS\system32\ncpa.cpl File signed by Microsoft
||||   "nusrmgr.cpl" "Microsoft Corporation" C:\WINDOWS\system32\nusrmgr.cpl File signed by Microsoft
||||   "odbccp32.cpl" "Microsoft Corporation" C:\WINDOWS\system32\odbccp32.cpl File signed by Microsoft
||||   "powercfg.cpl" "Microsoft Corporation" C:\WINDOWS\system32\powercfg.cpl File signed by Microsoft
||||   "sysdm.cpl" "Microsoft Corporation" C:\WINDOWS\system32\sysdm.cpl File signed by Microsoft
||||   "telephon.cpl" "Microsoft Corporation" C:\WINDOWS\system32\telephon.cpl File signed by Microsoft
||||   "timedate.cpl" "Microsoft Corporation" C:\WINDOWS\system32\timedate.cpl File signed by Microsoft
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
||||   "QuickTime" "Apple Computer, Inc." J:\Program Files\QuickTime\QTSystem\QuickTime.cpl File exists
||||   "VMCPL" "VMware, Inc." C:\Program Files\VMware\VMware Tools\VMControlPanel.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
||||   "ACPIEC" (ACPIEC) "Microsoft Corporation" C:\WINDOWS\system32\drivers\ACPIEC.sys File signed by Microsoft
||||   "AFD Networking Support Environment" (AFD) "Microsoft Corporation" C:\WINDOWS\System32\drivers\afd.sys File signed by Microsoft
||||   "AMD K7 Processor Driver" (AmdK7) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\amdk7.sys File signed by Microsoft
||||   "AMD PCNET Compatable Adapter Driver" (PCnet) "AMD Inc." C:\WINDOWS\System32\DRIVERS\pcntpci5.sys File signed by Microsoft
||||   "ATM ARP Client Protocol" (Atmarpc) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\atmarpc.sys File signed by Microsoft
       "Abiosdsk" (Abiosdsk) C:\WINDOWS\system32\drivers\Abiosdsk.sys File not found
       "Aha154x" (Aha154x) C:\WINDOWS\system32\drivers\Aha154x.sys File not found
       "AliIde" (AliIde) C:\WINDOWS\system32\drivers\AliIde.sys File not found
       "Atdisk" (Atdisk) C:\WINDOWS\system32\drivers\Atdisk.sys File not found
||||   "Audio Stub Driver" (audstub) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\audstub.sys File signed by Microsoft
||||   "BCFTDI" (bcftdi) "Jetico, Inc." C:\WINDOWS\system32\drivers\bcftdi.sys File exists
||||   "BC_Engine" (bc_ngn) "Jetico, Inc." C:\WINDOWS\system32\drivers\bc_ngn.sys File exists
||||   "BC_Filter" (bc_filter) "Jetico, Inc." C:\WINDOWS\system32\drivers\bc_filter.sys File exists
||||   "BC_IP_Filter" (bc_ip_f) "Jetico, Inc." C:\WINDOWS\system32\drivers\bc_ip_f.sys File exists
||||   "BC_PAT_Filter" (bc_pat_f) "Jetico, Inc." C:\WINDOWS\system32\drivers\bc_pat_f.sys File exists
||||   "BC_Protocol_Filter" (bc_prt_f) "Jetico, Inc." C:\WINDOWS\system32\drivers\bc_prt_f.sys File exists
||||   "BC_TDI_Filter" (bc_tdi_f) "Jetico, Inc." C:\WINDOWS\system32\drivers\bc_tdi_f.sys File exists
||||   "Beep" (Beep) "Microsoft Corporation" C:\WINDOWS\system32\drivers\Beep.sys File signed by Microsoft
||||   "CD-Burning Filter Driver" (Imapi) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\imapi.sys File signed by Microsoft
||||   "CD-ROM Driver" (Cdrom) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\cdrom.sys File signed by Microsoft
||||   "Cdaudio" (Cdaudio) "Microsoft Corporation" C:\WINDOWS\system32\drivers\Cdaudio.sys File signed by Microsoft
||||   "Cdfs" (Cdfs) "Microsoft Corporation" C:\WINDOWS\system32\drivers\Cdfs.sys File signed by Microsoft
       "CmdIde" (CmdIde) C:\WINDOWS\system32\drivers\CmdIde.sys File not found
       "Cpqarray" (Cpqarray) C:\WINDOWS\system32\drivers\Cpqarray.sys File not found
||||   "Digital CD Audio Playback Filter Driver" (redbook) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\redbook.sys File signed by Microsoft
||||   "Direct Parallel" (Raspti) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\raspti.sys File signed by Microsoft
||||   "Direct Parallel Link Driver" (Ptilink) "Parallel Technologies, Inc." C:\WINDOWS\System32\DRIVERS\ptilink.sys File signed by Microsoft
||||   "Disk Driver" (Disk) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\disk.sys File signed by Microsoft
||||   "Fastfat" (Fastfat) "Microsoft Corporation" C:\WINDOWS\system32\drivers\Fastfat.sys File signed by Microsoft
||||   "Fips" (Fips) "Microsoft Corporation" C:\WINDOWS\system32\drivers\Fips.sys File signed by Microsoft
||||   "Floppy Disk Controller Driver" (Fdc) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\fdc.sys File signed by Microsoft
||||   "Floppy Disk Driver" (Flpydisk) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\flpydisk.sys File signed by Microsoft
||||   "Fs_Rec" (Fs_Rec) "Microsoft Corporation" C:\WINDOWS\system32\drivers\Fs_Rec.sys File signed by Microsoft
||||   "GEARAspiWDM" (GEARAspiWDM) "GEAR Software Inc." C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys File exists
||||   "Generic Packet Classifier" (Gpc) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\msgpc.sys File signed by Microsoft
||||   "IP Network Address Translator" (IpNat) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\ipnat.sys File signed by Microsoft
||||   "IP Traffic Filter Driver" (IpFilterDriver) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys File signed by Microsoft
||||   "IP in IP Tunnel Driver" (IpInIp) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\ipinip.sys File signed by Microsoft
||||   "IPSEC driver" (IPSec) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\ipsec.sys File signed by Microsoft
||||   "IPX Traffic Filter Driver" (NwlnkFlt) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys File signed by Microsoft
||||   "IPX Traffic Forwarder Driver" (NwlnkFwd) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys File signed by Microsoft
||||   "IR Enumerator Service" (IRENUM) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\irenum.sys File signed by Microsoft
||||   "Intel AGP Bus Filter" (agp440) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\agp440.sys File signed by Microsoft
||||   "IntelIde" (IntelIde) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\intelide.sys File signed by Microsoft
||||   "KSecDD" (KSecDD) "Microsoft Corporation" C:\WINDOWS\system32\drivers\KSecDD.sys File signed by Microsoft
||||   "Keyboard Class Driver" (Kbdclass) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\kbdclass.sys File signed by Microsoft
||||   "MRXSMB" (MRxSmb) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\mrxsmb.sys File signed by Microsoft
||||   "Microcode Update Driver" (Update) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\update.sys File signed by Microsoft
||||   "Microsoft AC Adapter Driver" (CmBatt) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\CmBatt.sys File signed by Microsoft
||||   "Microsoft ACPI Driver" (ACPI) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\ACPI.sys File signed by Microsoft
||||   "Microsoft Composite Battery Driver" (Compbatt) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\compbatt.sys File signed by Microsoft
||||   "Modem" (Modem) "Microsoft Corporation" C:\WINDOWS\system32\drivers\Modem.sys File signed by Microsoft
||||   "MountMgr" (MountMgr) "Microsoft Corporation" C:\WINDOWS\system32\drivers\MountMgr.sys File signed by Microsoft
||||   "Mouse Class Driver" (Mouclass) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\mouclass.sys File signed by Microsoft
||||   "Msfs" (Msfs) "Microsoft Corporation" C:\WINDOWS\system32\drivers\Msfs.sys File signed by Microsoft
||||   "Mup" (Mup) "Microsoft Corporation" C:\WINDOWS\system32\drivers\Mup.sys File signed by Microsoft
||||   "NDIS System Driver" (NDIS) "Microsoft Corporation" C:\WINDOWS\system32\drivers\NDIS.sys File signed by Microsoft
||||   "NDIS Usermode I/O Protocol" (Ndisuio) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\ndisuio.sys File signed by Microsoft
||||   "NDProxy" (NDProxy) "Microsoft Corporation" C:\WINDOWS\system32\drivers\NDProxy.sys File signed by Microsoft
||||   "NetBIOS Interface" (NetBIOS) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\netbios.sys File signed by Microsoft
||||   "NetBios over Tcpip" (NetBT) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\netbt.sys File signed by Microsoft
||||   "Npfs" (Npfs) "Microsoft Corporation" C:\WINDOWS\system32\drivers\Npfs.sys File signed by Microsoft
||||   "Ntfs" (Ntfs) "Microsoft Corporation" C:\WINDOWS\system32\drivers\Ntfs.sys File signed by Microsoft
||||   "Null" (Null) "Microsoft Corporation" C:\WINDOWS\system32\drivers\Null.sys File signed by Microsoft
||||   "OSPD Kernel (c) Online Solutions" (ASKernel) "Online Solutions" C:\WINDOWS\system32\drivers\ASKernel.sys File exists
||||   "PCI Bus Driver" (PCI) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\pci.sys File signed by Microsoft
       "PCIIde" (PCIIde) C:\WINDOWS\system32\drivers\PCIIde.sys File not found
       "PDCOMP" (PDCOMP) C:\WINDOWS\system32\drivers\PDCOMP.sys File not found
       "PDFRAME" (PDFRAME) C:\WINDOWS\system32\drivers\PDFRAME.sys File not found
       "PDRELI" (PDRELI) C:\WINDOWS\system32\drivers\PDRELI.sys File not found
       "PDRFRAME" (PDRFRAME) C:\WINDOWS\system32\drivers\PDRFRAME.sys File not found
||||   "ParVdm" (ParVdm) "Microsoft Corporation" C:\WINDOWS\system32\drivers\ParVdm.sys File signed by Microsoft
||||   "Parallel port driver" (Parport) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\parport.sys File signed by Microsoft
||||   "PartMgr" (PartMgr) "Microsoft Corporation" C:\WINDOWS\system32\drivers\PartMgr.sys File signed by Microsoft
||||   "Pcmcia" (Pcmcia) "Microsoft Corporation" C:\WINDOWS\system32\drivers\Pcmcia.sys File signed by Microsoft
||||   "PnP ISA/EISA Bus Driver" (isapnp) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\isapnp.sys File signed by Microsoft
||||   "Processor Driver" (Processor) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\processr.sys File signed by Microsoft
       "Ql10wnt" (Ql10wnt) C:\WINDOWS\system32\drivers\Ql10wnt.sys File not found
       "Ql10wntcn" (Ql10wntcn) C:\WINDOWS\system32\drivers\Ql10wntcn.sys Hidden registry record, rootkit activity | File not found
||||   "QoS Packet Scheduler" (PSched) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\psched.sys File signed by Microsoft
||||   "RAS Asynchronous Media Driver" (AsyncMac) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\asyncmac.sys File signed by Microsoft
||||   "RDPCDD" (RDPCDD) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\RDPCDD.sys File signed by Microsoft
||||   "RDPWD" (RDPWD) "Microsoft Corporation" C:\WINDOWS\system32\drivers\RDPWD.sys File signed by Microsoft
||||   "Rdbss" (Rdbss) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\rdbss.sys File signed by Microsoft
||||   "Remote Access Auto Connection Driver" (RasAcd) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\rasacd.sys File signed by Microsoft
||||   "Remote Access IP ARP Driver" (Wanarp) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\wanarp.sys File signed by Microsoft
||||   "Remote Access NDIS TAPI Driver" (NdisTapi) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\ndistapi.sys File signed by Microsoft
||||   "Remote Access NDIS WAN Driver" (NdisWan) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\ndiswan.sys File signed by Microsoft
||||   "Remote Access PPPOE Driver" (RasPppoe) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\raspppoe.sys File signed by Microsoft
||||   "Secdrv" (Secdrv) C:\WINDOWS\System32\DRIVERS\secdrv.sys File found, but can't get any details | File signed by Microsoft
||||   "Serenum Filter Driver" (serenum) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\serenum.sys File signed by Microsoft
||||   "Serial port driver" (Serial) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\serial.sys File signed by Microsoft
||||   "Sfloppy" (Sfloppy) "Microsoft Corporation" C:\WINDOWS\system32\drivers\Sfloppy.sys File signed by Microsoft
       "Simbad" (Simbad) C:\WINDOWS\system32\drivers\Simbad.sys File not found
||||   "Software Bus Driver" (swenum) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\swenum.sys File signed by Microsoft
       "Sparrow" (Sparrow) C:\WINDOWS\system32\drivers\Sparrow.sys File not found
||||   "Srv" (Srv) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\srv.sys File signed by Microsoft
||||   "Standard IDE/ESDI Hard Disk Controller" (atapi) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\atapi.sys File signed by Microsoft
||||   "System Restore Filter Driver" (sr) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\sr.sys File signed by Microsoft
||||   "TCP/IP Protocol Driver" (Tcpip) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\tcpip.sys File signed by Microsoft
||||   "TDPIPE" (TDPIPE) "Microsoft Corporation" C:\WINDOWS\system32\drivers\TDPIPE.sys File signed by Microsoft
||||   "TDTCP" (TDTCP) "Microsoft Corporation" C:\WINDOWS\system32\drivers\TDTCP.sys File signed by Microsoft
||||   "Terminal Device Driver" (TermDD) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\termdd.sys File signed by Microsoft
       "TosIde" (TosIde) C:\WINDOWS\system32\drivers\TosIde.sys File not found
||||   "Udfs" (Udfs) "Microsoft Corporation" C:\WINDOWS\system32\drivers\Udfs.sys File signed by Microsoft
||||   "UnlockerDriver5" (UnlockerDriver5) j:\Program Files\Unlocker\UnlockerDriver5.sys File found, but can't get any details
||||   "VMware Ethernet Adapter Driver" (vmxnet) "VMware, Inc." C:\WINDOWS\System32\DRIVERS\vmxnet.sys File signed by Microsoft
||||   "VMware Pointing Device" (vmmouse) "VMware, Inc." C:\WINDOWS\System32\DRIVERS\vmmouse.sys File signed by Microsoft
||||   "VMware server memory controller" (VMMEMCTL) "VMware, Inc." C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys File exists
||||   "VgaSave" (VgaSave) "Microsoft Corporation" C:\WINDOWS\System32\drivers\vga.sys File signed by Microsoft
       "ViaIde" (ViaIde) C:\WINDOWS\system32\drivers\ViaIde.sys File not found
||||   "VolSnap" (VolSnap) "Microsoft Corporation" C:\WINDOWS\system32\drivers\VolSnap.sys File signed by Microsoft
||||   "Volume Manager Driver" (Ftdisk) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\ftdisk.sys File signed by Microsoft
||||   "WAN Miniport (L2TP)" (Rasl2tp) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\rasl2tp.sys File signed by Microsoft
||||   "WAN Miniport (PPTP)" (PptpMiniport) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\raspptp.sys File signed by Microsoft
       "WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys File not found
||||   "WebDav Client Redirector" (MRxDAV) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\mrxdav.sys File signed by Microsoft
||||   "Windows Socket 2.0 Non-IFS Service Provider Support Environment" (WS2IFSL) "Microsoft Corporation" C:\WINDOWS\System32\drivers\ws2ifsl.sys File signed by Microsoft
       "abp480n5" (abp480n5) C:\WINDOWS\system32\drivers\abp480n5.sys File not found
       "adpu160m" (adpu160m) C:\WINDOWS\system32\drivers\adpu160m.sys File not found
       "aic78u2" (aic78u2) C:\WINDOWS\system32\drivers\aic78u2.sys File not found
       "aic78xx" (aic78xx) C:\WINDOWS\system32\drivers\aic78xx.sys File not found
       "amsint" (amsint) C:\WINDOWS\system32\drivers\amsint.sys File not found
       "apf1n66v" (apf1n66v) C:\WINDOWS\system32\drivers\apf1n66v.sys Hidden registry record, rootkit activity | File not found
       "asc" (asc) C:\WINDOWS\system32\drivers\asc.sys File not found
       "asc3350p" (asc3350p) C:\WINDOWS\system32\drivers\asc3350p.sys File not found
       "asc3550" (asc3550) C:\WINDOWS\system32\drivers\asc3550.sys File not found
||||   "cbidf2k" (cbidf2k) "Microsoft Corporation" C:\WINDOWS\system32\drivers\cbidf2k.sys File signed by Microsoft
       "cd20xrnt" (cd20xrnt) C:\WINDOWS\system32\drivers\cd20xrnt.sys File not found
||||   "d344bus" (d344bus) " " C:\WINDOWS\System32\DRIVERS\d344bus.sys File exists
||||   "d344prt" (d344prt) " " C:\WINDOWS\System32\Drivers\d344prt.sys File exists
       "dac2w2k" (dac2w2k) C:\WINDOWS\system32\drivers\dac2w2k.sys File not found
       "dac960nt" (dac960nt) C:\WINDOWS\system32\drivers\dac960nt.sys File not found
||||   "dmboot" (dmboot) "Microsoft Corp., Veritas Software" C:\WINDOWS\System32\drivers\dmboot.sys File signed by Microsoft
||||   "dmio" (dmio) "Microsoft Corp., Veritas Software" C:\WINDOWS\System32\drivers\dmio.sys File signed by Microsoft
||||   "dmload" (dmload) "Microsoft Corp., Veritas Software." C:\WINDOWS\System32\drivers\dmload.sys File signed by Microsoft
       "dpti2o" (dpti2o) C:\WINDOWS\system32\drivers\dpti2o.sys File not found
       "fsflt" (fsflt) C:\WINDOWS\System32\drivers\fsflt.sys File not found
||||   "hgfs" (hgfs) "VMware, Inc." C:\WINDOWS\System32\DRIVERS\hgfs.sys File exists
       "hpn" (hpn) C:\WINDOWS\system32\drivers\hpn.sys File not found
       "i2omp" (i2omp) C:\WINDOWS\system32\drivers\i2omp.sys File not found
||||   "i8042 Keyboard and PS/2 Mouse Port Driver" (i8042prt) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\i8042prt.sys File signed by Microsoft
       "ini910u" (ini910u) C:\WINDOWS\system32\drivers\ini910u.sys File not found
||||   "mnmdd" (mnmdd) "Microsoft Corporation" C:\WINDOWS\system32\drivers\mnmdd.sys File signed by Microsoft
       "mraid35x" (mraid35x) C:\WINDOWS\system32\drivers\mraid35x.sys File not found
       "perc2" (perc2) C:\WINDOWS\system32\drivers\perc2.sys File not found
       "perc2hib" (perc2hib) C:\WINDOWS\system32\drivers\perc2hib.sys File not found
       "ql1080" (ql1080) C:\WINDOWS\system32\drivers\ql1080.sys File not found
       "ql12160" (ql12160) C:\WINDOWS\system32\drivers\ql12160.sys File not found
       "ql1240" (ql1240) C:\WINDOWS\system32\drivers\ql1240.sys File not found
       "ql1280" (ql1280) C:\WINDOWS\system32\drivers\ql1280.sys File not found
       "runXP" (runXP) C:\WINDOWS\system32\drivers\runXP.sys Hidden registry record, rootkit activity | File not found
       "sptd" (sptd) C:\WINDOWS\System32\Drivers\sptd.sys File is exclusively opened, access blocked
       "sym_hi" (sym_hi) C:\WINDOWS\system32\drivers\sym_hi.sys File not found
       "sym_u3" (sym_u3) C:\WINDOWS\system32\drivers\sym_u3.sys File not found
       "symavc32" (symavc32) C:\WINDOWS\system32\drivers\symavc32.sys Hidden registry record, rootkit activity | File not found
       "symc810" (symc810) C:\WINDOWS\system32\drivers\symc810.sys File not found
       "symc8xx" (symc8xx) C:\WINDOWS\system32\drivers\symc8xx.sys File not found
       "ultra" (ultra) C:\WINDOWS\system32\drivers\ultra.sys File not found
||||   "vmscsi" (vmscsi) "VMware, Inc." C:\WINDOWS\System32\DRIVERS\vmscsi.sys File signed by Microsoft
||||   "vmx_svga" (vmx_svga) "VMware, Inc." C:\WINDOWS\System32\DRIVERS\vmx_svga.sys File signed by Microsoft
       "HackerDefenderDrv100" (HackerDefenderDrv100) C:\hxdefdrv.sys Hidden registry record, rootkit activity | File found, but can't get any details
Explorer
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
HKCU\Software\Classes\Folder\shellex\ColumnHandlers
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components
       "(0) My Current Home Page" About:Home System default value
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKCU\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
||||   Installed Components "Address Book 6" "Microsoft Corporation" "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install File signed by Microsoft
||||   Installed Components "Browser Customizations" "Microsoft Corporation" RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP File signed by Microsoft
||||   Installed Components "Internet Explorer" "Microsoft Corporation" %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE File signed by Microsoft
||||   Installed Components "Internet Explorer 6" "Microsoft Corporation" %SystemRoot%\system32\ie4uinit.exe File signed by Microsoft
||||   Installed Components "Microsoft Outlook Express 6" "Microsoft Corporation" "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install File signed by Microsoft
||||   Installed Components "Microsoft Windows Media Player" "Microsoft Corporation" C:\WINDOWS\inf\unregmp2.exe /ShowWMP File signed by Microsoft
||||   Installed Components "Microsoft Windows Media Player 6.4" "Microsoft Corporation" rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT File signed by Microsoft
||||   Installed Components "Microsoft Windows Media Player 8" "Microsoft Corporation" rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub File signed by Microsoft
||||   Installed Components "NetMeeting 3.01" "Microsoft Corporation" rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT File signed by Microsoft
||||   Installed Components "Outlook Express" "Microsoft Corporation" %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE File signed by Microsoft
||||   Installed Components "StubPath" "Microsoft Corporation" "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser File signed by Microsoft
||||   Installed Components "StubPath" "Microsoft Corporation" C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install File exists
||||   Installed Components "Themes Setup" "Microsoft Corporation" %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll File signed by Microsoft
||||   Installed Components "Windows Desktop Update" "Microsoft Corporation" regsvr32.exe /s /n /i:U shell32.dll File signed by Microsoft
||||   Installed Components "Windows Messenger" "Microsoft Corporation" rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser File signed by Microsoft
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
||||   {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
||||   {0D2E74C4-3C34-11d2-A27E-00C04FC30871} "{0D2E74C4-3C34-11d2-A27E-00C04FC30871}" "Microsoft Corporation" C:\WINDOWS\system32\SHELL32.dll File signed by Microsoft
||||   {24F14F01-7B1C-11d1-838f-0000F80461CF} "{24F14F01-7B1C-11d1-838f-0000F80461CF}" "Microsoft Corporation" C:\WINDOWS\system32\SHELL32.dll File signed by Microsoft
||||   {24F14F02-7B1C-11d1-838f-0000F80461CF} "{24F14F02-7B1C-11d1-838f-0000F80461CF}" "Microsoft Corporation" C:\WINDOWS\system32\SHELL32.dll File signed by Microsoft
||||   {66742402-F9B9-11D1-A202-0000F81FEDEE} "{66742402-F9B9-11D1-A202-0000F81FEDEE}" "Microsoft Corporation" C:\WINDOWS\system32\SHELL32.dll File signed by Microsoft
HKLM\Software\Classes\Protocols\Filter
||||   {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} "AP Class Install Handler filter" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File signed by Microsoft
||||   {8f6b0360-b80d-11d0-a9b3-006097942311} "AP lzdhtml encoding/decoding Filter" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File signed by Microsoft
||||   {8f6b0360-b80d-11d0-a9b3-006097942311} "AP lzdhtml encoding/decoding Filter" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File signed by Microsoft
||||   {8f6b0360-b80d-11d0-a9b3-006097942311} "AP lzdhtml encoding/decoding Filter" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File signed by Microsoft
||||   {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\System32\mscoree.dll File exists
||||   {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\System32\mscoree.dll File exists
||||   {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\System32\mscoree.dll File exists
||||   {733AC4CB-F1A4-11d0-B951-00A0C90312E1} "WebView MIME Filter" "Microsoft Corporation" C:\WINDOWS\system32\SHELL32.dll File signed by Microsoft
||||   {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
||||   {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} "AsyncPProt Class" "Microsoft Corporation" C:\WINDOWS\System32\msdxm.ocx File signed by Microsoft
||||   {3dd53d40-7b8b-11D0-b013-00aa0059ce02} "CDL: Asychronous Pluggable Protocol Handler" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File signed by Microsoft
||||   {12D51199-0DB5-46FE-A120-47A3D7D937CC} "DVD: Pluggable Protocol" "Microsoft Corporation" C:\WINDOWS\System32\msvidctl.dll File signed by Microsoft
||||   {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL File exists
||||   {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL File exists
||||   {05300401-BCBC-11d0-85E3-00C04FD85AB4} "MHTML Asychronous Pluggable Protocol Handler" "Microsoft Corporation" C:\WINDOWS\System32\inetcomm.dll File signed by Microsoft
       {03B7A5D4-96B0-4316-95F8-072D326A58F1} "MLFPHandler Class" ielpview.dll File not found
||||   {3050F406-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML About Pluggable Protocol" "Microsoft Corporation" C:\WINDOWS\System32\mshtml.dll File signed by Microsoft
||||   {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" "Microsoft Corporation" C:\WINDOWS\System32\mshtml.dll File signed by Microsoft
||||   {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" "Microsoft Corporation" C:\WINDOWS\System32\mshtml.dll File signed by Microsoft
||||   {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Mailto Pluggable Protocol" "Microsoft Corporation" C:\WINDOWS\System32\mshtml.dll File signed by Microsoft
||||   {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Resource Pluggable Protocol" "Microsoft Corporation" C:\WINDOWS\System32\mshtml.dll File signed by Microsoft
||||   {76E67A63-06E9-11D2-A840-006008059382} "Microsoft HTML Resource Pluggable Protocol" "Microsoft Corporation" C:\WINDOWS\System32\mshtml.dll File signed by Microsoft
||||   {9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" "Microsoft Corporation" C:\WINDOWS\System32\itss.dll File signed by Microsoft
||||   {9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" "Microsoft Corporation" C:\WINDOWS\System32\itss.dll File signed by Microsoft
||||   {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "TV: Pluggable Protocol" "Microsoft Corporation" C:\WINDOWS\System32\msvidctl.dll File signed by Microsoft
       {E4CB5121-E242-11D4-8ED6-00010219EB22} "VFSP Class" VFSProtocol.dll File not found
||||   {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} "WiaProtocol Class" "Microsoft Corporation" C:\WINDOWS\System32\wiascr.dll File signed by Microsoft
||||   {79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File signed by Microsoft
||||   {79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File signed by Microsoft
||||   {79eac9e3-baf9-11ce-8c82-00aa004ba90b} "ftp: Asychronous Pluggable Protocol Handler" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File signed by Microsoft
||||   {79eac9e4-baf9-11ce-8c82-00aa004ba90b} "gopher: Asychronous Pluggable Protocol Handler" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File signed by Microsoft
||||   {79eac9e2-baf9-11ce-8c82-00aa004ba90b} "http: Asychronous Pluggable Protocol Handler" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File signed by Microsoft
||||   {79eac9e5-baf9-11ce-8c82-00aa004ba90b} "https: Asychronous Pluggable Protocol Handler" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File signed by Microsoft
||||   {79eac9e6-baf9-11ce-8c82-00aa004ba90b} "mk: Asychronous Pluggable Protocol Handler" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File signed by Microsoft
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
||||   {438755C2-A8BA-11D1-B96B-00A0C90312E1} "Browseui preloader" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {8C7461EF-2B13-11d2-BE35-3078302C2030} "Component Categories cache daemon" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
||||   {A5949E07-8536-4625-A3D0-2DD83F559990} "ShHook Class" "Mercury Interactive Corp." C:\WINDOWS\System32\ShellHook.dll File exists
||||   {AEB6717E-7E19-11d0-97EE-00C04FD91972} "URL Exec Hook" "Microsoft Corporation" C:\WINDOWS\System32\shell32.dll File signed by Microsoft
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
||||   {01E04581-4EEE-11d0-BFE9-00AA005B4383} "&Address" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {7e653215-fa25-46bd-a339-34a2790f3cb7} "Accessible" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {88C6C381-2E85-11D0-94DE-444553540000} "ActiveX Cache Folder" "Microsoft Corporation" C:\WINDOWS\System32\occache.dll File signed by Microsoft
||||   {E0E11A09-5CB8-4B6C-8332-E00720A168F2} "Address Bar Parser" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {A08C11D2-A228-11d0-825B-00AA005B4383} "Address EditBox" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {D20EA4E1-3957-11d2-A40B-0C5020524153} "Administrative Tools" "Microsoft Corporation" C:\WINDOWS\system32\shdocvw.dll File signed by Microsoft
||||   {875CB1A1-0F29-45de-A1AE-CFB4950D0B78} "Audio Media Properties Handler" "Microsoft Corporation" C:\WINDOWS\System32\shmedia.dll File signed by Microsoft
||||   {91EA3F8B-C99B-11d0-9815-00C04FD91972} "Augmented Shell Folder" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {6413BA2C-B461-11d1-A18A-080036B11A03} "Augmented Shell Folder 2" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" "Microsoft Corporation" C:\WINDOWS\System32\wuaueng.dll File signed by Microsoft
||||   {87D62D94-71B3-4b9a-9489-5FE6850DC73E} "Avi Properties Handler" "Microsoft Corporation" C:\WINDOWS\System32\shmedia.dll File signed by Microsoft
||||   {F61FFEC1-754F-11d0-80CA-00AA005B4383} "BandProxy" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {85BBD920-42A0-1069-A2E4-08002B30309D} "Briefcase" "Microsoft Corporation" C:\WINDOWS\System32\syncui.dll File signed by Microsoft
||||   {67EA19A0-CCEF-11d0-8024-00C04FD75D13} "CDF Extension Copy Hook" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File signed by Microsoft
||||   {0CD7A5C0-9F37-11CE-AE65-08002B2E1262} "Cabinet File" "Microsoft Corporation" C:\WINDOWS\System32\cabview.dll File signed by Microsoft
||||   {f39a0dc0-9cc8-11d0-a599-00c04fd64433} "Channel" "Microsoft Corporation" C:\WINDOWS\System32\cdfview.dll File signed by Microsoft
||||   {f3ba0dc0-9cc8-11d0-a599-00c04fd64435} "Channel Handler Object" "Microsoft Corporation" C:\WINDOWS\System32\cdfview.dll File signed by Microsoft
||||   {f3da0dc0-9cc8-11d0-a599-00c04fd64437} "Channel Menu Handler Object" "Microsoft Corporation" C:\WINDOWS\System32\cdfview.dll File signed by Microsoft
||||   {f3aa0dc0-9cc8-11d0-a599-00c04fd64434} "Channel Shortcut" "Microsoft Corporation" C:\WINDOWS\System32\cdfview.dll File signed by Microsoft
||||   {f3ea0dc0-9cc8-11d0-a599-00c04fd64438} "Channel Shortcut Property Pages" "Microsoft Corporation" C:\WINDOWS\System32\cdfview.dll File signed by Microsoft
||||   {7D559C10-9FE9-11d0-93F7-00AA0059CE02} "Code Download Agent" "Microsoft Corporation" C:\WINDOWS\System32\webcheck.dll File signed by Microsoft
||||   {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} "Compatibility Page" "Microsoft Corporation" C:\WINDOWS\System32\SlayerXP.dll File signed by Microsoft
||||   {BD472F60-27FA-11cf-B8B4-444553540000} "Compressed (zipped) Folder Right Drag Handler" "Microsoft Corporation" C:\WINDOWS\System32\zipfldr.dll File signed by Microsoft
||||   {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} "Compressed (zipped) Folder SendTo Target" "Microsoft Corporation" C:\WINDOWS\System32\zipfldr.dll File signed by Microsoft
||||   {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} "CompressedFolder" "Microsoft Corporation" C:\WINDOWS\System32\zipfldr.dll File signed by Microsoft
||||   {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} "ConnectionAgent" "Microsoft Corporation" C:\WINDOWS\System32\webcheck.dll File signed by Microsoft
||||   {7444C717-39BF-11D1-8CD9-00C04FC29D45} "CryptPKO Class" "Microsoft Corporation" C:\WINDOWS\system32\cryptext.dll File signed by Microsoft
||||   {7444C719-39BF-11D1-8CD9-00C04FC29D45} "CryptSig Class" "Microsoft Corporation" C:\WINDOWS\system32\cryptext.dll File signed by Microsoft
||||   {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} "Custom MRU AutoCompleted List" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {CFCCC7A0-A282-11D1-9082-006008059382} "Darwin App Publisher" "Microsoft Corporation" C:\WINDOWS\System32\appwiz.cpl File signed by Microsoft
||||   {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} "DfsShell Class" "Microsoft Corporation" C:\WINDOWS\System32\dfsshlex.dll File signed by Microsoft
||||   {11359F4A-B191-42D7-905A-594F8CF0387B} "Dictionary.com" "www.typeless.com" C:\WINDOWS\Downloaded Program Files\lexbar.dll File exists
||||   {62AE1F9A-126A-11D0-A14B-0800361B1103} "Directory Context Menu Verbs" "Microsoft Corporation" C:\WINDOWS\System32\dsuiext.dll File signed by Microsoft
||||   {163FDC20-2ABC-11d0-88F0-00A024AB2DBB} "Directory Object Find" "Microsoft Corporation" C:\WINDOWS\System32\dsquery.dll File signed by Microsoft
||||   {0D45D530-764B-11d0-A1CA-00AA00C16E65} "Directory Property UI" "Microsoft Corporation" C:\WINDOWS\System32\dsuiext.dll File signed by Microsoft
||||   {8A23E65E-31C2-11d0-891C-00A024AB2DBB} "Directory Query UI" "Microsoft Corporation" C:\WINDOWS\System32\dsquery.dll File signed by Microsoft
||||   {F020E586-5264-11d1-A532-0000F8757D7E} "Directory Start/Search Find" "Microsoft Corporation" C:\WINDOWS\System32\dsquery.dll File signed by Microsoft
||||   {59099400-57FF-11CE-BD94-0020AF85B590} "Disk Copy Extension" "Microsoft Corporation" C:\WINDOWS\System32\diskcopy.dll File signed by Microsoft
||||   {42071712-76d4-11d1-8b24-00a0c9068ff3} "Display Adapter CPL Extension" "Microsoft Corporation" C:\WINDOWS\System32\deskadp.dll File signed by Microsoft
||||   {42071713-76d4-11d1-8b24-00a0c9068ff3} "Display Monitor CPL Extension" "Microsoft Corporation" C:\WINDOWS\System32\deskmon.dll File signed by Microsoft
||||   {f92e8c40-3d33-11d2-b1aa-080036a75b03} "Display TroubleShoot CPL Extension" "Microsoft Corporation" C:\WINDOWS\System32\deskperf.dll File signed by Microsoft
||||   {22BF0C20-6DA7-11D0-B373-00A0C9034938} "Download Status" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {60fd46de-f830-4894-a628-6fa81bc0190d} "DropTarget Object for Photo Printing Wizard" "Microsoft Corporation" C:\WINDOWS\System32\photowiz.dll File signed by Microsoft
||||   {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} "E-mail" "Microsoft Corporation" C:\WINDOWS\system32\shdocvw.dll File signed by Microsoft
||||   {DFA0CC7F-D36B-47D1-8EF5-415C1DA53F57} "EmEditor" C:\Program Files\EmEditor\emedshl.dll File found, but can't get any details
       {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Encryption Context Menu" COM-object registry key not found
||||   {EFA24E64-B078-11d0-89E4-00C04FC9E26E} "Explorer Band" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File signed by Microsoft
||||   {7A80E4A8-8005-11D2-BCF8-00C04F72C717} "ExtractIcon Class" "Microsoft Corporation" C:\WINDOWS\System32\mmcshext.dll File signed by Microsoft
||||   {EFA24E61-B078-11d0-89E4-00C04FC9E26E} "Favorites Band" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File signed by Microsoft
||||   {BD84B380-8CA2-1069-AB1D-08000948F534} "Fonts" "Microsoft Corporation" C:\WINDOWS\System32\fontext.dll File signed by Microsoft
||||   {D20EA4E1-3957-11d2-A40B-0C5020524152} "Fonts" "Microsoft Corporation" C:\WINDOWS\system32\shdocvw.dll File signed by Microsoft
||||   {32714800-2E5F-11d0-8B85-00AA0044F941} "For &People..." "Microsoft Corporation" C:\Program Files\Outlook Express\wabfind.dll File signed by Microsoft
||||   {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
||||   {3F30C968-480A-4C6C-862D-EFC0897BB84B} "GDI+ file thumbnail extractor" "Microsoft Corporation" C:\WINDOWS\system32\shimgvw.dll File signed by Microsoft
||||   {58f1f272-9240-4f51-b6d4-fd63d1618591} "Get a Passport Wizard" "Microsoft Corporation" C:\WINDOWS\System32\netplwiz.dll File signed by Microsoft
||||   {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "Global Folder Settings" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {EAB841A0-9550-11cf-8C16-00805F1408F3} "HTML Thumbnail Extractor" "Microsoft Corporation" C:\WINDOWS\system32\shimgvw.dll File signed by Microsoft
||||   {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} "Help and Support" "Microsoft Corporation" C:\WINDOWS\system32\shdocvw.dll File signed by Microsoft
||||   {FF393560-C2A7-11CF-BFF4-444553540000} "History" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File signed by Microsoft
||||   {88895560-9AA2-1069-930E-00AA0030EBC8} "HyperTerminal Icon Ext" "Hilgraeve, Inc." C:\WINDOWS\System32\hticons.dll File signed by Microsoft
||||   {DBCE2480-C732-101B-BE72-BA78E9AD5B27} "ICC Profile" "Microsoft Corporation" C:\WINDOWS\system32\icmui.dll File signed by Microsoft
||||   {5DB2625A-54DF-11D0-B6C4-0800091AA605} "ICM Monitor Management" "Microsoft Corporation" C:\WINDOWS\System32\icmui.dll File signed by Microsoft
||||   {675F097E-4C4D-11D0-B6C1-0800091AA605} "ICM Printer Management" "Microsoft Corporation" C:\WINDOWS\system32\icmui.dll File signed by Microsoft
||||   {176d6597-26d3-11d1-b350-080036a75b03} "ICM Scanner Management" "Microsoft Corporation" C:\WINDOWS\System32\icmui.dll File signed by Microsoft
||||   {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} "IE4 Suite Splash Screen" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File signed by Microsoft
||||   {131A6951-7F78-11D0-A979-00C04FD705A2} "ISFBand OC" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File signed by Microsoft
||||   {169A0691-8DF9-11d1-A1C4-00C04FD75D13} "In-pane search" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {0B124F8F-91F0-11D1-B8B5-006008059382} "Installed Apps Enumerator" "Microsoft Corporation" C:\WINDOWS\System32\appwiz.cpl File signed by Microsoft
||||   {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} "Internet" "Microsoft Corporation" C:\WINDOWS\system32\shdocvw.dll File signed by Microsoft
||||   {871C5380-42A0-1069-A2EA-08002B30309D} "Internet Name Space" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File signed by Microsoft
||||   {FBF23B40-E3F0-101B-8488-00AA003E56F8} "Internet Shortcut" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File signed by Microsoft
||||   {6756A641-DE71-11d0-831B-00AA005B4383} "MRU AutoComplete List" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {32683183-48a0-441b-a342-7c2a440a9478} "Media Band" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {143A62C8-C33B-11D1-84FE-00C04FA34A14} "Microsoft Agent Character Property Sheet Handler" "Microsoft Corporation" C:\WINDOWS\msagent\agentpsh.dll File signed by Microsoft
||||   {00BB2763-6A77-11D0-A535-00C04FD7D062} "Microsoft AutoComplete" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} "Microsoft Browser Architecture" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File signed by Microsoft
||||   {7BA4C742-9E81-11CF-99D3-00AA004AE837} "Microsoft BrowserBand" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {7988B573-EC89-11cf-9C00-00AA00A14F56} "Microsoft Disk Quota UI" "Microsoft Corporation" C:\WINDOWS\System32\dskquoui.dll File signed by Microsoft
||||   {6A205B57-2567-4A2C-B881-F787FAB579A3} "Microsoft DocProp Inplace Calendar Control" "Microsoft Corporation" C:\WINDOWS\System32\docprop2.dll File signed by Microsoft
||||   {0EEA25CC-4362-4A12-850B-86EE61B0D3EB} "Microsoft DocProp Inplace Droplist Combo Control" "Microsoft Corporation" C:\WINDOWS\System32\docprop2.dll File signed by Microsoft
||||   {A9CF0EAE-901A-4739-A481-E35B73E47F6D} "Microsoft DocProp Inplace Edit Box Control" "Microsoft Corporation" C:\WINDOWS\System32\docprop2.dll File signed by Microsoft
||||   {8EE97210-FD1F-4B19-91DA-67914005F020} "Microsoft DocProp Inplace ML Edit Box Control" "Microsoft Corporation" C:\WINDOWS\System32\docprop2.dll File signed by Microsoft
||||   {28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} "Microsoft DocProp Inplace Time Control" "Microsoft Corporation" C:\WINDOWS\System32\docprop2.dll File signed by Microsoft
||||   {883373C3-BF89-11D1-BE35-080036B11A03} "Microsoft DocProp Shell Ext" "Microsoft Corporation" C:\WINDOWS\System32\docprop2.dll File signed by Microsoft
||||   {63da6ec0-2e98-11cf-8d82-444553540000} "Microsoft FTP Folder" "Microsoft Corporation" C:\WINDOWS\System32\msieftp.dll File signed by Microsoft
||||   {00BB2764-6A77-11D0-A535-00C04FD7D062} "Microsoft History AutoComplete List" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {5E6AB780-7743-11CF-A12B-00AA004AE837} "Microsoft Internet Toolbar" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {00BB2765-6A77-11D0-A535-00C04FD7D062} "Microsoft Multiple AutoComplete List Container" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {2206CDB2-19C1-11D1-89E0-00C04FD7A829} "Microsoft OLE DB Service Component Data Links" "Microsoft Corporation" C:\Program Files\Common Files\System\Ole DB\oledb32.dll File signed by Microsoft
||||   {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\OFFICE11\msohev.dll File exists
||||   {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL File exists
||||   {03C036F1-A186-11D0-824A-00AA005B4383} "Microsoft Shell Folder AutoComplete List" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {3C374A40-BAE4-11CF-BF7D-00AA006946EE} "Microsoft Url History Service" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File signed by Microsoft
||||   {CFBFAE00-17A6-11D0-99CB-00C04FD64497} "Microsoft Url Search Hook" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File signed by Microsoft
||||   {A6FD9E45-6E44-43f9-8644-08598F5A74D9} "Midi Properties Handler" "Microsoft Corporation" C:\WINDOWS\System32\shmedia.dll File signed by Microsoft
||||   {00022613-0000-0000-C000-000000000046} "Multimedia File Property Sheet" "Microsoft Corporation" C:\WINDOWS\System32\mmsys.cpl File signed by Microsoft
       {764BF0E1-F219-11ce-972D-00AA00A14F56} "Multimedia File Property Sheet" COM-object registry key not found
||||   {ECF03A33-103D-11d2-854D-006008059367} "MyDocs Copy Hook" "Microsoft Corporation" C:\WINDOWS\System32\mydocs.dll File signed by Microsoft
||||   {ECF03A32-103D-11d2-854D-006008059367} "MyDocs Drop Target" "Microsoft Corporation" C:\WINDOWS\System32\mydocs.dll File signed by Microsoft
||||   {4a7ded0a-ad25-11d0-98a8-0800361b1103} "MyDocs menu and properties" "Microsoft Corporation" C:\WINDOWS\System32\mydocs.dll File signed by Microsoft
||||   {7007ACC7-3202-11D1-AAD2-00805FC1270E} "Network Connections" "Microsoft Corporation" C:\WINDOWS\system32\NETSHELL.dll File signed by Microsoft
||||   {992CFFA0-F557-101A-88EC-00DD010CCC48} "Network Connections" "Microsoft Corporation" C:\WINDOWS\system32\NETSHELL.dll File signed by Microsoft
||||   {3EA48300-8CF6-101B-84FB-666CCB9BCD32} "OLE Docfile Property Page" "Microsoft Corporation" C:\WINDOWS\System32\docprop.dll File signed by Microsoft
||||   {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} "Offline Files Folder" "Microsoft Corporation" C:\WINDOWS\System32\cscui.dll File signed by Microsoft
||||   {10CFC467-4392-11d2-8DB4-00C04FA31A66} "Offline Files Folder Options" "Microsoft Corporation" C:\WINDOWS\System32\cscui.dll File signed by Microsoft
||||   {750fdf0e-2a26-11d1-a3ea-080036587f03} "Offline Files Menu" "Microsoft Corporation" C:\WINDOWS\System32\cscui.dll File signed by Microsoft
||||   {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL File exists
||||   {41E300E0-78B6-11ce-849B-444553540000} "PlusPack CPL Extension" "Microsoft Corporation" C:\WINDOWS\System32\themeui.dll File signed by Microsoft
||||   {D8BD2030-6FC9-11D0-864F-00AA006809D9} "PostAgent" "Microsoft Corporation" C:\WINDOWS\System32\webcheck.dll File signed by Microsoft
||||   {add36aa8-751a-4579-a266-d66f5202ccbb} "Print Ordering via the Web" "Microsoft Corporation" C:\WINDOWS\System32\netplwiz.dll File signed by Microsoft
||||   {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" "RealNetworks, Inc." J:\Program Files\Real\RealPlayer\rpshell.dll File exists
||||   {AF4F6510-F982-11d0-8595-00AA004CD6D8} "Registry Tree Options Utility" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {F0152790-D56E-4445-850E-4F3117DB740C} "Remote Sessions CPL Extension" "Microsoft Corporation" C:\WINDOWS\System32\remotepg.dll File signed by Microsoft
||||   {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} "Run..." "Microsoft Corporation" C:\WINDOWS\system32\shdocvw.dll File signed by Microsoft
||||   {3F953603-1008-4f6e-A73A-04AAC7A992F1} "Scanners & Cameras" "Microsoft Corporation" C:\WINDOWS\System32\wiashext.dll File signed by Microsoft
||||   {83bbcbf3-b28a-4919-a5aa-73027445d672} "Scanners & Cameras" "Microsoft Corporation" C:\WINDOWS\System32\wiashext.dll File signed by Microsoft
||||   {905667aa-acd6-11d2-8080-00805f6596d2} "Scanners & Cameras" "Microsoft Corporation" C:\WINDOWS\System32\wiashext.dll File signed by Microsoft
||||   {E211B736-43FD-11D1-9EFB-0000F8757FCD} "Scanners & Cameras" "Microsoft Corporation" C:\WINDOWS\System32\wiashext.dll File signed by Microsoft
||||   {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} "Scanners & Cameras" "Microsoft Corporation" C:\WINDOWS\System32\wiashext.dll File signed by Microsoft
||||   {D6277990-4C6A-11CF-8D87-00AA0060F5BF} "Scheduled Tasks" "Microsoft Corporation" C:\WINDOWS\System32\mstask.dll File signed by Microsoft
||||   {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} "Scheduling UI icon handler" "Microsoft Corporation" C:\WINDOWS\System32\mstask.dll File signed by Microsoft
||||   {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} "Scheduling UI property sheet handler" "Microsoft Corporation" C:\WINDOWS\System32\mstask.dll File signed by Microsoft
||||   {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} "Search" "Microsoft Corporation" C:\WINDOWS\system32\shdocvw.dll File signed by Microsoft
||||   {9461b922-3c5a-11d2-bf8b-00c04fb93661} "Search Assistant OC" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File signed by Microsoft
||||   {30D02401-6A81-11d0-8274-00C04FD5AE38} "Search Band" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {1F2E5C40-9550-11CE-99D2-00AA006E086C} "Security Shell Extension" "Microsoft Corporation" C:\WINDOWS\System32\rshx32.dll File signed by Microsoft
||||   {4E40F770-369C-11d0-8922-00A024AB2DBB} "Security Shell Extension" "Microsoft Corporation" C:\WINDOWS\System32\dssec.dll File signed by Microsoft
||||   {F37C5810-4D3F-11d0-B4BF-00AA00BBB723} "Security Shell Extension" "Microsoft Corporation" C:\WINDOWS\System32\rshx32.dll File signed by Microsoft
||||   {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" "Microsoft Corporation" C:\WINDOWS\System32\sendmail.dll File signed by Microsoft
||||   {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" "Microsoft Corporation" C:\WINDOWS\System32\sendmail.dll File signed by Microsoft
||||   {352EC2B7-8B9A-11D1-B8AE-006008059382} "Shell Application Manager" "Microsoft Corporation" C:\WINDOWS\System32\appwiz.cpl File signed by Microsoft
||||   {0A89A860-D7B1-11CE-8350-444553540000} "Shell Automation Inproc Service" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File signed by Microsoft
||||   {ECD4FC4E-521C-11D0-B792-00A0C90312E1} "Shell Band Site Menu" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {ECD4FC4C-521C-11D0-B792-00A0C90312E1} "Shell DeskBar" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} "Shell DeskBarApp" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {E7E4BC40-E76A-11CE-A9BB-00AA004AE837} "Shell DocObject Viewer" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File signed by Microsoft
||||   {60254CA5-953B-11CF-8C96-00AA00B8708C} "Shell Extension For Windows Script Host" "Microsoft Corporation" C:\WINDOWS\System32\wshext.dll File signed by Microsoft
||||   {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} "Shell Image Data Factory" "Microsoft Corporation" C:\WINDOWS\system32\shimgvw.dll File signed by Microsoft
||||   {eb9b1153-3b57-4e68-959a-a3266bc3d7fe} "Shell Image Property Handler" "Microsoft Corporation" C:\WINDOWS\system32\shimgvw.dll File signed by Microsoft
||||   {e84fda7c-1d6a-45f6-b725-cb260c236066} "Shell Image Verbs" "Microsoft Corporation" C:\WINDOWS\system32\shimgvw.dll File signed by Microsoft
||||   {6b33163c-76a5-4b6c-bf21-45de9cd503a1} "Shell Publishing Wizard Object" "Microsoft Corporation" C:\WINDOWS\System32\netplwiz.dll File signed by Microsoft
||||   {ECD4FC4D-521C-11D0-B792-00A0C90312E1} "Shell Rebar BandSite" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {56117100-C0CD-101B-81E2-00AA004AE837} "Shell Scrap DataHandler" "Microsoft Corporation" C:\WINDOWS\System32\shscrap.dll File signed by Microsoft
||||   {59be4990-f85c-11ce-aff7-00aa003ca9f6} "Shell extensions for Microsoft Windows Network objects" "Microsoft Corporation" C:\WINDOWS\System32\ntlanui2.dll File signed by Microsoft
||||   {40dd6e20-7c17-11ce-a804-00aa003ca9f6} "Shell extensions for sharing" "Microsoft Corporation" C:\WINDOWS\System32\ntshrui.dll File signed by Microsoft
||||   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} "Shell extensions for sharing" "Microsoft Corporation" C:\WINDOWS\System32\ntshrui.dll File signed by Microsoft
||||   {9E51E0D0-6E0F-11d2-9601-00C04FA31A86} "Shell properties for a DS object" "Microsoft Corporation" C:\WINDOWS\System32\dsquery.dll File signed by Microsoft
||||   {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} "SnagIt" "TechSmith Corporation" J:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll File exists
||||   {CF74B903-3389-469c-B3B6-0204D204FCBD} "SnagItShellExt Class" "TechSmith Corporation" J:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll File exists
||||   {F5175861-2688-11d0-9C5E-00AA00A45957} "Subscription Folder" "Microsoft Corporation" C:\WINDOWS\System32\webcheck.dll File signed by Microsoft
||||   {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} "Subscription Mgr" "Microsoft Corporation" C:\WINDOWS\System32\webcheck.dll File signed by Microsoft
||||   {9DBD2C50-62AD-11d0-B806-00C04FD706EC} "Summary Info Thumbnail handler (DOCFILES)" "Microsoft Corporation" C:\WINDOWS\system32\shimgvw.dll File signed by Microsoft
||||   {0DF44EAA-FF21-4412-828E-260A8728E7F1} "Taskbar and Start Menu" "Microsoft Corporation" C:\WINDOWS\System32\shell32.dll File signed by Microsoft
||||   {7BD29E00-76C1-11CF-9DD0-00A0C9034933} "Temporary Internet Files" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File signed by Microsoft
||||   {7BD29E01-76C1-11CF-9DD0-00A0C9034933} "Temporary Internet Files" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File signed by Microsoft
||||   {3DC7A020-0ACD-11CF-A9BB-00AA004AE837} "The Internet" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File signed by Microsoft
||||   {acf35015-526e-4230-9596-becbe19f0ac9} "Track Popup Bar" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} "TrayAgent" "Microsoft Corporation" C:\WINDOWS\System32\webcheck.dll File signed by Microsoft
||||   {7376D660-C583-11d0-A3A5-00C04FD706EC} "TridentImageExtractor" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" j:\Program Files\Unlocker\UnlockerCOM.dll File found, but can't get any details
||||   {7A9D77BD-5403-11d2-8785-2E0420524153} "User Accounts" "Microsoft Corporation" C:\WINDOWS\System32\netplwiz.dll File signed by Microsoft
||||   {DD313E04-FEFF-11d1-8ECD-0000F87A470C} "User Assist" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {40C3D757-D6E4-4b49-BB41-0E5BBEA28817} "Video Media Properties Handler" "Microsoft Corporation" C:\WINDOWS\System32\shmedia.dll File signed by Microsoft
||||   {c5a40261-cd64-4ccf-84cb-c394da41d590} "Video Thumbnail Extractor" "Microsoft Corporation" C:\WINDOWS\System32\shmedia.dll File signed by Microsoft
||||   {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" "Microsoft Corporation" C:\WINDOWS\System32\wmpshell.dll File signed by Microsoft
||||   {8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" "Microsoft Corporation" C:\WINDOWS\System32\wmpshell.dll File signed by Microsoft
||||   {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" "Microsoft Corporation" C:\WINDOWS\System32\wmpshell.dll File signed by Microsoft
||||   {E4B29F9D-D390-480b-92FD-7DDB47101D71} "Wav Properties Handler" "Microsoft Corporation" C:\WINDOWS\System32\shmedia.dll File signed by Microsoft
||||   {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL File exists
||||   {77597368-7b15-11d0-a0c2-080036af3f03} "Web Printer Shell Extension" "Microsoft Corporation" C:\WINDOWS\System32\printui.dll File signed by Microsoft
||||   {CC6EEFFB-43F6-46c5-9619-51D571967F7D} "Web Publishing Wizard" "Microsoft Corporation" C:\WINDOWS\System32\netplwiz.dll File signed by Microsoft
||||   {07798131-AF23-11d1-9111-00A0C98BA67D} "Web Search" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" "Microsoft Corporation" C:\WINDOWS\System32\webcheck.dll File signed by Microsoft
||||   {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} "WebCheck SyncMgr Handler" "Microsoft Corporation" C:\WINDOWS\System32\webcheck.dll File signed by Microsoft
||||   {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} "WebCheckChannelAgent" "Microsoft Corporation" C:\WINDOWS\System32\webcheck.dll File signed by Microsoft
||||   {08165EA0-E946-11CF-9C87-00AA005127ED} "WebCheckWebCrawler" "Microsoft Corporation" C:\WINDOWS\System32\webcheck.dll File signed by Microsoft
||||   {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" C:\Program Files\WinRAR\rarext.dll File found, but can't get any details
||||   {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} "Windows Security" "Microsoft Corporation" C:\WINDOWS\system32\shdocvw.dll File signed by Microsoft
||||   {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Computer, Inc." J:\Program Files\iTunes\iTunesMiniPlayer.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
||||   {7849596a-48ea-486e-8937-a2a3009f31a9} "PostBootReminder object" "Microsoft Corporation" C:\WINDOWS\system32\SHELL32.dll File signed by Microsoft
||||   {fbeb8a05-beee-4442-804e-409d6c4515e9} "ShellFolder for CD Burning" "Microsoft Corporation" C:\WINDOWS\system32\SHELL32.dll File signed by Microsoft
||||   {35CEC8A3-2BE6-11D2-8773-92E220524153} "SysTray" "Microsoft Corporation" C:\WINDOWS\System32\stobject.dll File signed by Microsoft
||||   {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" "Microsoft Corporation" C:\WINDOWS\System32\webcheck.dll File signed by Microsoft
Internet Explorer
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
||||   {4D5C8C25-D075-11D0-B416-00C04FB90376} "&Tip of the Day" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File signed by Microsoft
||||   {EFA24E61-B078-11D0-89E4-00C04FC9E26E} "Favorites Band" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File signed by Microsoft
||||   {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} "File Search Explorer Band" "Microsoft Corporation" C:\WINDOWS\system32\SHELL32.dll File signed by Microsoft
||||   {EFA24E62-B078-11D0-89E4-00C04FC9E26E} "History Band" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File signed by Microsoft
||||   {32683183-48A0-441B-A342-7C2A440A9478} "Media Band" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   {30D02401-6A81-11D0-8274-00C04FD5AE38} "Search Band" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
||||   "&Address" "Microsoft Corporation" C:\WINDOWS\System32\browseui.dll File signed by Microsoft
||||   "&Google" "Google Inc." c:\program files\google\googletoolbar1.dll File exists
||||   "&Links" "Microsoft Corporation" C:\WINDOWS\system32\SHELL32.dll File signed by Microsoft
       "ITBar7Layout" COM-object registry key not found
       "ITBarLayout" COM-object registry key not found
|||||| "My Web Search" "MyWebSearch.com" C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL File exists
|||||| "QuickSearch SearchBar" C:\Program Files\QuickSearch\QuickSearchBar3_30.dll File exists
       "{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" COM-object registry key not found
||||   "Спутник@Mail.Ru" "@Mail.Ru" C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll File exists
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
||||   {CFBFAE00-17A6-11D0-99CB-00C04FD64497} "Microsoft Url Search Hook" "Microsoft Corporation" C:\WINDOWS\System32\shdocvw.dll File signed by Microsoft
|||||| {00A6FAF6-072E-44cf-8957-5838F569A31D} "{00A6FAF6-072E-44cf-8957-5838F569A31D}" "MyWebSearch.com" C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL File exists
||||   {09900DE8-1DCA-443F-9243-26FF581438AF} "Спутник@Mail.Ru" "@Mail.Ru" C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll File exists
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
||||   {0470E62C-C97E-4317-81E5-0774D8CBF7B7} "EndPointScan Class"
http://www.endpointscan.com/EndPointScan.cab		 "GFI Software Ltd." C:\WINDOWS\Downloaded Program Files\EPS.dll File exists
||||   {90C9629E-CD32-11D3-BBFB-00105A1F0D68} "InstallShield International Setup Player"
http://www.lizardtech.com/download/files/win/expressview/webinstall/isetup.cab		 "InstallShield Software Corporation" c:\windows\DOWNLO~1\isetup.dll File exists
       Microsoft XML Parser for Java "Microsoft XML Parser for Java"
file://C:\WINDOWS\Java\classes\xmldso.cab		 COM-object registry key not found
||||   {644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class"
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab		 "Symantec Corporation" C:\WINDOWS\Downloaded Program Files\rufsi.dll File exists
       {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} "{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}"
http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyWebSearchInitialSetup1.0.0.15-3.cab		 COM-object registry key not found
       {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}"
http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab		 COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
||||   "Mail.Ru Агент" "Mail.Ru" C:\Program Files\Mail.Ru\Agent\magent.exe File exists
||||   {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
||||   "&Google" "Google Inc." c:\program files\google\googletoolbar1.dll File exists
|||||| {07B18EA9-A523-4961-B6BB-170DE4475CCA} "My Web Search" "MyWebSearch.com" C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL File exists
|||||| "QuickSearch SearchBar" C:\Program Files\QuickSearch\QuickSearchBar3_30.dll File exists
||||   {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} "SnagIt" "TechSmith Corporation" J:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll File exists
||||   {09900DE8-1DCA-443F-9243-26FF581438AF} "Спутник@Mail.Ru" "@Mail.Ru" C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
||||   {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File exists
||||   {474264BC-9571-47C1-85B9-780F756DC9CE} "BHOManager Class" "Mercury Interactive Corp." C:\WINDOWS\System32\BHOManager.dll File exists
||||   {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" "Google Inc." c:\program files\google\googletoolbar1.dll File exists
||||   {00C6482D-C502-44C8-8409-FCE54AD9C208} "HelperObject Class" "TechSmith Corporation" J:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll File exists
||||   {8984B388-A5BB-4DF7-B274-77B879E179DB} "MailRuBHO Class" "@Mail.Ru" C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll File exists
|||||| {00A6FAF1-072E-44cf-8957-5838F569A31D} "MyWebSearch Search Assistant BHO" "MyWebSearch.com" C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL File exists
|||||| {82315A18-6CFB-44a7-BDFD-90E36537C252} "QuickSearch SearchBar" C:\Program Files\QuickSearch\QuickSearchBar3_30.dll File exists
|||||| {07B18EA1-A523-4961-B6BB-170DE4475CCA} "mwsBar BHO" "MyWebSearch.com" C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL File exists
Known DLLs
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs
||||   "advapi32" "Microsoft Corporation" C:\WINDOWS\system32\advapi32.dll File signed by Microsoft
||||   "comdlg32" "Microsoft Corporation" C:\WINDOWS\system32\comdlg32.dll File signed by Microsoft
||||   "gdi32" "Microsoft Corporation" C:\WINDOWS\system32\gdi32.dll File signed by Microsoft
||||   "imagehlp" "Microsoft Corporation" C:\WINDOWS\system32\imagehlp.dll File signed by Microsoft
||||   "kernel32" "Microsoft Corporation" C:\WINDOWS\system32\kernel32.dll File signed by Microsoft
||||   "lz32" "Microsoft Corporation" C:\WINDOWS\system32\lz32.dll File signed by Microsoft
||||   "ole32" "Microsoft Corporation" C:\WINDOWS\system32\ole32.dll File signed by Microsoft
||||   "olecli32" "Microsoft Corporation" C:\WINDOWS\system32\olecli32.dll File signed by Microsoft
||||   "olecnv32" "Microsoft Corporation" C:\WINDOWS\system32\olecnv32.dll File signed by Microsoft
||||   "olesvr32" "Microsoft Corporation" C:\WINDOWS\system32\olesvr32.dll File signed by Microsoft
||||   "olethk32" "Microsoft Corporation" C:\WINDOWS\system32\olethk32.dll File signed by Microsoft
||||   "rpcrt4" "Microsoft Corporation" C:\WINDOWS\system32\rpcrt4.dll File signed by Microsoft
||||   "shell32" "Microsoft Corporation" C:\WINDOWS\system32\shell32.dll File signed by Microsoft
||||   "url" "Microsoft Corporation" C:\WINDOWS\system32\url.dll File signed by Microsoft
||||   "urlmon" "Microsoft Corporation" C:\WINDOWS\system32\urlmon.dll File signed by Microsoft
||||   "user32" "Microsoft Corporation" C:\WINDOWS\system32\user32.dll File signed by Microsoft
||||   "version" "Microsoft Corporation" C:\WINDOWS\system32\version.dll File signed by Microsoft
||||   "wininet" "Microsoft Corporation" C:\WINDOWS\system32\wininet.dll File signed by Microsoft
||||   "wldap32" "Microsoft Corporation" C:\WINDOWS\system32\wldap32.dll File signed by Microsoft
LSA Providers
HKLM\SYSTEM\CurrentControlSet\Control\Lsa
||||   "Authentication packages" "Microsoft Corporation" C:\WINDOWS\System32\msv1_0.dll File signed by Microsoft
||||   "Notification packages" "Microsoft Corporation" C:\WINDOWS\System32\scecli.dll File signed by Microsoft
||||   "Security Packages" "Microsoft Corporation" C:\WINDOWS\System32\kerberos.dll File signed by Microsoft
||||   "Security Packages" "Microsoft Corporation" C:\WINDOWS\System32\msv1_0.dll File signed by Microsoft
||||   "Security Packages" "Microsoft Corporation" C:\WINDOWS\System32\schannel.dll File signed by Microsoft
||||   "Security Packages" "Microsoft Corporation" C:\WINDOWS\System32\wdigest.dll File signed by Microsoft
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders
||||   "SecurityProviders" "Microsoft Corporation" C:\WINDOWS\System32\msapsspc.dll File signed by Microsoft
||||   "SecurityProviders" "Microsoft Corporation" C:\WINDOWS\System32\schannel.dll File signed by Microsoft
||||   "SecurityProviders" "Microsoft Corporation" C:\WINDOWS\System32\digest.dll File signed by Microsoft
||||   "SecurityProviders" "Microsoft Corporation" C:\WINDOWS\System32\msnsspc.dll File signed by Microsoft
Logon
%AllUsersProfile%\Start Menu\Programs\Startup
||||   "Adobe Reader Speed Launch.lnk" "Adobe Systems Incorporated" C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe Shortcut exists | File exists
||||   "Adobe Reader Synchronizer.lnk" "Adobe Systems Incorporated" C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe Shortcut exists | File exists
||||   "HyperSnap-DX 5" "Hyperionics Technology LLC" J:\HyperSnap-DX\HyperSnap-DX\HyperSnap-DX\HprSnap5.exe Shortcut exists | File exists
||||   "SnagIt 8.lnk" "TechSmith Corporation" J:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe Shortcut exists | File exists
%UserProfile%\Start Menu\Programs\Startup
||||   "desktop.ini" C:\Documents and Settings\test\Start Menu\Programs\Startup\desktop.ini File exists
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
||||   "MSMSGS" "Microsoft Corporation" "C:\Program Files\Messenger\msmsgs.exe" /background File signed by Microsoft
|||||| "MyWebSearch Email Plugin" "MyWebSearch.com" C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe File exists
|||||| "MyWebSearch Plugin" "MyWebSearch.com" rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF File exists
||||   "ctfmon.exe" "Microsoft Corporation" C:\WINDOWS\System32\ctfmon.exe File signed by Microsoft
||||   "swg" "Google Inc." C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKCU\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Logoff
HKCU\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
||||   "Shell" "Microsoft Corporation" C:\WINDOWS\Explorer.exe File signed by Microsoft
||||   "Userinit" "Microsoft Corporation" C:\WINDOWS\SYSTEM32\Userinit.exe File signed by Microsoft
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown
HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
||||   "StartupPrograms" "Microsoft Corporation" C:\WINDOWS\System32\rdpclip.exe File signed by Microsoft
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
||||   "DAEMON Tools Status" "VMware, Inc." C:\Program Files\VMware\VMware Tools\VMwareTray.exe File exists
||||   "DAEMON Tools-1033" "DAEMON'S HOME" "C:\Program Files\D-Tools\daemon.exe" -lang 1033 File exists
||||   "JeticoPFStartup" "Jetico, Inc." "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe" File exists
||||   "KernelFaultCheck" "Microsoft Corporation" %systemroot%\system32\dumprep 0 -k File signed by Microsoft
||||   "MAgent" "Mail.Ru" C:\Program Files\Mail.Ru\Agent\MAgent.exe -LM File exists
|||||| "My Web Search Bar" "MyWebSearch.com" rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S File exists
||||   "QuickTime Task" "Apple Computer, Inc." "J:\Program Files\QuickTime\qttask.exe" -atboottime File exists
||||   "TkBellExe" "RealNetworks, Inc." "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot File exists
||||   "UnlockerAssistant" "J:\Program Files\Unlocker\UnlockerAssistant.exe" File found, but can't get any details
||||   "VMware Tools" "VMware, Inc." C:\Program Files\VMware\VMware Tools\VMwareTray.exe File exists
||||   "VMware User Process" "VMware, Inc." C:\Program Files\VMware\VMware Tools\VMwareUser.exe File exists
||||   "iTunesHelper" "Apple Computer, Inc." "J:\Program Files\iTunes\iTunesHelper.exe" File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
Network Providers
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
||||   "Microsoft Terminal Services" "Microsoft Corporation" C:\WINDOWS\System32\drprov.dll File signed by Microsoft
||||   "Microsoft Windows Network" "Microsoft Corporation" C:\WINDOWS\System32\ntlanman.dll File signed by Microsoft
||||   "VMware Shared Folders" "VMware, Inc." C:\WINDOWS\System32\hgfs.dll File exists
||||   "Web Client Network" "Microsoft Corporation" C:\WINDOWS\System32\davclnt.dll File signed by Microsoft
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
Services
HKLM\SYSTEM\CurrentControlSet\Services
||||   "ASP.NET State Service" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe File exists
||||   "Application Layer Gateway Service" (ALG) "Microsoft Corporation" C:\WINDOWS\System32\alg.exe File signed by Microsoft
||||   "Automatic Updates" (wuauserv) "Microsoft Corporation" C:\WINDOWS\System32\wuauserv.dll File signed by Microsoft
||||   "Background Intelligent Transfer Service" (BITS) "Microsoft Corporation" C:\WINDOWS\System32\qmgr.dll File signed by Microsoft
||||   "Bonjour Service" (Bonjour Service) "Apple Computer, Inc." C:\Program Files\Bonjour\mDNSResponder.exe File exists
||||   "COM+ Event System" (EventSystem) "Microsoft Corporation" C:\WINDOWS\System32\es.dll File signed by Microsoft
||||   "COM+ System Application" (COMSysApp) "Microsoft Corporation" C:\WINDOWS\System32\dllhost.exe File signed by Microsoft
||||   "ClipBook" (ClipSrv) "Microsoft Corporation" C:\WINDOWS\system32\clipsrv.exe File signed by Microsoft
||||   "Computer Browser" (Browser) "Microsoft Corporation" C:\WINDOWS\System32\browser.dll File signed by Microsoft
||||   "Cryptographic Services" (CryptSvc) "Microsoft Corporation" C:\WINDOWS\System32\cryptsvc.dll File signed by Microsoft
||||   "DHCP Client" (Dhcp) "Microsoft Corporation" C:\WINDOWS\System32\dhcpcsvc.dll File signed by Microsoft
||||   "DNS Client" (Dnscache) "Microsoft Corporation" C:\WINDOWS\System32\dnsrslvr.dll File signed by Microsoft
||||   "Distributed Link Tracking Client" (TrkWks) "Microsoft Corporation" C:\WINDOWS\system32\trkwks.dll File signed by Microsoft
||||   "Distributed Transaction Coordinator" (MSDTC) "Microsoft Corporation" C:\WINDOWS\System32\msdtc.exe File signed by Microsoft
||||   "Error Reporting Service" (ERSvc) "Microsoft Corporation" C:\WINDOWS\System32\ersvc.dll File signed by Microsoft
||||   "Event Log" (Eventlog) "Microsoft Corporation" C:\WINDOWS\system32\services.exe File signed by Microsoft
||||   "Fast User Switching Compatibility" (FastUserSwitchingCompatibility) "Microsoft Corporation" C:\WINDOWS\System32\shsvcs.dll File signed by Microsoft
||||   "Google Updater Service" (gusvc) "Google" C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File exists
||||   "GoogleDesktopManager" (GoogleDesktopManager) "Google" C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe File exists
|||||| "HXD Service 100" (HackerDefender100) C:\hxdef100.exe Hidden registry record, rootkit activity | File found, but can't get any details
||||   "Help and Support" (helpsvc) "Microsoft Corporation" C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll File signed by Microsoft
||||   "IMAPI CD-Burning COM Service" (ImapiService) "Microsoft Corporation" C:\WINDOWS\System32\imapi.exe File signed by Microsoft
||||   "IPSEC Services" (PolicyAgent) "Microsoft Corporation" C:\WINDOWS\System32\lsass.exe File signed by Microsoft
||||   "Indexing Service" (CiSvc) "Microsoft Corporation" C:\WINDOWS\system32\cisvc.exe File signed by Microsoft
||||   "InstallDriver Table Manager" (IDriverT) "Macrovision Corporation" C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe File exists
||||   "Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)" (SharedAccess) "Microsoft Corporation" C:\WINDOWS\System32\ipnathlp.dll File signed by Microsoft
||||   "Logical Disk Manager" (dmserver) "Microsoft Corp." C:\WINDOWS\System32\dmserver.dll File signed by Microsoft
||||   "Logical Disk Manager Administrative Service" (dmadmin) "Microsoft Corp., Veritas Software" C:\WINDOWS\System32\dmadmin.exe File signed by Microsoft
||||   "MS Software Shadow Copy Provider" (SwPrv) "Microsoft Corporation" C:\WINDOWS\System32\dllhost.exe File signed by Microsoft
||||   "Messenger" (Messenger) "Microsoft Corporation" C:\WINDOWS\System32\msgsvc.dll File signed by Microsoft
|||||| "My Web Search Service" (MyWebSearchService) "MyWebSearch.com" C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe File exists
||||   "NT LM Security Support Provider" (NtLmSsp) "Microsoft Corporation" C:\WINDOWS\System32\lsass.exe File signed by Microsoft
||||   "Net Logon" (Netlogon) "Microsoft Corporation" C:\WINDOWS\System32\lsass.exe File signed by Microsoft
||||   "NetMeeting Remote Desktop Sharing" (mnmsrvc) "Microsoft Corporation" C:\WINDOWS\System32\mnmsrvc.exe File signed by Microsoft
||||   "Network Connections" (Netman) "Microsoft Corporation" C:\WINDOWS\System32\netman.dll File signed by Microsoft
||||   "Network DDE" (NetDDE) "Microsoft Corporation" C:\WINDOWS\system32\netdde.exe File signed by Microsoft
||||   "Network DDE DSDM" (NetDDEdsdm) "Microsoft Corporation" C:\WINDOWS\system32\netdde.exe File signed by Microsoft
||||   "Network Location Awareness (NLA)" (Nla) "Microsoft Corporation" C:\WINDOWS\System32\mswsock.dll File signed by Microsoft
||||   "OSPD Service" (ASService) "Online Solutions" C:\OSPD\ASService.exe File exists
||||   "Office Source Engine" (ose) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File exists
||||   "Performance Logs and Alerts" (SysmonLog) "Microsoft Corporation" C:\WINDOWS\system32\smlogsvc.exe File signed by Microsoft
||||   "Plug and Play" (PlugPlay) "Microsoft Corporation" C:\WINDOWS\system32\services.exe File signed by Microsoft
||||   "Portable Media Serial Number" (WmdmPmSp) "Microsoft Corporation" C:\WINDOWS\System32\mspmspsv.dll File signed by Microsoft
||||   "Print Spooler" (Spooler) "Microsoft Corporation" C:\WINDOWS\system32\spoolsv.exe File signed by Microsoft
||||   "Protected Storage" (ProtectedStorage) "Microsoft Corporation" C:\WINDOWS\system32\lsass.exe File signed by Microsoft
||||   "QoS RSVP" (RSVP) "Microsoft Corporation" C:\WINDOWS\System32\rsvp.exe File signed by Microsoft
||||   "Remote Access Auto Connection Manager" (RasAuto) "Microsoft Corporation" C:\WINDOWS\System32\rasauto.dll File signed by Microsoft
||||   "Remote Access Connection Manager" (RasMan) "Microsoft Corporation" C:\WINDOWS\System32\rasmans.dll File signed by Microsoft
||||   "Remote Desktop Help Session Manager" (RDSessMgr) "Microsoft Corporation" C:\WINDOWS\system32\sessmgr.exe File signed by Microsoft
||||   "Remote Procedure Call (RPC)" (RpcSs) "Microsoft Corporation" C:\WINDOWS\system32\rpcss.dll File signed by Microsoft
||||   "Remote Procedure Call (RPC) Locator" (RpcLocator) "Microsoft Corporation" C:\WINDOWS\System32\locator.exe File signed by Microsoft
||||   "Removable Storage" (NtmsSvc) "Microsoft Corporation" C:\WINDOWS\system32\ntmssvc.dll File signed by Microsoft
||||   "Routing and Remote Access" (RemoteAccess) "Microsoft Corporation" C:\WINDOWS\System32\mprdim.dll File signed by Microsoft
||||   "SSDP Discovery Service" (SSDPSRV) "Microsoft Corporation" C:\WINDOWS\System32\ssdpsrv.dll File signed by Microsoft
||||   "Secondary Logon" (seclogon) "Microsoft Corporation" C:\WINDOWS\System32\seclogon.dll File signed by Microsoft
||||   "Security Accounts Manager" (SamSs) "Microsoft Corporation" C:\WINDOWS\system32\lsass.exe File signed by Microsoft
||||   "Server" (lanmanserver) "Microsoft Corporation" C:\WINDOWS\System32\srvsvc.dll File signed by Microsoft
||||   "Shell Hardware Detection" (ShellHWDetection) "Microsoft Corporation" C:\WINDOWS\System32\shsvcs.dll File signed by Microsoft
||||   "Smart Card" (SCardSvr) "Microsoft Corporation" C:\WINDOWS\System32\SCardSvr.exe File signed by Microsoft
||||   "Smart Card Helper" (SCardDrv) "Microsoft Corporation" C:\WINDOWS\System32\SCardSvr.exe File signed by Microsoft
||||   "System Event Notification" (SENS) "Microsoft Corporation" C:\WINDOWS\system32\sens.dll File signed by Microsoft
||||   "System Restore Service" (srservice) "Microsoft Corporation" C:\WINDOWS\System32\srsvc.dll File signed by Microsoft
||||   "TCP/IP NetBIOS Helper" (LmHosts) "Microsoft Corporation" C:\WINDOWS\System32\lmhsvc.dll File signed by Microsoft
||||   "TP AutoConnect Service" (TPAutoConnSvc) "ThinPrint GmbH" C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe File exists
||||   "Task Scheduler" (Schedule) "Microsoft Corporation" C:\WINDOWS\system32\schedsvc.dll File signed by Microsoft
||||   "Telephony" (TapiSrv) "Microsoft Corporation" C:\WINDOWS\System32\tapisrv.dll File signed by Microsoft
||||   "Terminal Services" (TermService) "Microsoft Corporation" C:\WINDOWS\System32\termsrv.dll File signed by Microsoft
||||   "Themes" (Themes) "Microsoft Corporation" C:\WINDOWS\System32\shsvcs.dll File signed by Microsoft
||||   "Uninterruptible Power Supply" (UPS) "Microsoft Corporation" C:\WINDOWS\System32\ups.exe File signed by Microsoft
||||   "Universal Plug and Play Device Host" (upnphost) "Microsoft Corporation" C:\WINDOWS\System32\upnphost.dll File signed by Microsoft
||||   "Upload Manager" (uploadmgr) "Microsoft Corporation" C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll File signed by Microsoft
||||   "VMware Tools Service" (VMTools) "VMware, Inc." C:\Program Files\VMware\VMware Tools\VMwareService.exe File exists
||||   "Volume Shadow Copy" (VSS) "Microsoft Corporation" C:\WINDOWS\System32\vssvc.exe File signed by Microsoft
||||   "WMI Performance Adapter" (WmiApSrv) "Microsoft Corporation" C:\WINDOWS\System32\wbem\wmiapsrv.exe File signed by Microsoft
||||   "WebClient" (WebClient) "Microsoft Corporation" C:\WINDOWS\System32\webclnt.dll File signed by Microsoft
||||   "Windows Audio" (AudioSrv) "Microsoft Corporation" C:\WINDOWS\System32\audiosrv.dll File signed by Microsoft
||||   "Windows Image Acquisition (WIA)" (stisvc) "Microsoft Corporation" C:\WINDOWS\system32\wiaservc.dll File signed by Microsoft
||||   "Windows Installer" (MSIServer) "Microsoft Corporation" C:\WINDOWS\System32\msiexec.exe File signed by Microsoft
||||   "Windows Management Instrumentation" (winmgmt) "Microsoft Corporation" C:\WINDOWS\system32\wbem\WMIsvc.dll File signed by Microsoft
||||   "Windows Time" (W32Time) "Microsoft Corporation" C:\WINDOWS\System32\w32time.dll File signed by Microsoft
||||   "Wireless Zero Configuration" (WZCSVC) "Microsoft Corporation" C:\WINDOWS\System32\wzcsvc.dll File signed by Microsoft
||||   "Workstation" (lanmanworkstation) "Microsoft Corporation" C:\WINDOWS\System32\wkssvc.dll File signed by Microsoft
||||   "iPodService" (iPodService) "Apple Computer, Inc." C:\Program Files\iPod\bin\iPodService.exe File exists
Winlogon
HKCU\Control Panel\Desktop
||||   "SCRNSAVE.EXE" "Microsoft Corporation" C:\WINDOWS\System32\logon.scr File signed by Microsoft
HKCU\Control Panel\IOProcs
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
||||   "UIHost" "Microsoft Corporation" C:\WINDOWS\System32\logonui.exe File signed by Microsoft
||||   "VmApplet" "Microsoft Corporation" C:\WINDOWS\System32\sysdm.cpl File signed by Microsoft
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
||||   GPExtensions "EFS recovery" "Microsoft Corporation" C:\WINDOWS\System32\scecli.dll File signed by Microsoft
||||   GPExtensions "Internet Explorer Branding" "Microsoft Corporation" C:\WINDOWS\System32\iedkcs32.dll File signed by Microsoft
||||   GPExtensions "Microsoft Disk Quota" "Microsoft Corporation" C:\WINDOWS\System32\dskquota.dll File signed by Microsoft
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
||||   "SensLogn" "Microsoft Corporation" C:\WINDOWS\System32\WlNotify.dll File signed by Microsoft
||||   "TPSvc" "ThinPrint GmbH" C:\WINDOWS\System32\TPSvc.dll File exists
||||   "crypt32chain" "Microsoft Corporation" C:\WINDOWS\System32\crypt32.dll File signed by Microsoft
||||   "cryptnet" "Microsoft Corporation" C:\WINDOWS\System32\cryptnet.dll File signed by Microsoft
||||   "cscdll" "Microsoft Corporation" C:\WINDOWS\System32\cscdll.dll File signed by Microsoft
||||   "sclgntfy" "Microsoft Corporation" C:\WINDOWS\System32\sclgntfy.dll File signed by Microsoft
||||   "termsrv" "Microsoft Corporation" C:\WINDOWS\System32\wlnotify.dll File signed by Microsoft
||||   "wlballoon" "Microsoft Corporation" C:\WINDOWS\System32\wlnotify.dll File signed by Microsoft
HKLM\System\CurrentControlSet\Control\BootVerificationProgram
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
||||   "NTDS" "Microsoft Corporation" C:\WINDOWS\System32\winrnr.dll File signed by Microsoft
||||   "Network Location Awareness (NLA) Namespace" "Microsoft Corporation" C:\WINDOWS\System32\mswsock.dll File signed by Microsoft
||||   "Tcpip" "Microsoft Corporation" C:\WINDOWS\System32\mswsock.dll File signed by Microsoft
||||   "mdnsNSP" "Apple Computer, Inc." C:\Program Files\Bonjour\mdnsNSP.dll File exists
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
||||   "MSAFD NetBIOS [\Device\NetBT_Tcpip_{0363346A-D22C-4472-9603-2D6FCD3E48E9}] DATAGRAM 3" "Microsoft Corporation" C:\WINDOWS\system32\mswsock.dll File signed by Microsoft
||||   "MSAFD NetBIOS [\Device\NetBT_Tcpip_{0363346A-D22C-4472-9603-2D6FCD3E48E9}] SEQPACKET 3" "Microsoft Corporation" C:\WINDOWS\system32\mswsock.dll File signed by Microsoft
||||   "MSAFD NetBIOS [\Device\NetBT_Tcpip_{1D70D70E-F0E8-40A9-A3FB-21BC0132A6EA}] DATAGRAM 1" "Microsoft Corporation" C:\WINDOWS\system32\mswsock.dll File signed by Microsoft
||||   "MSAFD NetBIOS [\Device\NetBT_Tcpip_{1D70D70E-F0E8-40A9-A3FB-21BC0132A6EA}] SEQPACKET 1" "Microsoft Corporation" C:\WINDOWS\system32\mswsock.dll File signed by Microsoft
||||   "MSAFD NetBIOS [\Device\NetBT_Tcpip_{2E2C5E79-EFC4-4BEF-9819-CF0F9B113F38}] DATAGRAM 0" "Microsoft Corporation" C:\WINDOWS\system32\mswsock.dll File signed by Microsoft
||||   "MSAFD NetBIOS [\Device\NetBT_Tcpip_{2E2C5E79-EFC4-4BEF-9819-CF0F9B113F38}] SEQPACKET 0" "Microsoft Corporation" C:\WINDOWS\system32\mswsock.dll File signed by Microsoft
||||   "MSAFD NetBIOS [\Device\NetBT_Tcpip_{3D2FB305-D71A-48B5-B40F-FCE33AFDEA94}] DATAGRAM 2" "Microsoft Corporation" C:\WINDOWS\system32\mswsock.dll File signed by Microsoft
||||   "MSAFD NetBIOS [\Device\NetBT_Tcpip_{3D2FB305-D71A-48B5-B40F-FCE33AFDEA94}] SEQPACKET 2" "Microsoft Corporation" C:\WINDOWS\system32\mswsock.dll File signed by Microsoft
||||   "MSAFD NetBIOS [\Device\NetBT_Tcpip_{D7B85B5C-CDEF-466A-9588-E02430F14D55}] DATAGRAM 4" "Microsoft Corporation" C:\WINDOWS\system32\mswsock.dll File signed by Microsoft
||||   "MSAFD NetBIOS [\Device\NetBT_Tcpip_{D7B85B5C-CDEF-466A-9588-E02430F14D55}] SEQPACKET 4" "Microsoft Corporation" C:\WINDOWS\system32\mswsock.dll File signed by Microsoft
||||   "MSAFD Tcpip [RAW/IP]" "Microsoft Corporation" C:\WINDOWS\system32\mswsock.dll File signed by Microsoft
||||   "MSAFD Tcpip [TCP/IP]" "Microsoft Corporation" C:\WINDOWS\system32\mswsock.dll File signed by Microsoft
||||   "MSAFD Tcpip [UDP/IP]" "Microsoft Corporation" C:\WINDOWS\system32\mswsock.dll File signed by Microsoft
||||   "RSVP TCP Service Provider" "Microsoft Corporation" C:\WINDOWS\system32\mswsock.dll File signed by Microsoft
||||   "RSVP UDP Service Provider" "Microsoft Corporation" C:\WINDOWS\system32\mswsock.dll File signed by Microsoft

If You have questions or want to get some help, You can visit http://forum.online-solutions.ru