Autoruns

File name	Status	Startup method	Description
C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {1F77B17B-F531-44DB-ACA4-76ABB5010A28} Delete
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} Delete
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} Delete
C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls, mlcfg32.cpl Delete
C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {00020d75-0000-0000-c000-000000000046} Delete
C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {0006F045-0000-0000-C000-000000000046} Delete
C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} Delete
C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler, {EC654325-1273-C2A9-2B7C-45D29BCE68FD} Delete
C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {EC654325-1273-C2A9-2B7C-45D29BCE68FD} Delete
C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler, {EC654325-1273-C2A9-2B7C-45D29BCE68FF} Delete
C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {EC654325-1273-C2A9-2B7C-45D29BCE68FF} Delete
C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamThumbnails.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {D22F6E51-BD32-4b7d-A17D-DC89C7FDFF15} Delete
C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler, {EC654325-1273-C2A9-2B7C-45D29BCE68FB} Delete
C:\PROGRA~1\VSO\IMAGER~1\RSZShell.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {2BB59FC0-31E8-42DA-9D3C-E9A52953853B} Delete
C:\PROGRA~1\WI4EB4~1\wmpband.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {0a4286ea-e355-44fb-8086-af3df7645bd9} Delete
C:\Program Files\7-Zip\7-zip.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {23170F69-40C1-278A-1000-000100020000} Delete
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, StartCCC Delete
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {5E2121EE-0300-11D4-8D3B-444553540000} Delete
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} Delete
C:\Program Files\Acronis\TrueImageHome\tishell.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {C539A15A-3AF9-4c92-B771-50CB78F5C751} Delete
C:\Program Files\Acronis\TrueImageHome\tishell.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {C539A15B-3AF9-4c92-B771-50CB78F5C751} Delete
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.cpl	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls, Adobe Version Cue CS3 Delete
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma.cpl	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls, Adobe Gamma Delete
C:\Program Files\Common Files\System\wab32.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {13D3C4B8-B179-4ebb-BF62-F704173E7448} Delete
C:\Program Files\ERUNT\AUTOBACK.EXE	Active	Shortcut in Startup folder	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk,
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\tssmpm.cpl	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls, TSSMPM Delete
C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {0561EC90-CE54-4f0c-9C55-E226110A740C} Delete
C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {5574006C-28F5-4a65-A28C-74DE6BFBE0BB} Delete
C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {327669A0-59A7-4be9-B99E-1C9F3A57611A} Delete
C:\Program Files\HashTab Shell Extension\HashTab.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {8A56567E-A333-4843-B6E1-C3A262E41D8C} Delete
C:\Program Files\Java\jre6\bin\jusched.exe	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, SunJavaUpdateSched Delete
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {B5A7F190-DDA6-4420-B3BA-52453494E6CD} Delete
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {72853161-30C5-4D22-B7F9-0BBC1D38A37E} Delete
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} Delete
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {A449600E-1DC6-4232-B948-9BD794D62056} Delete
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {B5A7F190-DDA6-4420-B3BA-52453494E6CD} Delete
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {6C467336-8281-4E60-8204-430CED96822D} Delete
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {387E725D-DC16-4D76-B310-2C93ED4752A0} Delete
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {16F3DD56-1AF5-4347-846D-7C10C4192619} Delete
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} Delete
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} Delete
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {99FD978C-D287-4F50-827F-B2C658EDA8E7} Delete
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {920E6DB1-9907-4370-B3A0-BAFC03D81399} Delete
C:\Program Files\Microsoft Office\Office12\msohevi.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {42042206-2D85-11D3-8CFF-005004838597} Delete
C:\Program Files\Microsoft Security Essentials\msseces.exe	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, MSSE Delete
C:\Program Files\Microsoft Virtual PC\VPCShExH.DLL	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {8932AEFE-9DB6-4f43-AFB2-5682F55E773A} Delete
C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls, Nero BurnRights Delete
C:\Program Files\QT Lite\QTSystem\QuickTime.cpl	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls, QuickTime Delete
C:\Program Files\SUPERAntiSpyware\SASSEH.DLL	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} Delete
C:\Program Files\TeraCopy\TeraCopy.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {A7005AF0-D6E8-48AF-8DFA-023B1CF660A7} Delete
C:\Program Files\TeraCopy\TeraCopyExt.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} Delete
C:\Program Files\ThumbView_Lite 1.0\ThumbView_Lite.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {3B52CC4A-19E9-43F5-A626-F89267A5E43F} Delete
C:\Program Files\Windows Live\Mail\mailcomm.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {0563DB41-F538-4B37-A92D-4659049B7766} Delete
C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {00F33137-EE26-412F-8D71-F84E4C2C6625} Delete
C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} Delete
C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} Delete
C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {00F30F90-3E96-453B-AFCD-D71989ECC2C7} Delete
C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {06A2568A-CED6-4187-BB20-400B8C02BE5A} Delete
C:\Program Files\\Windows Defender\MSASCui.exe	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Windows Defender Delete
C:\Program Files\\Windows Defender\MpOav.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {2781761E-28E0-4109-99FE-B9D127C57AFE} Delete
C:\Program Files\\Windows Media Player\wmprph.exe	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {031EE060-67BC-460d-8847-E4A7C5E45A27} Delete
C:\Program Files\\Windows Photo Gallery\PhotoViewer.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {E598560B-28D5-46aa-A14A-8A3BEA34B576} Delete
C:\Program Files\\Windows Photo Gallery\PhotoViewer.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} Delete
C:\Program Files\\Windows Sidebar\sbdrop.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {6b9228da-9c15-419e-856c-19e768a13bdc} Delete
C:\Program Files\iTunes\iTunesMiniPlayer.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} Delete
C:\Windows\MSAgent\agentpsh.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {143A62C8-C33B-11D1-84FE-00C04FA34A14} Delete
C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\ASP.NET\2.0.50727.0, DllFullPath Delete
C:\Windows\RtHDVCpl.exe	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, RtHDVCpl Delete
C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler, {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} Delete
C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} Delete
C:\Windows\System32\DreamScene.dll	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler, {E31004D1-A431-41B8-826F-E902F9D95C81} Delete
C:\Windows\System32\NcdProp.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {BC65FB43-1958-4349-971A-210290480130} Delete
C:\Windows\System32\Speech\SpeechUX\sapi.cpl	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls, Speech Delete
C:\Windows\System32\SyncCenter.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {7A0F6AB7-ED84-46B6-B47E-02AA159A152B} Delete
C:\Windows\System32\SyncCenter.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {BC48B32F-5910-47F5-8570-5074A8A5636A} Delete
C:\Windows\System32\SyncCenter.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {E413D040-6788-4C22-957E-175D1C513A34} Delete
C:\Windows\System32\SyncCenter.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {4B534112-3AF6-4697-A77C-D62CE9B9E7CF} Delete
C:\Windows\System32\SyncCenter.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C} Delete
C:\Windows\System32\SyncCenter.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {576C9E85-1300-4EF5-BF6B-D00509F4EDCD} Delete
C:\Windows\System32\SyncCenter.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {289978AC-A101-4341-A817-21EBA7FD046D} Delete
C:\Windows\System32\SyncCenter.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {71D99464-3B6B-475C-B241-E15883207529} Delete
C:\Windows\System32\SyncCenter.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {B32D3949-ED98-4DBB-B347-17A144969BBA} Delete
C:\Windows\System32\SyncCenter.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {2E9E59C0-B437-4981-A647-9C34B9B90891} Delete
C:\Windows\System32\SyncCenter.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF} Delete
C:\Windows\System32\SyncCenter.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {F04CC277-03A2-4277-96A9-77967471BDFF} Delete
C:\Windows\System32\SyncCenter.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {8E25992B-373E-486E-80E5-BD23AE417E66} Delete
C:\Windows\System32\TouchX.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {91ADC906-6722-4B05-A12B-471ADDCCE132} Delete
C:\Windows\System32\appwiz.cpl	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {7b81be6a-ce2b-4676-a29e-eb907a5126c5} Delete
C:\Windows\System32\appwiz.cpl	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {15eae92e-f17a-4431-9f28-805e482dafd4} Delete
C:\Windows\System32\appwiz.cpl	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {d450a8a1-9568-45c7-9c0e-b4f9fb4537bd} Delete
C:\Windows\System32\appwiz.cpl	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {ceefea1b-3e29-4ef1-b34c-fec79c4f70af} Delete
C:\Windows\System32\appwiz.cpl	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {0BFCF7B7-E7B6-433a-B205-2904FCF040DD} Delete
C:\Windows\System32\appwiz.cpl	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {CFCCC7A0-A282-11D1-9082-006008059382} Delete
C:\Windows\System32\cleanmgr.exe /D %c	--	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\cleanuppath,
C:\Windows\System32\comdlg32.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} Delete
C:\Windows\System32\comdlg32.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {C0B4E2F3-BA21-4773-8DBA-335EC946EB8B} Delete
C:\Windows\System32\cscui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls, OfflineFiles Delete
C:\Windows\System32\cscui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} Delete
C:\Windows\System32\cscui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {4E77131D-3629-431c-9818-C5679DC83E81} Delete
C:\Windows\System32\cscui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} Delete
C:\Windows\System32\cscui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {7EFA68C6-086B-43e1-A2D2-55A113531240} Delete
C:\Windows\System32\cscui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {10CFC467-4392-11d2-8DB4-00C04FA31A66} Delete
C:\Windows\System32\devmgr.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {74246bfc-4c96-11d0-abef-0020af6b0b7a} Delete
C:\Windows\System32\gameux.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {4E5BFBF8-F59A-4e87-9805-1F9B42CC254A} Delete
C:\Windows\System32\gameux.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {ECDD6472-2B9B-4b4b-AE36-F316DF3C8D60} Delete
C:\Windows\System32\icsigd.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {4A1E5ACD-A108-4100-9E26-D2FAFA1BA486} Delete
C:\Windows\System32\iprtrmgr.dll	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RemoteAccess\RouterManagers\Ip, DLLPath Delete
C:\Windows\System32\iprtrmgr.dll	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RemoteAccess\RouterManagers\Ipv6, DLLPath Delete
C:\Windows\System32\l3codeca.acm	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, msacm.l3acm Delete
C:\Windows\System32\mediametadatahandler.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {40C3D757-D6E4-4b49-BB41-0E5BBEA28817} Delete
C:\Windows\System32\mediametadatahandler.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {875CB1A1-0F29-45de-A1AE-CFB4950D0B78} Delete
C:\Windows\System32\mediametadatahandler.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {c5a40261-cd64-4ccf-84cb-c394da41d590} Delete
C:\Windows\System32\mprddm.dll	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting\Providers\{1AA7F846-C7F5-11D0-A376-00C04FC9DA04}, Path Delete
C:\Windows\System32\mprddm.dll	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication\Providers\{1AA7F841-C7F5-11D0-A376-00C04FC9DA04}, Path Delete
C:\Windows\System32\netshell.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {7007ACC7-3202-11D1-AAD2-00805FC1270E} Delete
C:\Windows\System32\netshell.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {992CFFA0-F557-101A-88EC-00DD010CCC48} Delete
C:\Windows\System32\sendmail.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} Delete
C:\Windows\System32\sendmail.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {2559a1f6-21d7-11d4-bdaf-00c04f60b9f0} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {3080F90D-D7AD-11D9-BD98-0000947B0257} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {3080F90E-D7AD-11D9-BD98-0000947B0257} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {eb124705-128b-40d4-8dd8-d93ed12589a4} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {90f8c90b-04e0-4e92-a186-e6e9c125d664} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {D20EA4E1-3957-11d2-A40B-0C5020524152} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {D20EA4E1-3957-11d2-A40B-0C5020524153} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {b155bdf8-02f0-451e-9a26-ae317cfd7779} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {DFFACDC5-679F-4156-8947-C5C76BC0B67F} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {ed50fc29-b964-48a9-afb3-15ebb9b97f36} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {4336a54d-038b-4685-ab02-99bb52d3fb8b} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {C73F6F30-97A0-4AD1-A08F-540D4E9BC7B9} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {D34A6CA6-62C2-4C34-8A7C-14709C1AD938} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {D555645E-D4F8-4c29-A827-D93C859C4F2A} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {8E908FC9-BECC-40f6-915B-F4CA0E70D03D} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {BB06C0E4-D293-4f75-8A90-CB05B6477EEE} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {ED834ED6-4B5A-4bfe-8F11-A626DCB6A921} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {17cd9488-1228-4b2f-88ce-4298e93e0966} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {96AE8D84-A250-4520-95A5-A47A7E3C548B} Delete
C:\Windows\System32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {4D1209BD-36E2-4e2f-840D-6C7FB879DD9E} Delete
C:\Windows\System32\shwebsvc.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {CC6EEFFB-43F6-46c5-9619-51D571967F7D} Delete
C:\Windows\System32\shwebsvc.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {add36aa8-751a-4579-a266-d66f5202ccbb} Delete
C:\Windows\System32\shwebsvc.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {6b33163c-76a5-4b6c-bf21-45de9cd503a1} Delete
C:\Windows\System32\srchadmin.dll	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls, Search Admin Delete
C:\Windows\System32\win32k.sys	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Kmode
C:\Windows\System32\wshnetbs.dll	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NetBIOS\Parameters\Winsock, HelperDllName Delete
C:\Windows\ehome\ehTray.exe	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, ehTray.exe Delete
C:\Windows\system32\DivX.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.DIVX Delete
C:\Windows\system32\DivX.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.yv12 Delete
C:\Windows\system32\ExplorerFrame.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {11dbb47c-a525-400b-9e80-a54615a090c0} Delete
C:\Windows\system32\ExplorerFrame.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {90b9bce2-b6db-4fd3-8451-35917ea1081b} Delete
C:\Windows\system32\IcdShlex.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {7CDDBD23-1B50-47b2-B28D-1B84D9A40ED1} Delete
C:\Windows\system32\NetworkExplorer.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {F02C1A0D-BE21-4350-88B0-7367FC96EF3C} Delete
C:\Windows\system32\WUDFHost.exe	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WUDF\Services\{193a1820-d9ac-4997-8c55-be817523f6aa}, HostProcessImagePath Delete
C:\Windows\system32\ac3filter.acm	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, msacm.ac3filter Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler, {8C7461EF-2B13-11d2-BE35-3078302C2030} Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {5E6AB780-7743-11CF-A12B-00AA004AE837} Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {7BA4C742-9E81-11CF-99D3-00AA004AE837} Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {056440FD-8568-48e7-A632-72157243B55B} Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {C4EC38BD-4E9E-4b5e-935A-D1BFF237D980} Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {6D8BB3D3-9D87-4a91-AB56-4F30CFFEFE9F} Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {21569614-B795-46b1-85F4-E737A8DC09AD} Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {169A0691-8DF9-11d1-A1C4-00C04FD75D13} Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {AF4F6510-F982-11d0-8595-00AA004CD6D8} Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {01E04581-4EEE-11d0-BFE9-00AA005B4383} Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {a542e116-8088-4146-a352-b0d06e7f6af6} Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {F61FFEC1-754F-11d0-80CA-00AA005B4383} Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {00BB2763-6A77-11D0-A535-00C04FD7D062} Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {596742A5-1393-4e13-8765-AE1DF71ACAFB} Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {6756A641-DE71-11d0-831B-00AA005B4383} Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {00BB2764-6A77-11D0-A535-00C04FD7D062} Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {03C036F1-A186-11D0-824A-00AA005B4383} Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {00BB2765-6A77-11D0-A535-00C04FD7D062} Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {ECD4FC4E-521C-11D0-B792-00A0C90312E1} Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {ECD4FC4D-521C-11D0-B792-00A0C90312E1} Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {DD313E04-FEFF-11d1-8ECD-0000F87A470C} Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} Delete
C:\Windows\system32\browseui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {4d5c8c2a-d075-11d0-b416-00c04fb90376} Delete
C:\Windows\system32\cabview.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {0CD7A5C0-9F37-11CE-AE65-08002B2E1262} Delete
C:\Windows\system32\cmd.exe	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\Environment, ComSpec
C:\Windows\system32\comm.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, comm.drv Delete
C:\Windows\system32\cryptext.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {7444C717-39BF-11D1-8CD9-00C04FC29D45} Delete
C:\Windows\system32\cryptext.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {7444C719-39BF-11D1-8CD9-00C04FC29D45} Delete
C:\Windows\system32\deskadp.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {42071712-76d4-11d1-8b24-00a0c9068ff3} Delete
C:\Windows\system32\deskmon.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {42071713-76d4-11d1-8b24-00a0c9068ff3} Delete
C:\Windows\system32\deskperf.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {f92e8c40-3d33-11d2-b1aa-080036a75b03} Delete
C:\Windows\system32\dfrgui.exe	--	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath,
C:\Windows\system32\dfshim.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} Delete
C:\Windows\system32\dfshim.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {e82a2d71-5b2f-43a0-97b8-81be15854de8} Delete
C:\Windows\system32\diskcopy.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {59099400-57FF-11CE-BD94-0020AF85B590} Delete
C:\Windows\system32\docprop.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {3EA48300-8CF6-101B-84FB-666CCB9BCD32} Delete
C:\Windows\system32\dskquoui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {7988B573-EC89-11cf-9C00-00AA00A14F56} Delete
C:\Windows\system32\dsquery.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {8A23E65E-31C2-11d0-891C-00A024AB2DBB} Delete
C:\Windows\system32\dsquery.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {9E51E0D0-6E0F-11d2-9601-00C04FA31A86} Delete
C:\Windows\system32\dsquery.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {163FDC20-2ABC-11d0-88F0-00A024AB2DBB} Delete
C:\Windows\system32\dsquery.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {F020E586-5264-11d1-A532-0000F8757D7E} Delete
C:\Windows\system32\dssec.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {4E40F770-369C-11d0-8922-00A024AB2DBB} Delete
C:\Windows\system32\dsuiext.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {0D45D530-764B-11d0-A1CA-00AA00C16E65} Delete
C:\Windows\system32\dsuiext.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {62AE1F9A-126A-11D0-A14B-0800361B1103} Delete
C:\Windows\system32\ff_vfw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, VIDC.FFDS Delete
C:\Windows\system32\fontext.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {BD84B380-8CA2-1069-AB1D-08000948F534} Delete
C:\Windows\system32\fontext.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {2BC0DA0E-F1BC-43AB-B4B5-738EB6B51E7E} Delete
C:\Windows\system32\fontext.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {1a184871-359e-4f67-aad9-5b9905d62232} Delete
C:\Windows\system32\fontext.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {8a7cae0e-5951-49cb-bf20-ab3fa1e44b01} Delete
C:\Windows\system32\iccvid.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.cvid Delete
C:\Windows\system32\ieframe.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {FBF23B40-E3F0-101B-8488-00AA003E56F8} Delete
C:\Windows\system32\imaadp32.acm	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, msacm.imaadpcm Delete
C:\Windows\system32\iyuv_32.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.iyuv Delete
C:\Windows\system32\iyuv_32.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.i420 Delete
C:\Windows\system32\keyboard.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, keyboard.drv Delete
C:\Windows\system32\logon.scr	Active	Registry key	HKEY_USERS, .DEFAULT\Control Panel\Desktop, scrnsave.exe Delete
C:\Windows\system32\logon.scr	Active	Registry key	HKEY_USERS, S-1-5-19\Control Panel\Desktop, scrnsave.exe Delete
C:\Windows\system32\logon.scr	Active	Registry key	HKEY_USERS, S-1-5-20\Control Panel\Desktop, scrnsave.exe Delete
C:\Windows\system32\logon.scr	Active	Registry key	HKEY_USERS, S-1-5-18\Control Panel\Desktop, scrnsave.exe Delete
C:\Windows\system32\midimap.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, midimapper Delete
C:\Windows\system32\mmsystem.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, drivers Delete
C:\Windows\system32\mouse.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, mouse.drv Delete
C:\Windows\system32\msacm32.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, wavemapper Delete
C:\Windows\system32\msadp32.acm	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, msacm.msadpcm Delete
C:\Windows\system32\msg711.acm	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, msacm.msg711 Delete
C:\Windows\system32\msgsm32.acm	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, msacm.msgsm610 Delete
C:\Windows\system32\msieftp.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {63da6ec0-2e98-11cf-8d82-444553540000} Delete
C:\Windows\system32\mspaint.exe	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {d3e34b21-9d75-101a-8c3d-00aa001a1652} Delete
C:\Windows\system32\msrle32.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.mrle Delete
C:\Windows\system32\msvidc32.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.msvc Delete
C:\Windows\system32\msyuv.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.uyvy Delete
C:\Windows\system32\msyuv.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.yuy2 Delete
C:\Windows\system32\msyuv.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.yvyu Delete
C:\Windows\system32\mydocs.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {ECF03A32-103D-11d2-854D-006008059367} Delete
C:\Windows\system32\mydocs.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {4a7ded0a-ad25-11d0-98a8-0800361b1103} Delete
C:\Windows\system32\mydocs.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {44f3dab6-4392-4186-bb7b-6282ccb7a9f6} Delete
C:\Windows\system32\ntlanui2.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {59be4990-f85c-11ce-aff7-00aa003ca9f6} Delete
C:\Windows\system32\ntmarta.dll	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider, ProviderPath
C:\Windows\system32\ntshrui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {40dd6e20-7c17-11ce-a804-00aa003ca9f6} Delete
C:\Windows\system32\ntshrui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} Delete
C:\Windows\system32\oobefldr.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1} Delete
C:\Windows\system32\propsys.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {97e467b4-98c6-4f19-9588-161b7773d6f6} Delete
C:\Windows\system32\psxss.exe	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
C:\Windows\system32\rshx32.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {F37C5810-4D3F-11d0-B4BF-00AA00BBB723} Delete
C:\Windows\system32\rshx32.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {1F2E5C40-9550-11CE-99D2-00AA006E086C} Delete
C:\Windows\system32\sdclt.exe	--	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath,
C:\Windows\system32\shdocvw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {E7DE9B1A-7533-4556-9484-B26FB486475E} Delete
C:\Windows\system32\shell32.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {3c2654c6-7372-4f6b-b310-55d6128f49d2} Delete
C:\Windows\system32\shell32.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {9DBD2C50-62AD-11d0-B806-00C04FD706EC} Delete
C:\Windows\system32\shell32.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {708e1662-b832-42a8-bbe1-0a77121e3908} Delete
C:\Windows\system32\shell32.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {71f96385-ddd6-48d3-a0c1-ae06e8b055fb} Delete
C:\Windows\system32\shell32.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {b2952b16-0e07-4e5a-b993-58c52cb94cae} Delete
C:\Windows\system32\shell32.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {437ff9c0-a07f-4fa0-af80-84b6c6440a16} Delete
C:\Windows\system32\shell32.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {328B0346-7EAF-4BBE-A479-7CB88A095F5B} Delete
C:\Windows\system32\shell32.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {00021401-0000-0000-C000-000000000046} Delete
C:\Windows\system32\shell32.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {0AFCCBA6-BF90-4A4E-8482-0AC960981F5B} Delete
C:\Windows\system32\shell32.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {66742402-F9B9-11D1-A202-0000F81FEDEE} Delete
C:\Windows\system32\shell32.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {865e5e76-ad83-4dca-a109-50dc2113ce9a} Delete
C:\Windows\system32\shell32.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {21ec2020-3aea-1069-a2dd-08002b30309d} Delete
C:\Windows\system32\shell32.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {25585dc7-4da0-438d-ad04-e42c8d2d64b9} Delete
C:\Windows\system32\shell32.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {a42c2ccb-67d3-46fa-abe6-7d2f3488c7a3} Delete
C:\Windows\system32\shell32.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {1531d583-8375-4d3f-b5fb-d23bbd169f22} Delete
C:\Windows\system32\sirenacm.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, msacm.siren Delete
C:\Windows\system32\sound.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, sound.drv Delete
C:\Windows\system32\syncui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {85BBD920-42A0-1069-A2E4-08002B30309D} Delete
C:\Windows\system32\system.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, system.drv Delete
C:\Windows\system32\themeui.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {41E300E0-78B6-11ce-849B-444553540000} Delete
C:\Windows\system32\timer.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers, timer Delete
C:\Windows\system32\tsbyuv.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.yvu9 Delete
C:\Windows\system32\twext.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {9DB7A13C-F208-4981-8353-73CC61AE2783} Delete
C:\Windows\system32\twext.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {596AB062-B4D2-4215-9F74-E9109B0A8153} Delete
C:\Windows\system32\userinit.exe	--	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Userinit
C:\Windows\system32\vga.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, display.drv Delete
C:\Windows\system32\w32time.dll	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient, DllName Delete
C:\Windows\system32\w32time.dll	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer, DllName Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, wave Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, midi Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, mixer Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, aux Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, wave1 Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, midi1 Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, mixer1 Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, aux1 Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, wave2 Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, midi2 Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, mixer2 Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, aux2 Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, wave3 Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, midi3 Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, mixer3 Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, aux3 Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, wave4 Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, mixer4 Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, wave5 Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, midi4 Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, mixer5 Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, aux4 Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, wave6 Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, mixer6 Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, wave7 Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, midi5 Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, mixer7 Delete
C:\Windows\system32\wdmaud.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, aux5 Delete
C:\Windows\system32\wfwnet.drv	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, network.drv Delete
C:\Windows\system32\wlanpref.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {1FA9085F-25A2-489B-85D4-86326EEDCD87} Delete
C:\Windows\system32\wmpshell.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} Delete
C:\Windows\system32\wmpshell.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {7D4734E6-047E-41e2-AEAA-E763B4739DC4} Delete
C:\Windows\system32\wmpshell.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} Delete
C:\Windows\system32\wmpshell.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {8DD448E6-C188-4aed-AF92-44956194EB1F} Delete
C:\Windows\system32\wmpshell.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {8A734961-C4AA-4741-AC1E-791ACEBF5B39} Delete
C:\Windows\system32\wshext.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {60254CA5-953B-11CF-8C96-00AA00B8708C} Delete
C:\Windows\system32\xvidvfw.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.XVID Delete
C:\Windows\system32\zipfldr.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} Delete
C:\Windows\system32\zipfldr.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {BD472F60-27FA-11cf-B8B4-444553540000} Delete
C:\Windows\system32\zipfldr.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} Delete
C:\Windows\system32\zipfldr.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} Delete
C:\Windows\system32\zipfldr.dll	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {ed9d80b9-d157-457b-9192-0e7280313bf0} Delete
Explorer.exe	--	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell
Explorer.exe	--	File system.ini	C:\Windows\system.ini, boot, shell
cmd.exe	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\SafeBoot, AlternateShell
progman.exe	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, shell Delete
rdpclip	Active	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd, StartupPrograms Delete
rundll32 shell32,Control_RunDLL "sysdm.cpl"	--	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, VmApplet
vgafix.fon	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fixedfon.fon Delete
vgaoem.fon	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, oemfonts.fon Delete
vgasys.fon	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fonts.fon Delete
wininet.dll	Active	Registry key	HKEY_USERS, S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings, AutoConfigProxy Delete
wininet.dll	Active	Registry key	HKEY_USERS, S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings, AutoConfigProxy Delete
wininet.dll	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Internet Settings, AutoConfigProxy Delete
Autoruns items found - 332, recognized as trusted - 292