%user_profile%\appdata\local\microsoft\internet explorer\extensions\apihelper.dll
%win_dir%\system32\lpclient.exe
%user_profile%\appdata\roaming\newsi_2\s_inst.exe