M
Mercury351
Hello,
I recently started using XP Pro SP2, installing it not long ago. The
system hasn't had any time to be infected by any malware. Aside from
FireFox 3.5.1, WordPerfect Suite 12, WinAmp 5, and my drivers, I
haven't installed much in it. I have a program called Adfree 3.2. It
is an ad blocker which relies on the system HOSTS text file to block
ads, substituting any small GIF image of your choice in its place. I
correctly reconfigured it to place its HOSTS file in the
C:\WINDOWS\system32\drivers\etc
folder. This is the beginning of the Adfree 3.2 HOSTS file which I
have updated with newer advertisement server locations. I estimate
there are about 1,890 server locations. The HOSTS file is 56K bytes:
===================
#
# Hosts file created by AdFree
#
# localhost: Needs to stay like this to work
127.0.0.1 localhost
# Other servers: These servers are directed towards
# AdFree to be filtered. You must alter these from
# within the AdFree program.
127.0.0.1 123banners.com
127.0.0.1 247media.com
127.0.0.1 24pm-affiliation.com
127.0.0.1 7adpower.com
127.0.0.1 911promotion.com
127.0.0.1 a.as-us.falkag.net
127.0.0.1 a.consumer.net
127.0.0.1 a.r.tv.com
....
===================
However, I am having a problem with XP Pro SP2. Every time I start
any operation, no matter what it is, XP automatically deletes the
HOSTS file. No matter if I start any browser, IE or FireFox, Windows
Explorer, Notepad, even if I open any applet in "Control Panel" >
"Administrative Tools", XP will delete the HOSTS file. The system and
Adfree need the HOSTS file to properly block ads. I have spent over
18 hours trying find the solution online, but with no success. I shut
off the "DNS Client" service, I even tried shutting off the XP
firewall, but nothing has worked.
I can get Adfree to work correctly, substituting a GIF of my choice in
place of ads. I must set the HOSTS file to "read only." However,
Adfree isn't really meant to function that way and I will run into
problems if I try to "pause" it. Plus, every time I start or exit
Adfree, or shut off the system, I must change the "read only"
setting. Reading posts on the 'Net, I know others have had this
problem, but they never posted their solution. I know there is a
either a service applet I can disable or Registry setting I can use to
stop XP from deleting the HOSTS file. Does anyone know what it is?
ADDENDUM:
I ran Process Monitor v2.5 and added the HOSTS filter as suggested. I
also opened Windows Explorer at folder C:\WINDOWS\system32\drivers
\etc. I then ran Adfree 3.2 and it correctly placed the HOSTS file
into the etc folder. The HOSTS file was sitting there as it's
supposed to be. Then I ran NOTEPAD and the HOSTS file was deleted as
usual.
I really wish I knew what is going on. I'm getting tired of dealing
with this. If necessary, I will call Microsoft Support and perhaps
someone there can help me if no one here can. That is, if they still
provide free support for XP Pro SP2.
Here are the results from Process Monitor AFTER RUNNING NOTEPAD.EXE.
There are 5 lines ONLY AND NO MORE: 4 from "Explorer.EXE" and 1 from
"notepad.exe." The Event and Process information from the first
Explorer.EXE line are below. Does ANYONE know the solution to this
problem? I know it's some kind of service or Registry setting.
===================================================
EVENT
Date & Time: 8/6/2009 8:43:50 PM
Event Class: File System
Operation: CreateFile
Result: SUCCESS
Path: C:\WINDOWS\system32\drivers\etc\hosts
TID: 1312
Duration: 0.0000274
Desired Access: Read Attributes, Delete
Disposition: Open
Options: Non-Directory File, Open Reparse Point
Attributes: n/a
ShareMode: Read, Write, Delete
AllocationSize: n/a
OpenResult: Opened
===================================================
PROCESS
Description: Windows Explorer
Company: Microsoft Corporation
Name: Explorer.EXE
Version: 6.0.2900.2180
Path: C:\WINDOWS\Explorer.EXE
Command Line: C:\WINDOWS\Explorer.EXE
PID: 1200
Parent PID: 1184
Session ID: 0
User: DANIEL\danielm
Auth ID: 00000000:0000ddef
Architecture: 32-bit
Virtualized: n/a
Integrity: n/a
Started: 8/6/2009 8:31:46 PM
Ended: (Running)
Modules:
Explorer.EXE 0x1000000 0xff000 C:\WINDOWS\Explorer.EXE
GUStrLib.dll 0x1590000 0x1c000 C:\WINDOWS
\system32\GUStrLib.dll
hercplgs.cpl 0x1810000 0x73000 C:\WINDOWS
\system32\hercplgs.cpl
rsaenh.dll 0xffd0000 0x28000 C:\WINDOWS
\system32\rsaenh.dll
lpad32.dll 0x10000000 0x26000 C:\WINDOWS
\system32\lpad32.dll
PortableDeviceApi.dll 0x10930000 0x49000 C:\WINDOWS
\system32\PortableDeviceApi.dll
PortableDeviceTypes.dll 0x109c0000 0x2c000 C:\WINDOWS
\system32\PortableDeviceTypes.dll
WPDShServiceObj.dll 0x164a0000 0x23000 C:\WINDOWS
\system32\WPDShServiceObj.dll
xpsp2res.dll 0x20000000 0x2c5000 C:\WINDOWS
\system32\xpsp2res.dll
PFIM120EN.DLL 0x383d0000 0xa000 H:\WordPerfect Office
12\Programs\PFIM120EN.DLL
PFSE120.DLL 0x38480000 0x16000 H:\WordPerfect Office
12\Programs\PFSE120.DLL
WINHTTP.dll 0x4d4f0000 0x58000 C:\WINDOWS
\system32\WINHTTP.dll
UxTheme.dll 0x5ad70000 0x38000 C:\WINDOWS
\system32\UxTheme.dll
NETAPI32.dll 0x5b860000 0x54000 C:\WINDOWS
\system32\NETAPI32.dll
themeui.dll 0x5ba60000 0x71000 C:\WINDOWS
\system32\themeui.dll
ShimEng.dll 0x5cb70000 0x26000 C:\WINDOWS
\system32\ShimEng.dll
comctl32.dll 0x5d090000 0x97000 C:\WINDOWS
\system32\comctl32.dll
msisip.dll 0x60980000 0x7000 C:\WINDOWS
\system32\msisip.dll
AcGenral.DLL 0x6f880000 0x1ca000 C:\WINDOWS\AppPatch
\AcGenral.DLL
WS2HELP.dll 0x71aa0000 0x8000 C:\WINDOWS
\system32\WS2HELP.dll
WS2_32.dll 0x71ab0000 0x17000 C:\WINDOWS
\system32\WS2_32.dll
WSOCK32.dll 0x71ad0000 0x9000 C:\WINDOWS
\system32\WSOCK32.dll
SAMLIB.dll 0x71bf0000 0x13000 C:\WINDOWS
\system32\SAMLIB.dll
actxprxy.dll 0x71d40000 0x1c000 C:\WINDOWS
\system32\actxprxy.dll
mydocs.dll 0x72410000 0x1a000 C:\WINDOWS
\system32\mydocs.dll
msacm32.drv 0x72d10000 0x8000 C:\WINDOWS
\system32\msacm32.drv
wdmaud.drv 0x72d20000 0x9000 C:\WINDOWS
\system32\wdmaud.drv
WZCSAPI.DLL 0x73030000 0x10000 C:\WINDOWS
\system32\WZCSAPI.DLL
mfc42.dll 0x73dd0000 0xfe000 C:\WINDOWS
\system32\mfc42.dll
DSOUND.dll 0x73f10000 0x5c000 C:\WINDOWS
\system32\DSOUND.dll
msi.dll 0x745e0000 0x2c6000 C:\WINDOWS\system32\msi.dll
POWRPROF.dll 0x74ad0000 0x8000 C:\WINDOWS
\system32\POWRPROF.dll
BatMeter.dll 0x74af0000 0xa000 C:\WINDOWS
\system32\BatMeter.dll
webcheck.dll 0x74b30000 0x46000 C:\WINDOWS
\system32\webcheck.dll
oleacc.dll 0x74c80000 0x2c000 C:\WINDOWS
\system32\oleacc.dll
wshext.dll 0x74ea0000 0x10000 C:\WINDOWS
\system32\wshext.dll
CRYPTUI.dll 0x754d0000 0x80000 C:\WINDOWS
\system32\CRYPTUI.dll
SXS.DLL 0x75e90000 0xb0000 C:\WINDOWS\system32\SXS.DLL
BROWSEUI.dll 0x75f80000 0xfc000 C:\WINDOWS
\system32\BROWSEUI.dll
msvcp60.dll 0x76080000 0x65000 C:\WINDOWS
\system32\msvcp60.dll
stobject.dll 0x76280000 0x21000 C:\WINDOWS
\system32\stobject.dll
WINSTA.dll 0x76360000 0x10000 C:\WINDOWS
\system32\WINSTA.dll
MSIMG32.dll 0x76380000 0x5000 C:\WINDOWS
\system32\MSIMG32.dll
comdlg32.dll 0x763b0000 0x49000 C:\WINDOWS
\system32\comdlg32.dll
NETSHELL.dll 0x76400000 0x1a6000 C:\WINDOWS
\system32\NETSHELL.dll
CSCDLL.dll 0x76600000 0x1d000 C:\WINDOWS
\System32\CSCDLL.dll
RASDLG.dll 0x768d0000 0xa4000 C:\WINDOWS
\system32\RASDLG.dll
LINKINFO.dll 0x76980000 0x8000 C:\WINDOWS
\system32\LINKINFO.dll
ntshrui.dll 0x76990000 0x25000 C:\WINDOWS
\system32\ntshrui.dll
USERENV.dll 0x769c0000 0xb3000 C:\WINDOWS
\system32\USERENV.dll
ATL.DLL 0x76b20000 0x11000 C:\WINDOWS\system32\ATL.DLL
WINMM.dll 0x76b40000 0x2d000 C:\WINDOWS
\system32\WINMM.dll
credui.dll 0x76c00000 0x2e000 C:\WINDOWS
\system32\credui.dll
WINTRUST.dll 0x76c30000 0x2e000 C:\WINDOWS
\system32\WINTRUST.dll
IMAGEHLP.dll 0x76c90000 0x28000 C:\WINDOWS
\system32\IMAGEHLP.dll
MPRAPI.dll 0x76d40000 0x18000 C:\WINDOWS
\system32\MPRAPI.dll
iphlpapi.dll 0x76d60000 0x19000 C:\WINDOWS
\system32\iphlpapi.dll
adsldpc.dll 0x76e10000 0x25000 C:\WINDOWS
\system32\adsldpc.dll
rtutils.dll 0x76e80000 0xe000 C:\WINDOWS
\system32\rtutils.dll
rasman.dll 0x76e90000 0x12000 C:\WINDOWS
\system32\rasman.dll
TAPI32.dll 0x76eb0000 0x2f000 C:\WINDOWS
\system32\TAPI32.dll
RASAPI32.dll 0x76ee0000 0x3c000 C:\WINDOWS
\system32\RASAPI32.dll
WTSAPI32.dll 0x76f50000 0x8000 C:\WINDOWS
\system32\WTSAPI32.dll
WLDAP32.dll 0x76f60000 0x2c000 C:\WINDOWS
\system32\WLDAP32.dll
CLBCATQ.DLL 0x76fd0000 0x7f000 C:\WINDOWS
\system32\CLBCATQ.DLL
COMRes.dll 0x77050000 0xc5000 C:\WINDOWS
\system32\COMRes.dll
OLEAUT32.dll 0x77120000 0x8c000 C:\WINDOWS
\system32\OLEAUT32.dll
WININET.dll 0x771b0000 0xa6000 C:\WINDOWS
\system32\WININET.dll
urlmon.dll 0x77260000 0x9c000 C:\WINDOWS
\system32\urlmon.dll
comctl32.dll 0x773d0000 0x102000
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-
Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1
ff9\comctl32.dll
ole32.dll 0x774e0000 0x13c000 C:\WINDOWS
\system32\ole32.dll
SHDOCVW.dll 0x77760000 0x16c000 C:\WINDOWS
\system32\SHDOCVW.dll
SETUPAPI.dll 0x77920000 0xf3000 C:\WINDOWS
\system32\SETUPAPI.dll
cscui.dll 0x77a20000 0x54000 C:\WINDOWS
\System32\cscui.dll
CRYPT32.dll 0x77a80000 0x94000 C:\WINDOWS
\system32\CRYPT32.dll
MSASN1.dll 0x77b20000 0x12000 C:\WINDOWS
\system32\MSASN1.dll
appHelp.dll 0x77b40000 0x22000 C:\WINDOWS
\system32\appHelp.dll
midimap.dll 0x77bd0000 0x7000 C:\WINDOWS
\system32\midimap.dll
MSACM32.dll 0x77be0000 0x15000 C:\WINDOWS
\system32\MSACM32.dll
VERSION.dll 0x77c00000 0x8000 C:\WINDOWS
\system32\VERSION.dll
msvcrt.dll 0x77c10000 0x58000 C:\WINDOWS
\system32\msvcrt.dll
msv1_0.dll 0x77c70000 0x23000 C:\WINDOWS
\system32\msv1_0.dll
ACTIVEDS.dll 0x77cc0000 0x32000 C:\WINDOWS
\system32\ACTIVEDS.dll
ADVAPI32.dll 0x77dd0000 0x9b000 C:\WINDOWS
\system32\ADVAPI32.dll
RPCRT4.dll 0x77e70000 0x91000 C:\WINDOWS
\system32\RPCRT4.dll
GDI32.dll 0x77f10000 0x46000 C:\WINDOWS
\system32\GDI32.dll
SHLWAPI.dll 0x77f60000 0x76000 C:\WINDOWS
\system32\SHLWAPI.dll
Secur32.dll 0x77fe0000 0x11000 C:\WINDOWS
\system32\Secur32.dll
msvcr70.dll 0x7c000000 0x54000 C:\WINDOWS
\system32\msvcr70.dll
mfc70.dll 0x7c140000 0xee000 C:\WINDOWS
\system32\mfc70.dll
kernel32.dll 0x7c800000 0xf4000 C:\WINDOWS
\system32\kernel32.dll
ntdll.dll 0x7c900000 0xb0000 C:\WINDOWS
\system32\ntdll.dll
SHELL32.dll 0x7c9c0000 0x814000 C:\WINDOWS
\system32\SHELL32.dll
I recently started using XP Pro SP2, installing it not long ago. The
system hasn't had any time to be infected by any malware. Aside from
FireFox 3.5.1, WordPerfect Suite 12, WinAmp 5, and my drivers, I
haven't installed much in it. I have a program called Adfree 3.2. It
is an ad blocker which relies on the system HOSTS text file to block
ads, substituting any small GIF image of your choice in its place. I
correctly reconfigured it to place its HOSTS file in the
C:\WINDOWS\system32\drivers\etc
folder. This is the beginning of the Adfree 3.2 HOSTS file which I
have updated with newer advertisement server locations. I estimate
there are about 1,890 server locations. The HOSTS file is 56K bytes:
===================
#
# Hosts file created by AdFree
#
# localhost: Needs to stay like this to work
127.0.0.1 localhost
# Other servers: These servers are directed towards
# AdFree to be filtered. You must alter these from
# within the AdFree program.
127.0.0.1 123banners.com
127.0.0.1 247media.com
127.0.0.1 24pm-affiliation.com
127.0.0.1 7adpower.com
127.0.0.1 911promotion.com
127.0.0.1 a.as-us.falkag.net
127.0.0.1 a.consumer.net
127.0.0.1 a.r.tv.com
....
===================
However, I am having a problem with XP Pro SP2. Every time I start
any operation, no matter what it is, XP automatically deletes the
HOSTS file. No matter if I start any browser, IE or FireFox, Windows
Explorer, Notepad, even if I open any applet in "Control Panel" >
"Administrative Tools", XP will delete the HOSTS file. The system and
Adfree need the HOSTS file to properly block ads. I have spent over
18 hours trying find the solution online, but with no success. I shut
off the "DNS Client" service, I even tried shutting off the XP
firewall, but nothing has worked.
I can get Adfree to work correctly, substituting a GIF of my choice in
place of ads. I must set the HOSTS file to "read only." However,
Adfree isn't really meant to function that way and I will run into
problems if I try to "pause" it. Plus, every time I start or exit
Adfree, or shut off the system, I must change the "read only"
setting. Reading posts on the 'Net, I know others have had this
problem, but they never posted their solution. I know there is a
either a service applet I can disable or Registry setting I can use to
stop XP from deleting the HOSTS file. Does anyone know what it is?
ADDENDUM:
I ran Process Monitor v2.5 and added the HOSTS filter as suggested. I
also opened Windows Explorer at folder C:\WINDOWS\system32\drivers
\etc. I then ran Adfree 3.2 and it correctly placed the HOSTS file
into the etc folder. The HOSTS file was sitting there as it's
supposed to be. Then I ran NOTEPAD and the HOSTS file was deleted as
usual.
I really wish I knew what is going on. I'm getting tired of dealing
with this. If necessary, I will call Microsoft Support and perhaps
someone there can help me if no one here can. That is, if they still
provide free support for XP Pro SP2.
Here are the results from Process Monitor AFTER RUNNING NOTEPAD.EXE.
There are 5 lines ONLY AND NO MORE: 4 from "Explorer.EXE" and 1 from
"notepad.exe." The Event and Process information from the first
Explorer.EXE line are below. Does ANYONE know the solution to this
problem? I know it's some kind of service or Registry setting.
===================================================
EVENT
Date & Time: 8/6/2009 8:43:50 PM
Event Class: File System
Operation: CreateFile
Result: SUCCESS
Path: C:\WINDOWS\system32\drivers\etc\hosts
TID: 1312
Duration: 0.0000274
Desired Access: Read Attributes, Delete
Disposition: Open
Options: Non-Directory File, Open Reparse Point
Attributes: n/a
ShareMode: Read, Write, Delete
AllocationSize: n/a
OpenResult: Opened
===================================================
PROCESS
Description: Windows Explorer
Company: Microsoft Corporation
Name: Explorer.EXE
Version: 6.0.2900.2180
Path: C:\WINDOWS\Explorer.EXE
Command Line: C:\WINDOWS\Explorer.EXE
PID: 1200
Parent PID: 1184
Session ID: 0
User: DANIEL\danielm
Auth ID: 00000000:0000ddef
Architecture: 32-bit
Virtualized: n/a
Integrity: n/a
Started: 8/6/2009 8:31:46 PM
Ended: (Running)
Modules:
Explorer.EXE 0x1000000 0xff000 C:\WINDOWS\Explorer.EXE
GUStrLib.dll 0x1590000 0x1c000 C:\WINDOWS
\system32\GUStrLib.dll
hercplgs.cpl 0x1810000 0x73000 C:\WINDOWS
\system32\hercplgs.cpl
rsaenh.dll 0xffd0000 0x28000 C:\WINDOWS
\system32\rsaenh.dll
lpad32.dll 0x10000000 0x26000 C:\WINDOWS
\system32\lpad32.dll
PortableDeviceApi.dll 0x10930000 0x49000 C:\WINDOWS
\system32\PortableDeviceApi.dll
PortableDeviceTypes.dll 0x109c0000 0x2c000 C:\WINDOWS
\system32\PortableDeviceTypes.dll
WPDShServiceObj.dll 0x164a0000 0x23000 C:\WINDOWS
\system32\WPDShServiceObj.dll
xpsp2res.dll 0x20000000 0x2c5000 C:\WINDOWS
\system32\xpsp2res.dll
PFIM120EN.DLL 0x383d0000 0xa000 H:\WordPerfect Office
12\Programs\PFIM120EN.DLL
PFSE120.DLL 0x38480000 0x16000 H:\WordPerfect Office
12\Programs\PFSE120.DLL
WINHTTP.dll 0x4d4f0000 0x58000 C:\WINDOWS
\system32\WINHTTP.dll
UxTheme.dll 0x5ad70000 0x38000 C:\WINDOWS
\system32\UxTheme.dll
NETAPI32.dll 0x5b860000 0x54000 C:\WINDOWS
\system32\NETAPI32.dll
themeui.dll 0x5ba60000 0x71000 C:\WINDOWS
\system32\themeui.dll
ShimEng.dll 0x5cb70000 0x26000 C:\WINDOWS
\system32\ShimEng.dll
comctl32.dll 0x5d090000 0x97000 C:\WINDOWS
\system32\comctl32.dll
msisip.dll 0x60980000 0x7000 C:\WINDOWS
\system32\msisip.dll
AcGenral.DLL 0x6f880000 0x1ca000 C:\WINDOWS\AppPatch
\AcGenral.DLL
WS2HELP.dll 0x71aa0000 0x8000 C:\WINDOWS
\system32\WS2HELP.dll
WS2_32.dll 0x71ab0000 0x17000 C:\WINDOWS
\system32\WS2_32.dll
WSOCK32.dll 0x71ad0000 0x9000 C:\WINDOWS
\system32\WSOCK32.dll
SAMLIB.dll 0x71bf0000 0x13000 C:\WINDOWS
\system32\SAMLIB.dll
actxprxy.dll 0x71d40000 0x1c000 C:\WINDOWS
\system32\actxprxy.dll
mydocs.dll 0x72410000 0x1a000 C:\WINDOWS
\system32\mydocs.dll
msacm32.drv 0x72d10000 0x8000 C:\WINDOWS
\system32\msacm32.drv
wdmaud.drv 0x72d20000 0x9000 C:\WINDOWS
\system32\wdmaud.drv
WZCSAPI.DLL 0x73030000 0x10000 C:\WINDOWS
\system32\WZCSAPI.DLL
mfc42.dll 0x73dd0000 0xfe000 C:\WINDOWS
\system32\mfc42.dll
DSOUND.dll 0x73f10000 0x5c000 C:\WINDOWS
\system32\DSOUND.dll
msi.dll 0x745e0000 0x2c6000 C:\WINDOWS\system32\msi.dll
POWRPROF.dll 0x74ad0000 0x8000 C:\WINDOWS
\system32\POWRPROF.dll
BatMeter.dll 0x74af0000 0xa000 C:\WINDOWS
\system32\BatMeter.dll
webcheck.dll 0x74b30000 0x46000 C:\WINDOWS
\system32\webcheck.dll
oleacc.dll 0x74c80000 0x2c000 C:\WINDOWS
\system32\oleacc.dll
wshext.dll 0x74ea0000 0x10000 C:\WINDOWS
\system32\wshext.dll
CRYPTUI.dll 0x754d0000 0x80000 C:\WINDOWS
\system32\CRYPTUI.dll
SXS.DLL 0x75e90000 0xb0000 C:\WINDOWS\system32\SXS.DLL
BROWSEUI.dll 0x75f80000 0xfc000 C:\WINDOWS
\system32\BROWSEUI.dll
msvcp60.dll 0x76080000 0x65000 C:\WINDOWS
\system32\msvcp60.dll
stobject.dll 0x76280000 0x21000 C:\WINDOWS
\system32\stobject.dll
WINSTA.dll 0x76360000 0x10000 C:\WINDOWS
\system32\WINSTA.dll
MSIMG32.dll 0x76380000 0x5000 C:\WINDOWS
\system32\MSIMG32.dll
comdlg32.dll 0x763b0000 0x49000 C:\WINDOWS
\system32\comdlg32.dll
NETSHELL.dll 0x76400000 0x1a6000 C:\WINDOWS
\system32\NETSHELL.dll
CSCDLL.dll 0x76600000 0x1d000 C:\WINDOWS
\System32\CSCDLL.dll
RASDLG.dll 0x768d0000 0xa4000 C:\WINDOWS
\system32\RASDLG.dll
LINKINFO.dll 0x76980000 0x8000 C:\WINDOWS
\system32\LINKINFO.dll
ntshrui.dll 0x76990000 0x25000 C:\WINDOWS
\system32\ntshrui.dll
USERENV.dll 0x769c0000 0xb3000 C:\WINDOWS
\system32\USERENV.dll
ATL.DLL 0x76b20000 0x11000 C:\WINDOWS\system32\ATL.DLL
WINMM.dll 0x76b40000 0x2d000 C:\WINDOWS
\system32\WINMM.dll
credui.dll 0x76c00000 0x2e000 C:\WINDOWS
\system32\credui.dll
WINTRUST.dll 0x76c30000 0x2e000 C:\WINDOWS
\system32\WINTRUST.dll
IMAGEHLP.dll 0x76c90000 0x28000 C:\WINDOWS
\system32\IMAGEHLP.dll
MPRAPI.dll 0x76d40000 0x18000 C:\WINDOWS
\system32\MPRAPI.dll
iphlpapi.dll 0x76d60000 0x19000 C:\WINDOWS
\system32\iphlpapi.dll
adsldpc.dll 0x76e10000 0x25000 C:\WINDOWS
\system32\adsldpc.dll
rtutils.dll 0x76e80000 0xe000 C:\WINDOWS
\system32\rtutils.dll
rasman.dll 0x76e90000 0x12000 C:\WINDOWS
\system32\rasman.dll
TAPI32.dll 0x76eb0000 0x2f000 C:\WINDOWS
\system32\TAPI32.dll
RASAPI32.dll 0x76ee0000 0x3c000 C:\WINDOWS
\system32\RASAPI32.dll
WTSAPI32.dll 0x76f50000 0x8000 C:\WINDOWS
\system32\WTSAPI32.dll
WLDAP32.dll 0x76f60000 0x2c000 C:\WINDOWS
\system32\WLDAP32.dll
CLBCATQ.DLL 0x76fd0000 0x7f000 C:\WINDOWS
\system32\CLBCATQ.DLL
COMRes.dll 0x77050000 0xc5000 C:\WINDOWS
\system32\COMRes.dll
OLEAUT32.dll 0x77120000 0x8c000 C:\WINDOWS
\system32\OLEAUT32.dll
WININET.dll 0x771b0000 0xa6000 C:\WINDOWS
\system32\WININET.dll
urlmon.dll 0x77260000 0x9c000 C:\WINDOWS
\system32\urlmon.dll
comctl32.dll 0x773d0000 0x102000
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-
Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1
ff9\comctl32.dll
ole32.dll 0x774e0000 0x13c000 C:\WINDOWS
\system32\ole32.dll
SHDOCVW.dll 0x77760000 0x16c000 C:\WINDOWS
\system32\SHDOCVW.dll
SETUPAPI.dll 0x77920000 0xf3000 C:\WINDOWS
\system32\SETUPAPI.dll
cscui.dll 0x77a20000 0x54000 C:\WINDOWS
\System32\cscui.dll
CRYPT32.dll 0x77a80000 0x94000 C:\WINDOWS
\system32\CRYPT32.dll
MSASN1.dll 0x77b20000 0x12000 C:\WINDOWS
\system32\MSASN1.dll
appHelp.dll 0x77b40000 0x22000 C:\WINDOWS
\system32\appHelp.dll
midimap.dll 0x77bd0000 0x7000 C:\WINDOWS
\system32\midimap.dll
MSACM32.dll 0x77be0000 0x15000 C:\WINDOWS
\system32\MSACM32.dll
VERSION.dll 0x77c00000 0x8000 C:\WINDOWS
\system32\VERSION.dll
msvcrt.dll 0x77c10000 0x58000 C:\WINDOWS
\system32\msvcrt.dll
msv1_0.dll 0x77c70000 0x23000 C:\WINDOWS
\system32\msv1_0.dll
ACTIVEDS.dll 0x77cc0000 0x32000 C:\WINDOWS
\system32\ACTIVEDS.dll
ADVAPI32.dll 0x77dd0000 0x9b000 C:\WINDOWS
\system32\ADVAPI32.dll
RPCRT4.dll 0x77e70000 0x91000 C:\WINDOWS
\system32\RPCRT4.dll
GDI32.dll 0x77f10000 0x46000 C:\WINDOWS
\system32\GDI32.dll
SHLWAPI.dll 0x77f60000 0x76000 C:\WINDOWS
\system32\SHLWAPI.dll
Secur32.dll 0x77fe0000 0x11000 C:\WINDOWS
\system32\Secur32.dll
msvcr70.dll 0x7c000000 0x54000 C:\WINDOWS
\system32\msvcr70.dll
mfc70.dll 0x7c140000 0xee000 C:\WINDOWS
\system32\mfc70.dll
kernel32.dll 0x7c800000 0xf4000 C:\WINDOWS
\system32\kernel32.dll
ntdll.dll 0x7c900000 0xb0000 C:\WINDOWS
\system32\ntdll.dll
SHELL32.dll 0x7c9c0000 0x814000 C:\WINDOWS
\system32\SHELL32.dll
