Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cid Pop-ups


  • Please log in to reply
35 replies to this topic

#1 pioneer_1973

pioneer_1973

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 11 February 2008 - 02:44 AM

Hi, this is my first post to this site. I made sure I read and followed all the pre-posting instuctions you put up so as not to waste your or my time. Anyway, I started getting these pop-ups awhile back, I ran a bunch of spyware/adware removal downloads and eventually they stopped. Then one day last week I went to download something from LimeWire and stopped the download from accessing the internet using my McAfee Security, but I guess it was too late. Anyway here I am posting my HackThis log for someone to help me out. What the heck is CiD? It's a tough little program to get rid of! Help me squash this bug!
Here's my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:45 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007

\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common

files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile

Device

Support\bin\AppleMobileDeviceService.exe
C:\Program

Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program

Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program

Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\Lexmark 1200

Series\lxczbmgr.exe
C:\Program Files\Toshiba\Toshiba

Applet\thotkey.exe
C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
C:\Program Files\TOSHIBA\TOSHIBA

Controls\TFncKy.exe
C:\Program Files\Lexmark 1200

Series\lxczbmon.exe
C:\Program Files\Java\jre1.6.0_03

\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming

Utility\SmoothView.exe
C:\PROGRA~1\Dantz\RETROS~1

\RetroExpress.exe
C:\Program Files\TOSHIBA\Touch and

Launch\PadExe.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program

Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop

Messenger\8876480

\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbar

Notifier.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA

Applet\TAPPSRV.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
c:\PROGRA~1\COMMON~1

\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1

\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common

Files\McAfee\HackerWatch\HWAPI.exe
c:\PROGRA~1\COMMON~1

\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\COMMON~1

\McAfee\EmProxy\emproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\QUICKT~1\QuickTimePlayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3

\hpztsb09.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Trend Micro\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://red.clientapps.yahoo.com/customize/ycom

p/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://us.rd.yahoo.com/customize/ie/defaults/su/

ymj/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/defaults/sb/

ymj/*http://www.yahoo.com/ext/search/search.h

tml
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ie/defaults/sp/

ymj/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =

http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://red.clientapps.yahoo.com/customize/ycom

p/defaults/su/*http://www.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38

-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-

469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1

\COMCAS~1\COMCAS~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-

B68D-6309F01C5231} - c:\PROGRA~1

\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-

478a-8536-526CF371D2E2} -

C:\WINDOWS\system32\nsqC93.dll
O2 - BHO: Google Toolbar Notifier BHO -

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

C:\Program

Files\Google\GoogleToolbarNotifier\2.1.615.5858

\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB

-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-

2B8D-469E-93BE-BE2DF4D9AE29} -

C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-

9B18-009027A5CD4F} - c:\program

files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MaxtorOneTouch]

C:\Program

Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant]

C:\Program

Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series]

"C:\Program Files\Lexmark 1200

Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [THotkey] C:\Program

Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program

Files\Support.com\bin\tgcmd.exe /server

/startmonitor /deaf
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]

"C:\Program Files\Java\jre1.6.0_03

\bin\jusched.exe"
O4 - HKLM\..\Run: [SmoothView] C:\Program

Files\TOSHIBA\TOSHIBA Zooming

Utility\SmoothView.exe
O4 - HKLM\..\Run: [RetroExpress]

C:\PROGRA~1\Dantz\RETROS~1

\RetroExpress.exe /h
O4 - HKLM\..\Run: [PINGER]

c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program

Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Notebook Maximizer]

C:\Program Files\Notebook

Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [MXOBG] C:\Documents and

Settings\Willie P\Local Settings\Temp\{231F68F4

-70E4-41A6-BEDA-7E7934169B54}\MXOALDR.EXE
O4 - HKLM\..\Run: [LVCOMSX]

C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]]

C:\Program Files\Logitech\Video\InstallHelper.exe

/inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)]

C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Logitech Hardware

Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %

systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32

\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI

Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed

Launcher] "C:\Program Files\Adobe\Reader 8.0

\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [postSetupCheck]

C:\WINDOWS\System32\Rundll32.exe

"C:\WINDOWS\system32\gzmrt.dll" DllStart
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\system32\spool\drivers\w32x86\3

\hpztsb09.exe
O4 - HKCU\..\Run: [LDM] C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbar

Notifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe" -

quiet
O4 - HKCU\..\Run: [NBJ] "C:\Program

Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program

Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate]

C:\WINDOWS\system32

\Macromed\Flash\FlashUtil9b.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater]

C:\WINDOWS\system32\Macromed\SHOCKW~1

\SWHELP~1.EXE -Update -1020023 -

iexplore.exe7.0
O4 - Global Startup: Logitech Desktop

Messenger.lnk = C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk =

C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: RAMASST.lnk =

C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Yahoo! Search -

file:///C:\Program Files\Yahoo!

\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo!

&Dictionary - file:///C:\Program Files\Yahoo!

\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps -

file:///C:\Program Files\Yahoo!

\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS -

file:///C:\Program Files\Yahoo!

\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB

-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file

missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B

-68BC-4B02-94D6-2FC0DE4A7897} -

C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9

-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110

-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger

- {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://browser.skillport.com
O16 - DPF: {17492023-C23A-453E-A040-

C7C580BBF700} (Windows Genuine Advantage

Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-

fa1d4f56a2ab} (Installation Support) -

C:\Program Files\Yahoo!

\Common\Yinsthelper20073151.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-

5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free

/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-

C18E1ADA4389} -

http://download.mcafee.com/molbin/shared/mcg

dmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: bw+0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-

7B47-47BC-8C80-C34B9B80B32B} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CD3FEC9A-155F-4AB6-

8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CD3FEC9A-

155F-4AB6-8BAC-E27E26681440} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O23 - Service: McAfee Application Installer

Cleanup (0173211202242123)

(0173211202242123mcinstcleanup) - McAfee,

Inc. - C:\DOCUME~1\WILLIE~1\LOCALS~1

\Temp\017321~1.EXE
O23 - Service: Ad-Aware 2007 Service

(aawservice) - Lavasoft - C:\Program

Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. -

C:\Program Files\Common Files\Apple\Mobile

Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI

Technologies Inc. - C:\WINDOWS\system32

\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd -

C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) -

TOSHIBA CORPORATION - C:\Program

Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa

Electric Industrial Co., Ltd. -

C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) -

McAfee, Inc. - C:\PROGRA~1\COMMON~1

\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) -

Google - C:\Program

Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. -

C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) -

Lexmark International, Inc. -

C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor

(LVPrcSrv) - Logitech Inc. - c:\program

files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Lexar Secure II (LxrSII1s) -

Unknown owner - C:\WINDOWS\SYSTEM32

\LxrSII1s.exe
O23 - Service: McAfee HackerWatch Service -

McAfee, Inc. - C:\Program Files\Common

Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager

(mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1

\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) -

McAfee, Inc. - C:\PROGRA~1

\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc)

- McAfee, Inc. - c:\PROGRA~1\COMMON~1

\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) -

McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1

\mcods.exe
O23 - Service: McAfee Protection Manager

(mcpromgr) - McAfee, Inc. - C:\PROGRA~1

\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) -

McAfee, Inc. - c:\PROGRA~1\COMMON~1

\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service

(McRedirector) - McAfee, Inc. - c:\PROGRA~1

\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner

(McShield) - McAfee, Inc. - C:\PROGRA~1

\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards

(McSysmon) - McAfee, Inc. - C:\PROGRA~1

\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service

(MpfService) - McAfee, Inc. - C:\Program

Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) -

McAfee, Inc. - C:\PROGRA~1

\McAfee\MPS\mps.exe
O23 - Service: MSCSPTISRV - Sony Corporation -

C:\Program Files\Common Files\Sony

Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation -

C:\Program Files\Common Files\Sony

Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP -

C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Express HD Restore

Helper (RetroExp Helper) - Dantz Development

Corporation - C:\PROGRA~1\Dantz\RETROS~1

\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher

(RetroExpLauncher) - Dantz Development

Corporation - C:\PROGRA~1\Dantz\RETROS~1

\retrorun.exe
O23 - Service: Sony SPTI Service (SPTISRV) -

Sony Corporation - C:\Program Files\Common

Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service

(SSScsiSV) - Sony Corporation - C:\Program

Files\Common Files\Sony

Shared\AVLib\SSScsiSV.exe
O23 - Service: Swupdtmr - Unknown owner -

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service

(TAPPSRV) - TOSHIBA Corp. - C:\Program

Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 26496 bytes

BC AdBot (Login to Remove)

 


m

#2 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:12:17 AM

Posted 12 February 2008 - 04:35 AM

Hi and welcome,

What the heck is CiD?


It's adware/hijacker. Also known as C2.LOP.
This describes it well:
http://research.sunbelt-software.com/threa...p;threatid=8144

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - Uninstall List
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#3 pioneer_1973

pioneer_1973
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 15 February 2008 - 12:18 PM

Sorry it took so long to reply, can only really deal with the computer on my days off (the wife throws a fit). Anyway, here's the results of the scan. What's your diagnosis?

WinPFind35 logfile created on: 2/15/2008 9:22:15 AM
WinPFind35U Version Beta51	 Folder = C:\Documents and Settings\Willie P\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
958.23 Mb Total Physical Memory | 247.46 Mb Available Physical Memory | 25.82% Memory free
1.51 Gb Paging File | 0.92 Gb Available in Paging File | 61.08% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.33 Gb Total Space | 38.07 Gb Free Space | 51.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 279.47 Gb Total Space | 54.07 Gb Free Space | 19.35% Space Free | Partition Type: NTFS
Drive F: | 583.30 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: Willie P
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 4/11/2005 12:31:26 PM | Attr =	]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 4/11/2005 12:31:26 PM | Attr =	]
lexbces.exe -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.47 | Size = 311296 bytes | Modified Date = 4/17/2006 9:42:14 AM | Attr =	]
lexpps.exe -> %SystemRoot%\system32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 9.47 | Size = 174592 bytes | Modified Date = 4/17/2006 9:41:24 AM | Attr =	]
lvprcsrv.exe -> %CommonProgramFiles%\Logitech\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 9.0.1.1070 | Size = 81920 bytes | Modified Date = 7/28/2005 11:37:24 AM | Attr =	]
onetouch.exe -> %ProgramFiles%\Maxtor\OneTouch\Utils\OneTouch.exe -> Maxtor Corporation [Ver = 3, 0, 0, 2 | Size = 823296 bytes | Modified Date = 12/22/2004 6:21:48 AM | Attr =	]
cameraassistant.exe -> %ProgramFiles%\Logitech\Video\CameraAssistant.exe -> Logitech Inc. [Ver = 9.0.1.1070 | Size = 389120 bytes | Modified Date = 7/28/2005 11:02:32 AM | Attr =	]
lxczbmgr.exe -> %ProgramFiles%\Lexmark 1200 Series\lxczbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 7/12/2006 9:22:50 PM | Attr =	]
thotkey.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\THotkey.exe -> TOSHIBA [Ver = 1.00.0003 | Size = 339968 bytes | Modified Date = 4/25/2005 8:15:18 AM | Attr =	]
lxczbmon.exe -> %ProgramFiles%\Lexmark 1200 Series\lxczbmon.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 53248 bytes | Modified Date = 7/12/2006 9:33:14 PM | Attr =	]
tfncky.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Controls\TFncKy.exe -> TOSHIBA Corporation [Ver = 3.14.00 | Size = 114688 bytes | Modified Date = 10/25/2004 2:23:10 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:35 AM | Attr =	]
smoothview.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 22 | Size = 122880 bytes | Modified Date = 4/15/2005 3:51:48 PM | Attr =	]
padexe.exe -> %ProgramFiles%\TOSHIBA\Touch and Launch\PadExe.exe -> TOSHIBA [Ver = 1, 2, 7, 0 | Size = 1077301 bytes | Modified Date = 9/7/2004 1:03:20 PM | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr =	]
ndstray.exe -> %ProgramFiles%\TOSHIBA\ConfigFree\NDSTray.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 403 | Size = 962560 bytes | Modified Date = 2/8/2005 9:04:24 AM | Attr =	]
lvcomsx.exe -> %SystemRoot%\system32\LVCOMSX.EXE -> Logitech Inc. [Ver = 9.0.1.1070 | Size = 221184 bytes | Modified Date = 7/28/2005 11:30:36 AM | Attr =	]
cdac11ba.exe -> %SystemRoot%\system32\drivers\CDAC11BA.EXE -> C-Dilla Ltd [Ver = 4.11.050 | Size = 39936 bytes | Modified Date = 2/10/2008 11:32:22 PM | Attr =	]
cfsvcs.exe -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 1/17/2005 3:38:38 PM | Attr =	]
elkctrl.exe -> %SystemRoot%\system32\ElkCtrl.exe -> Logitech Inc. [Ver = 8.5.0.1137 | Size = 262144 bytes | Modified Date = 11/1/2004 4:22:22 PM | Attr =	]
dvdramsv.exe -> %SystemRoot%\system32\DVDRAMSV.exe -> Matsubleepa Electric Industrial Co., Ltd. [Ver = 3, 0, 0, 0 | Size = 110592 bytes | Modified Date = 8/27/2004 11:33:00 PM | Attr =	]
tfswctrl.exe -> %SystemRoot%\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122941 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr =	]
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 5/12/2007 8:32:59 PM | Attr =	]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5145 | Size = 339968 bytes | Modified Date = 4/11/2005 9:00:00 AM | Attr =	]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 1/15/2008 3:22:56 AM | Attr =	]
lxrsii1s.exe -> %SystemRoot%\system32\LxrSII1s.exe ->  [Ver =  | Size = 53248 bytes | Modified Date = 5/19/2005 11:48:34 AM | Attr =	]
hwapi.exe -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.3.105.0 | Size = 540776 bytes | Modified Date = 2/13/2007 12:09:12 PM | Attr =	]
hpztsb09.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe -> HP [Ver = 2.239.0.0 | Size = 188416 bytes | Modified Date = 7/25/2003 6:14:02 AM | Attr =	]
logitechdesktopmessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech [Ver = 2.30.04 | Size = 36864 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 4/4/2007 5:02:25 AM | Attr =	]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 361560 bytes | Modified Date = 1/5/2007 4:22:12 PM | Attr =	]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,2,108,0 | Size = 2213416 bytes | Modified Date = 3/9/2007 4:36:10 AM | Attr =	]
ramasst.exe -> %SystemRoot%\system32\RAMASST.exe -> Matsubleepa Electric Industrial Co., Ltd. [Ver = 1, 1, 0, 0 | Size = 155648 bytes | Modified Date = 8/27/2004 11:37:00 PM | Attr =	]
mcods.exe -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 362064 bytes | Modified Date = 1/16/2007 6:03:36 PM | Attr =	]
mcpromgr.exe -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 493144 bytes | Modified Date = 1/5/2007 4:21:40 PM | Attr =	]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 1,2,138,0 | Size = 353368 bytes | Modified Date = 4/12/2007 9:33:42 AM | Attr =	]
redirsvc.exe -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,3,109,0 | Size = 256096 bytes | Modified Date = 3/8/2007 3:42:42 PM | Attr =	]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.2.116.x86 | Size = 144960 bytes | Modified Date = 6/25/2007 10:56:42 AM | Attr =	]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,2,131,0 | Size = 643664 bytes | Modified Date = 1/25/2007 4:01:58 PM | Attr =	]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 566872 bytes | Modified Date = 1/5/2007 4:21:16 PM | Attr =	]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.2.122.0 | Size = 841256 bytes | Modified Date = 6/19/2007 8:55:24 AM | Attr =	]
mps.exe -> %ProgramFiles%\McAfee\MPS\mps.exe -> McAfee, Inc. [Ver = 9.2.134.0 | Size = 906792 bytes | Modified Date = 4/18/2007 2:08:06 PM | Attr =	]
mpsevh.exe -> %ProgramFiles%\McAfee\MPS\mpsevh.exe -> McAfee, Inc. [Ver = 9.2.134.0 | Size = 304680 bytes | Modified Date = 4/18/2007 2:08:10 PM | Attr =	]
swupdtmr.exe -> %SystemDrive%\TOSHIBA\IVP\swupdate\swupdtmr.exe ->  [Ver =  | Size = 40960 bytes | Modified Date = 7/12/2005 4:14:42 PM | Attr =	]
tappsrv.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 3KA | Size = 34816 bytes | Modified Date = 4/25/2005 8:15:26 AM | Attr =	]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 1/15/2008 3:22:44 AM | Attr =	]
retrorun.exe -> %ProgramFiles%\Dantz\Retrospect Express HD\retrorun.exe -> Dantz Development Corporation [Ver = 1.0.196 | Size = 69632 bytes | Modified Date = 7/30/2004 1:47:36 PM | Attr =	]
acrord32.exe -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AcroRd32.exe -> Adobe Systems Incorporated [Ver = 8.1.0.2007051100 | Size = 341616 bytes | Modified Date = 5/11/2007 2:06:38 AM | Attr =	]
mcvsshld.exe -> %ProgramFiles%\McAfee\VirusScan\mcvsshld.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 370256 bytes | Modified Date = 1/16/2007 6:03:34 PM | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309248 bytes | Modified Date = 2/13/2008 10:50:32 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 4/11/2005 12:31:26 PM | Attr =	]
(C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\drivers\CDAC11BA.EXE -> C-Dilla Ltd [Ver = 4.11.050 | Size = 39936 bytes | Modified Date = 2/10/2008 11:32:22 PM | Attr =	]
(CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 1/17/2005 3:38:38 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
(DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\DVDRAMSV.exe -> Matsubleepa Electric Industrial Co., Ltd. [Ver = 3, 0, 0, 0 | Size = 110592 bytes | Modified Date = 8/27/2004 11:33:00 PM | Attr =	]
(Emproxy) McAfee E-mail Proxy [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\McAfee\EmProxy\emproxy.exe -> McAfee, Inc. [Ver = 11,2,214,0 | Size = 341328 bytes | Modified Date = 10/5/2007 5:33:26 PM | Attr =	]
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 5/12/2007 8:32:59 PM | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 1/15/2008 3:22:44 AM | Attr =	]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.47 | Size = 311296 bytes | Modified Date = 4/17/2006 9:42:14 AM | Attr =	]
(LVPrcSrv) Logitech Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Logitech\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 9.0.1.1070 | Size = 81920 bytes | Modified Date = 7/28/2005 11:37:24 AM | Attr =	]
(LxrSII1s) Lexar Secure II [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LxrSII1s.exe ->  [Ver =  | Size = 53248 bytes | Modified Date = 5/19/2005 11:48:34 AM | Attr =	]
(McAfee HackerWatch Service) McAfee HackerWatch Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.3.105.0 | Size = 540776 bytes | Modified Date = 2/13/2007 12:09:12 PM | Attr =	]
(mcmispupdmgr) McAfee Update Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\MSC\mcupdmgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 689752 bytes | Modified Date = 1/5/2007 4:22:18 PM | Attr =	]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 361560 bytes | Modified Date = 1/5/2007 4:22:12 PM | Attr =	]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,2,108,0 | Size = 2213416 bytes | Modified Date = 3/9/2007 4:36:10 AM | Attr =	]
(McODS) McAfee Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 362064 bytes | Modified Date = 1/16/2007 6:03:36 PM | Attr =	]
(mcpromgr) McAfee Protection Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 493144 bytes | Modified Date = 1/5/2007 4:21:40 PM | Attr =	]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 1,2,138,0 | Size = 353368 bytes | Modified Date = 4/12/2007 9:33:42 AM | Attr =	]
(McRedirector) McAfee Redirector Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,3,109,0 | Size = 256096 bytes | Modified Date = 3/8/2007 3:42:42 PM | Attr =	]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] ->  -> File not found
(McSysmon) McAfee SystemGuards [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,2,131,0 | Size = 643664 bytes | Modified Date = 1/25/2007 4:01:58 PM | Attr =	]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.2.122.0 | Size = 841256 bytes | Modified Date = 6/19/2007 8:55:24 AM | Attr =	]
(MPS9) McAfee Privacy Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPS\mps.exe -> McAfee, Inc. [Ver = 9.2.134.0 | Size = 906792 bytes | Modified Date = 4/18/2007 2:08:06 PM | Attr =	]
(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.3.00.08302 | Size = 53337 bytes | Modified Date = 8/30/2005 4:00:50 AM | Attr =	]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.3.00.08302 | Size = 53337 bytes | Modified Date = 8/30/2005 3:55:18 AM | Attr =	]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 7, 0, 0, 0 | Size = 65795 bytes | Modified Date = 5/14/2003 4:45:04 AM | Attr = R  ]
(RetroExp Helper) Retrospect Express HD Restore Helper [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Dantz\Retrospect Express HD\rthlpsvc.exe -> Dantz Development Corporation [Ver = 1.0.196 | Size = 110592 bytes | Modified Date = 7/30/2004 1:47:36 PM | Attr =	]
(RetroExpLauncher) Retrospect Express HD Launcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Dantz\Retrospect Express HD\retrorun.exe -> Dantz Development Corporation [Ver = 1.0.196 | Size = 69632 bytes | Modified Date = 7/30/2004 1:47:36 PM | Attr =	]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.3.00.08302 | Size = 69718 bytes | Modified Date = 8/30/2005 3:49:34 AM | Attr =	]
(SSScsiSV) SonicStage SCSI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> Sony Corporation [Ver = 3.3.00.09270 | Size = 69632 bytes | Modified Date = 9/26/2005 6:19:26 PM | Attr =	]
(Swupdtmr) Swupdtmr [Win32_Own | Auto | Running] -> %SystemDrive%\TOSHIBA\IVP\swupdate\swupdtmr.exe ->  [Ver =  | Size = 40960 bytes | Modified Date = 7/12/2005 4:14:42 PM | Attr =	]
(TAPPSRV) TOSHIBA Application Service [Win32_Own | Auto | Running] -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 3KA | Size = 34816 bytes | Modified Date = 4/25/2005 8:15:26 AM | Attr =	]

[Driver Services - Non-Microsoft Only]
(a347bus) a347bus [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\a347bus.sys ->   [Ver = 3.47.0.0 built by: WinDDK | Size = 158720 bytes | Modified Date = 8/23/2004 2:20:06 AM | Attr =	]
(a347scsi) a347scsi [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\a347scsi.sys ->   [Ver = 3.47.0.0 built by: WinDDK | Size = 5248 bytes | Modified Date = 4/29/2004 10:33:00 PM | Attr =	]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(AgereSoftModem) TOSHIBA V92 Software Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.51 2.1.51 03/04/2005 12:02:18 | Size = 1066278 bytes | Modified Date = 4/12/2005 3:19:42 PM | Attr =	]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> Realtek Semiconductor Corp. [Ver = 5.10.5820 built by: WinDDK | Size = 2314560 bytes | Modified Date = 3/25/2005 2:04:40 PM | Attr =	]
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(AR5211) Atheros Wireless Network Adapter Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ar5211.sys -> Atheros Communications, Inc. [Ver = 3.1.2.45 | Size = 393600 bytes | Modified Date = 12/22/2004 4:45:36 PM | Attr =	]
(AR5513) %ATHER.Service.DispName% [Kernel | On_Demand | Stopped] -> system32\DRIVERS\ar5513.sys -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6539 | Size = 1035264 bytes | Modified Date = 4/11/2005 12:33:52 PM | Attr =	]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(CdaC15BA) CdaC15BA [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\CDAC15BA.SYS ->  [Ver =  | Size = 8864 bytes | Modified Date = 2/10/2008 11:32:18 PM | Attr =	]
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.22.13a | Size = 88352 bytes | Modified Date = 4/22/2005 2:22:00 AM | Attr =	]
(drvnddm) drvnddm [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\drvnddm.sys -> Sonic Solutions [Ver = 2.56.53a | Size = 40544 bytes | Modified Date = 4/21/2005 1:56:00 AM | Attr =	]
(FilterService) UVC Filter Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\lvuvcflt.sys -> Logitech Inc. [Ver = 9.0.1.1070 | Size = 14080 bytes | Modified Date = 7/28/2005 11:52:04 AM | Attr =	]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 2:44:04 PM | Attr =	]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hpzid412.sys -> HP [Ver = 7, 0, 0, 0 | Size = 51056 bytes | Modified Date = 5/14/2003 4:19:52 AM | Attr = R  ]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> HP [Ver = 7, 0, 0, 0 | Size = 16496 bytes | Modified Date = 5/14/2003 4:19:54 AM | Attr = R  ]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZius12.sys -> HP [Ver = 7, 0, 0, 0 | Size = 21488 bytes | Modified Date = 5/14/2003 4:17:54 AM | Attr = R  ]
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(InCDFs) InCD File System [File_System | Disabled | Stopped] -> system32\drivers\InCDFs.sys -> File not found
(InCDPass) InCDPass [Kernel | System | Stopped] -> system32\drivers\InCDPass.sys -> File not found
(InCDRm) InCD Reader [Kernel | System | Stopped] -> system32\drivers\InCDRm.sys -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(Iviaspi) IVI ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\iviaspi.sys -> InterVideo, Inc. [Ver = 1, 0, 0, 0 | Size = 21060 bytes | Modified Date = 9/10/2003 10:36:54 PM | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(LHidKe) Logitech SetPoint HID Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidKE.Sys -> Logitech, Inc. [Ver = 2.31.522.00 | Size = 24704 bytes | Modified Date = 3/10/2005 11:09:02 AM | Attr =	]
(LHidUsbK) Logitech SetPoint USB Receiver device driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidUsbK.sys -> Logitech, Inc. [Ver = 2.31.522.00 | Size = 36480 bytes | Modified Date = 3/10/2005 11:08:34 AM | Attr =	]
(LMouKE) Logitech SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LMouKE.Sys -> Logitech, Inc. [Ver = 2.31.522.00 | Size = 69504 bytes | Modified Date = 3/10/2005 11:08:56 AM | Attr =	]
(Lvckap) Logitech Kernel Audio Processing Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Lvckap.sys ->  [Ver =  | Size = 2169984 bytes | Modified Date = 7/28/2005 11:35:04 AM | Attr =	]
(lvmvdrv) Logitech Machine Vision Engine Loader [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LVMVdrv.sys ->  [Ver =  | Size = 1912064 bytes | Modified Date = 7/28/2005 11:37:22 AM | Attr =	]
(LVPrcMon) Logitech LVPrcMon Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LVPrcMon.sys ->  [Ver =  | Size = 16768 bytes | Modified Date = 7/28/2005 11:37:24 AM | Attr =	]
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LVUSBSta.sys -> Logitech Inc. [Ver = 9.0.1.1070 | Size = 22528 bytes | Modified Date = 7/28/2005 11:44:28 AM | Attr =	]
(LVUVC) Logitech QuickCam for Notebooks Pro(UVC) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\lvuvc.sys -> Logitech Inc. [Ver = 9.0.1.1070 | Size = 1054848 bytes | Modified Date = 7/28/2005 11:48:44 AM | Attr =	]
(LxrSII1d) Secure II Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\LxrSII1d.sys ->  [Ver =  | Size = 70016 bytes | Modified Date = 5/19/2005 11:48:24 AM | Attr =	]
(MDC8021X) AEGIS Protocol (IEEE 802.1x) v2.3.1.10 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdc8021x.sys -> Meetinghouse Data Communications [Ver = 2.3.1.10 | Size = 15890 bytes | Modified Date = 11/4/2005 6:41:48 AM | Attr =	]
(Mdclocm96) Mdclocm96 [File_System | Disabled | Stopped] ->  -> File not found
(meiudf) meiudf [File_System | System | Running] -> %SystemRoot%\system32\drivers\meiudf.sys -> Matsubleepa Electric Industrial Co.,Ltd. [Ver = 4.0.7.0 | Size = 102384 bytes | Modified Date = 6/2/2005 2:33:00 AM | Attr =	]
(mfeavfk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.108.x86 | Size = 71496 bytes | Modified Date = 6/25/2007 2:54:44 PM | Attr =	]
(mfebopk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.136.x86 | Size = 34184 bytes | Modified Date = 6/25/2007 10:57:10 AM | Attr =	]
(mfehidk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.136.x86 | Size = 171240 bytes | Modified Date = 6/25/2007 10:57:20 AM | Attr =	]
(mferkdk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.136.x86 | Size = 32008 bytes | Modified Date = 6/25/2007 10:57:24 AM | Attr =	]
(mfesmfk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.136.x86 | Size = 37480 bytes | Modified Date = 6/25/2007 10:57:28 AM | Attr =	]
(MPFP) MPFP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Mpfp.sys -> McAfee, Inc. [Ver = 8.3.111.0 | Size = 109608 bytes | Modified Date = 3/2/2007 2:16:52 PM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(MXOFX) USB Storage Adapter FX (MXO) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\MXOFX.SYS -> Cypress Semiconductor [Ver = 6.01.1000.0  | Size = 32640 bytes | Modified Date = 10/10/2003 2:23:48 AM | Attr =	]
(MXOPSWD) Maxtor OneTouch Security Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mxopswd.sys -> Maxtor Corp. [Ver = 1,0,6,0 | Size = 15360 bytes | Modified Date = 10/7/2004 8:21:22 AM | Attr =	]
(Navcar) Navman In-car Navigator USB Driver Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Navcar.sys -> NAVMAN [Ver = 2.3.14 | Size = 30329 bytes | Modified Date = 10/29/2003 7:13:22 AM | Attr =	]
(Netdevio) TOSHIBA Network Device Usermode I/O Protocol [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\Netdevio.sys -> TOSHIBA Corporation. [Ver = Version 5.00.01.00 built by: WinDDK | Size = 12032 bytes | Modified Date = 1/29/2003 1:35:00 PM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(Pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 21248 bytes | Modified Date = 9/19/2003 2:45:48 PM | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.43J | Size = 36624 bytes | Modified Date = 10/18/2006 2:00:00 AM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(RTL8023xp) Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Rtlnicxp.sys -> Realtek Semiconductor Corporation							[Ver = 5.620.1202.2004 built by: WinDDK | Size = 70912 bytes | Modified Date = 12/2/2004 3:36:08 PM | Attr =	]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 2:31:34 PM | Attr =	]
(SDTHOOK) SDTHOOK [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Modified Date = 6/5/2007 10:56:40 AM | Attr =	]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 2:25:53 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\system32\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.90a | Size = 5627 bytes | Modified Date = 5/13/2005 9:37:28 AM | Attr =	]
(sscdbus) SAMSUNG USB Composite Device driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sscdbus.sys -> MCCI Corporation [Ver = V4.40 | Size = 80552 bytes | Modified Date = 7/3/2007 3:54:24 PM | Attr =	]
(sscdmdfl) SAMSUNG Mobile Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sscdmdfl.sys -> MCCI Corporation [Ver = V4.40 | Size = 11944 bytes | Modified Date = 7/3/2007 3:57:24 PM | Attr =	]
(sscdmdm) SAMSUNG Mobile Modem Drivers [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sscdmdm.sys -> MCCI Corporation [Ver = V4.40 | Size = 106792 bytes | Modified Date = 7/3/2007 3:58:20 PM | Attr =	]
(sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sscdserd.sys -> MCCI Corporation [Ver = V4.40 | Size = 86824 bytes | Modified Date = 7/3/2007 3:59:10 PM | Attr =	]
(ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\system32\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.90a | Size = 23545 bytes | Modified Date = 5/13/2005 9:37:20 AM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.12.4 14Oct04 | Size = 185728 bytes | Modified Date = 10/14/2004 2:14:04 PM | Attr =	]
(TBiosDrv) TBiosDrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tbiosdrv.sys ->  [Ver =  | Size = 6867 bytes | Modified Date = 6/11/2003 7:53:22 AM | Attr =	]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 25725 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr =	]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 34845 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr =	]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 4125 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr =	]
(tfsndres) tfsndres [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 2241 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr =	]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 86876 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr =	]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 15069 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr =	]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 6365 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr =	]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 98716 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr =	]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 100605 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr =	]
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(TVALD) Toshiba Mobile PC Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NBSMI.sys -> Toshiba Corporation [Ver = 1.0.0.7M built by: WinDDK | Size = 4992 bytes | Modified Date = 3/15/2005 7:33:30 AM | Attr =	]
(Tvs) Toshiba Virtual Sound with SRS technologies [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Tvs.sys -> TOSHIBA Corporation [Ver = 1, 0, 1, 0 | Size = 29056 bytes | Modified Date = 4/15/2005 12:46:04 PM | Attr =	]
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Modified Date = 10/31/2007 2:09:14 PM | Attr =	]
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> system32\DRIVERS\wanatw4.sys -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(XPAD910) XPADFilter Service 910 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\xpad910.sys -> Compuware Corporation [Ver = 2.00 | Size = 29405 bytes | Modified Date = 2/7/2006 9:22:34 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_SL.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 6:51:55 PM | Attr =	]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5145 | Size = 339968 bytes | Modified Date = 4/11/2005 9:00:00 AM | Attr =	]
dla -> %SystemRoot%\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122941 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr =	]
HPDJ Taskbar Utility -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe -> HP [Ver = 2.239.0.0 | Size = 188416 bytes | Modified Date = 7/25/2003 6:14:02 AM | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 1/15/2008 3:22:56 AM | Attr =	]
KernelFaultCheck ->  -> File not found
Lexmark 1200 Series -> %ProgramFiles%\Lexmark 1200 Series\lxczbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 7/12/2006 9:22:50 PM | Attr =	]
Logitech Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe -> Logitech Inc. [Ver = 2.31.522 | Size = 28160 bytes | Modified Date = 3/10/2005 11:01:10 AM | Attr =	]
LogitechCameraAssistant -> %ProgramFiles%\Logitech\Video\CameraAssistant.exe -> Logitech Inc. [Ver = 9.0.1.1070 | Size = 389120 bytes | Modified Date = 7/28/2005 11:02:32 AM | Attr =	]
LogitechCameraService(E) -> %SystemRoot%\system32\ElkCtrl.exe -> Logitech Inc. [Ver = 8.5.0.1137 | Size = 262144 bytes | Modified Date = 11/1/2004 4:22:22 PM | Attr =	]
LogitechVideo[inspector] -> %ProgramFiles%\Logitech\Video\InstallHelper.exe -> Logitech Inc. [Ver = 9.0.1.1070 | Size = 73728 bytes | Modified Date = 7/28/2005 11:09:50 AM | Attr =	]
LVCOMSX -> %SystemRoot%\system32\LVCOMSX.EXE -> Logitech Inc. [Ver = 9.0.1.1070 | Size = 221184 bytes | Modified Date = 7/28/2005 11:30:36 AM | Attr =	]
MaxtorOneTouch -> %ProgramFiles%\Maxtor\OneTouch\Utils\OneTouch.exe -> Maxtor Corporation [Ver = 3, 0, 0, 2 | Size = 823296 bytes | Modified Date = 12/22/2004 6:21:48 AM | Attr =	]
MXOBG -> %UserProfile%\Local Settings\Temp\{231F68F4-70E4-41A6-BEDA-7E7934169B54}\MXOALDR.EXE -> File not found
NDSTray.exe -> NDSTray.exe -> File not found
NeroFilterCheck -> %SystemRoot%\system32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 6:50:42 AM | Attr =	]
Notebook Maximizer -> %ProgramFiles%\Notebook Maximizer\maximizer_startup.exe -> Ingenuiti [Ver = 1.00 | Size = 40960 bytes | Modified Date = 5/4/2006 4:59:07 PM | Attr =	]
PadTouch -> %ProgramFiles%\TOSHIBA\Touch and Launch\PadExe.exe -> TOSHIBA [Ver = 1, 2, 7, 0 | Size = 1077301 bytes | Modified Date = 9/7/2004 1:03:20 PM | Attr =	]
PINGER -> %SystemDrive%\TOSHIBA\IVP\ISM\pinger.exe -> TOSHIBA Corporation [Ver = 3.7.0.0 | Size = 151552 bytes | Modified Date = 3/17/2005 4:37:26 PM | Attr =	]
postSetupCheck -> %SystemRoot%\system32\gzmrt.dll ->  [Ver = 1, 1, 0, 0 | Size = 72192 bytes | Modified Date = 1/25/2008 6:23:24 AM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4 | Size = 385024 bytes | Modified Date = 1/10/2008 3:27:36 PM | Attr =	]
RetroExpress -> %ProgramFiles%\Dantz\Retrospect Express HD\RetroExpress.exe -> Dantz Development Corporation [Ver = 1.0.196.0 | Size = 6946816 bytes | Modified Date = 7/30/2004 1:47:36 PM | Attr =	]
SmoothView -> %ProgramFiles%\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 22 | Size = 122880 bytes | Modified Date = 4/15/2005 3:51:48 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:35 AM | Attr =	]
TFncKy -> TFncKy.exe -> File not found
tgcmd -> %ProgramFiles%\support.com\bin\tgcmd.exe -> SupportSoft, Inc. [Ver = 5,6,1125,0 | Size = 1773568 bytes | Modified Date = 3/7/2007 9:58:20 AM | Attr =	]
THotkey -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\THotkey.exe -> TOSHIBA [Ver = 1.00.0003 | Size = 339968 bytes | Modified Date = 4/25/2005 8:15:18 AM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech [Ver = 2.30.04 | Size = 36864 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
NBJ -> %ProgramFiles%\Ahead\Nero BackItUp\NBJ.exe -> Ahead Software AG [Ver = 1, 2, 0, 43 | Size = 1937408 bytes | Modified Date = 2/10/2005 1:00:54 PM | Attr =	]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 4/4/2007 5:02:25 AM | Attr =	]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe -> Logitech [Ver = 2.30.04 | Size = 196608 bytes | Modified Date = 1/22/2006 8:01:20 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 2.31.546 | Size = 438272 bytes | Modified Date = 3/31/2005 3:11:38 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\RAMASST.lnk -> %SystemRoot%\system32\RAMASST.exe -> Matsubleepa Electric Industrial Co., Ltd. [Ver = 1, 1, 0, 0 | Size = 155648 bytes | Modified Date = 8/27/2004 11:37:00 PM | Attr =	]
< Willie P Startup Folder > -> C:\Documents and Settings\Willie P\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 46080 bytes | Modified Date = 4/11/2005 12:31:30 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< HOSTS File > (218806 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com/?.home=ytie -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com/?.home=ytie -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.comcast.net/toolbar2.0/search/ -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.comcast.net/toolbar2.0/search/ -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/?.home=ytie -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4098 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4103 domain(s) found. -> 
browser_skillport.com [http] -> Trusted sites -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 11, 20, 1 | Size = 878352 bytes | Modified Date = 11/20/2007 11:51:20 AM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr =	]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] -> Comcast Cable Communications.				 [Ver = 5.0.0.72 | Size = 1821184 bytes | Modified Date = 11/7/2006 11:21:58 AM | Attr =	]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan\scriptcl.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.13.3.2.126.x86 | Size = 58688 bytes | Modified Date = 1/9/2008 9:09:38 AM | Attr =	]
{9C8A568E-4201-478a-8536-526CF371D2E2} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\nsqC93.dll [ads_optimizer] ->  [Ver = 4, 5, 1, 0 | Size = 80896 bytes | Modified Date = 2/7/2008 8:49:54 AM | Attr =	]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 615, 5858 | Size = 654832 bytes | Modified Date = 8/8/2007 3:05:35 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 5/31/2007 3:09:45 AM | Attr = R  ]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] -> Comcast Cable Communications.				 [Ver = 5.0.0.72 | Size = 1821184 bytes | Modified Date = 11/7/2006 11:21:58 AM | Attr =	]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 11, 20, 1 | Size = 878352 bytes | Modified Date = 11/20/2007 11:51:20 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 5/31/2007 3:09:45 AM | Attr = R  ]
WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] -> Comcast Cable Communications.				 [Ver = 5.0.0.72 | Size = 1821184 bytes | Modified Date = 11/7/2006 11:21:58 AM | Attr =	]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 11, 20, 1 | Size = 878352 bytes | Modified Date = 11/20/2007 11:51:20 AM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:34 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Services] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Yahoo! Search ->  -> File not found
Yahoo! &Dictionary ->  -> File not found
Yahoo! &Maps ->  -> File not found
Yahoo! &SMS ->  -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
Comcast Install 1.0 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{62056CF6-A8D8-4327-822D-9BF520D67FAF} ->	(1394 Net Adapter) -> 
{8080E8E0-6F8A-4B98-8C4C-16C388A3422C} ->	(Atheros AR5005G Wireless Network Adapter) -> 
{AD73FD96-0209-4421-B2F2-6386667640F4} ->	() -> 
{B32D9C12-74DF-47FA-B2D1-9DE100D3985E} ->	(Realtek RTL8139 Family PCI Fast Ethernet NIC) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
bw+0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bw+0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bw-0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bw00:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bw00s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bw-0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bw10:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bw10s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bw20:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bw20s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bw30:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bw30s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bw40:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bw40s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bw50:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bw50s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bw60:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bw60s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bw70:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bw70s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bw80:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bw80s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bw90:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bw90s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwa0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwa0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwb0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwb0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwc0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwc0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwd0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwd0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwe0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwe0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwf0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwf0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwg0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwg0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwh0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwh0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwi0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwi0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwj0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwj0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwk0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwk0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwl0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwl0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwm0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwm0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwn0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwn0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwo0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwo0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwp0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwp0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwq0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwq0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwr0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwr0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bws0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bws0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwt0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwt0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwu0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwu0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwv0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwv0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bww0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bww0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwx0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwx0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwy0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwy0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwz0:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
bwz0s:{cd3fec9a-155f-4ab6-8bac-e27e26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
offline-8876480:{CD3FEC9A-155F-4AB6-8BAC-E27E26681440} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab[Office Genuine Advantage Validation Tool] -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll[Installation Support] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> 
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab[Reg Error: Key does not exist or could not be opened.] -> 
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 9:49:30 AM | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 6:21:15 AM | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 8:37:50 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 700 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 20778 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech [Ver = 2.30.04 | Size = 36864 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.2946 (xpsp.060706-0011) | Size = 557568 bytes | Modified Date = 7/6/2006 12:49:52 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPager.exe -> C:\Program Files\Yahoo!\Messenger\YPager.exe [C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe -> C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe [C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox] -> Yahoo! Inc. [Ver = 2.1.0.175 (Build 175) | Size = 6366712 bytes | Modified Date = 4/27/2007 11:09:46 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Google\Google Talk\googletalk.exe -> C:\Program Files\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\StubInstaller.exe -> C:\StubInstaller.exe [C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer] -> LimeWire [Ver = 1.0.0.2 | Size = 700416 bytes | Modified Date = 10/31/2005 7:56:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 9/17/2007 6:19:14 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech [Ver = 2.30.04 | Size = 36864 bytes | Modified Date = 1/22/2006 8:02:09 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 625664 bytes | Modified Date = 12/6/2007 3:01:25 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\kdx\khost.exe -> C:\WINDOWS\kdx\khost.exe [C:\WINDOWS\kdx\khost.exe:*:Enabled:Delivery Manager] -> Kontiki Inc. [Ver = 4.20.51004.0 | Size = 2260992 bytes | Modified Date = 10/4/2005 2:12:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.2946 (xpsp.060706-0011) | Size = 557568 bytes | Modified Date = 7/6/2006 12:49:52 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe -> C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe [C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine] -> TOSHIBA CORPORATION [Ver = 2, 1, 0, 23 | Size = 901120 bytes | Modified Date = 3/3/2005 1:21:06 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\ZoneLabs\vsmon.exe -> C:\WINDOWS\system32\ZoneLabs\vsmon.exe [C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Willie P\My Documents\LimeWire\LimeWire.exe -> C:\Documents and Settings\Willie P\My Documents\LimeWire\LimeWire.exe [C:\Documents and Settings\Willie P\My Documents\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Documents\LimeWire\LimeWire.exe -> C:\Documents and Settings\All Users\Documents\LimeWire\LimeWire.exe [C:\Documents and Settings\All Users\Documents\LimeWire\LimeWire.exe:*:Enabled:LimeWire] ->  [Ver =  | Size = 159744 bytes | Modified Date = 6/21/2006 6:58:33 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] ->  [Ver =  | Size = 588080 bytes | Modified Date = 11/15/2007 4:14:56 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.0.29 | Size = 19926824 bytes | Modified Date = 1/15/2008 3:22:48 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Veoh Networks\Veoh\VeohClient.exe -> C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\BitDownload\BitDownload.exe -> E:\BitDownload\BitDownload.exe [E:\BitDownload\BitDownload.exe:*:Disabled:Warez3] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitDownload\BitDownload.exe -> C:\Program Files\BitDownload\BitDownload.exe [C:\Program Files\BitDownload\BitDownload.exe:*:Disabled:Warez3] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 8:24:37 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Team17\Worms World Party\wwp.exe -> C:\Team17\Worms World Party\wwp.exe [C:\Team17\Worms World Party\wwp.exe:*:Enabled:Worms World Party] -> Team17 Software Ltd [Ver = 1, 0, 0, 0 | Size = 3104768 bytes | Modified Date = 5/14/2001 12:36:40 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> McAfee, Inc. [Ver = 1,2,108,0 | Size = 2213416 bytes | Modified Date = 3/9/2007 4:36:10 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{008D69EB-70FF-46AB-9C75-924620DF191A} -> TOSHIBA Speech System SR Engine(U.S.) Version1.0
{05832D65-6EDB-4D32-BA78-BCD0E2B91C02} -> Atheros Wireless LAN MiniPCI card Driver
{06E742E0-DF42-4685-A210-B26445939248} -> Xtreme Desktop
{0BEDBD4E-2D34-47B5-9973-57E62B29307C} -> ATI Control Panel
{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -> Sonic DLA
{12B3A009-A080-4619-9A2A-C6DB151D8D67} -> TOSHIBA Assist
{12F7033F-3B47-4C9E-AB20-2EC556C40287} -> Microsoft .NET Compact Framework 1.0 SP3
{18D10072035C4515918F7E37EAFAACFC} -> AutoUpdate
{1E04F83B-2AB9-4301-9EF7-E86307F79C72} -> Google Earth
{1E88F516-C8AA-4D17-9A54-8AB0768F34C1} -> Retrospect Express HD 1.0
{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52} -> Rhapsody Player Engine
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer
{231F68F4-70E4-41A6-BEDA-7E7934169B54} -> Maxtor OneTouch
{2DBE41DD-2129-4C65-A3D3-5647236A60F3} -> Quicken 2005
{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3} -> Logitech SetPoint
{2FCE4FC5-6930-40E7-A4F1-F862207424EF} -> InterVideo WinDVD Creator 2
{3248F0A8-6813-11D6-A77B-00B0D0150010} -> J2SE Runtime Environment 5.0 Update 1
{3248F0A8-6813-11D6-A77B-00B0D0150090} -> J2SE Runtime Environment 5.0 Update 9
{3248F0A8-6813-11D6-A77B-00B0D0150100} -> J2SE Runtime Environment 5.0 Update 10
{3248F0A8-6813-11D6-A77B-00B0D0160010} -> Java(TM) SE Runtime Environment 6 Update 1
{3248F0A8-6813-11D6-A77B-00B0D0160020} -> Java(TM) 6 Update 2
{3248F0A8-6813-11D6-A77B-00B0D0160030} -> Java(TM) 6 Update 3
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{37477865-A3F1-4772-AD43-AAFC6BCFF99F} -> MSXML 4.0 SP2 (KB927978)
{3FBF6F99-8EC6-41B4-8527-0A32241B5496} -> TOSHIBA Speech System TTS Engine(U.S.) Version1.0
{416D80BA-6F6D-4672-B7CF-F54DA2F80B44} -> Microsoft Works
{425A2BC2-AA64-4107-9C29-484245BBEA05} -> TOSHIBA Software Upgrades
{5D96E2B1-D9AC-46E0-9073-425C5F63E338} -> Touch and Launch
{64212898-097F-4F3F-AECA-6D34A7EF82DF} -> TOSHIBA Zooming Utility
{64DD71BC-3109-4C88-9AD3-D5422644B722} -> TOSHIBA Hotkey Utility
{69BE47C2-36FE-4397-8199-85D8EAE69982} -> TOSHIBA TouchPad ON/Off Utility
{6BCCFFB7-97D9-40F7-9B29-0DECE6AB56E8} -> SmartST Desktop Version 3 for iCN600 Series
{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA} -> QuickTime
{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE} -> Atheros Client Utility
{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C} -> TOSHIBA Utilities
{8ADFC4160D694100B5B8A22DE9DCABD9} -> DivX Player
{8B12BA86-ADAC-4BA6-B441-FFC591087252} -> TOSHIBA Virtual Sound
{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2} -> The Sims 2 University
{900B1197-53F5-4F46-A882-2CFFFE2EEDCB} -> Logitech Desktop Messenger
{91120409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Standard Edition 2003
{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} -> InterVideo WinDVD for TOSHIBA
{91A10409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office OneNote 2003
{94FB906A-CF42-4128-A509-D353026A607E} -> REALTEK Gigabit and Fast Ethernet NIC Driver
{9559F7CA-5E34-4237-A2D9-D856464AD727} -> Project64 1.6
{9A200E68-D5F4-4E70-910F-2871753A0E2B} -> Worms World Party
{9D765FA6-F2BC-40AF-8145-50808F9BDF4E} -> DVD-RAM Driver
{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D} -> CD/DVD Drive Acoustic Silencer
{A0EB195B-5876-48E6-879D-33D4B2102610} -> SonicStage 3.3
{A49F249F-0C91-497F-86DF-B2585E8E76B7} -> Microsoft Visual C++ 2005 Redistributable
{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6} -> TOSHIBA Controls
{AC76BA86-7AD7-1033-7B44-A81000000003} -> Adobe Reader 8.1.1
{B1DB1754-4D47-43AE-8515-D545D93B2D6D} -> Logitech QuickCam Software
{B508B3F1-A24A-32C0-B310-85786919EF28} -> Microsoft .NET Framework 2.0 Service Pack 1
{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} -> Apple Software Update
{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94} -> iTunes
{BA561482-C49D-4687-A61C-96236C1688F0} -> ArcSoft Software Suite
{BDD83DC9-BEE9-4654-A5DA-CC46C250088D} -> TOSHIBA ConfigFree
{C04E32E0-0416-434D-AFB9-6969D703A9EF} -> MSXML 4.0 SP2 (KB936181)
{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88} -> Microsoft Plus! Digital Media Edition
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
{D1696920-9794-4BBC-8A30-7A88763DE5A2} -> ABBYY FineReader 5.0 Sprint
{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4} -> Apple Mobile Device Support
{DBEA1034-5882-4A88-8033-81C4EF0CFA29} -> Google Toolbar for Internet Explorer
{DDDD0C4B-57F7-4A85-ACF0-DB3FC8F1DBB4} -> Dragon NaturallySpeaking 8
{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} -> Ad-Aware 2007
{E9ED0801-253D-4FE9-AB20-F63DEFE72547} -> SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
{E9F81423-211E-46B6-9AE0-38568BC5CF6F} ->			 
{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168} -> Yahoo! Music Jukebox
{EE033C1F-443E-41EC-A0E2-559B539A4E4D} -> TOSHIBA Speech System Applications
{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8} -> Microsoft Plus! for Windows XP
{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1} -> The Sims Complete Collection
{F45298E5-0083-426F-A668-1A2C5F04B8A0} -> FaxTools
{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA} -> OpenMG Secure Module 4.3.00
{F6C405D2-C50D-4D10-B89E-73A233A14D74} -> Toshiba Registration
{FB08F381-6533-4108-B7DD-039E11FBC27E} -> Realtek AC'97 Audio
7-Zip -> 7-Zip 4.57
ActiveXControlPad -> Microsoft ActiveX Control Pad
Adobe Acrobat 5.0 -> Adobe Acrobat 5.0
Adobe Shockwave Player -> Adobe Shockwave Player
adssite -> Browser Optimizer Adssite
All ATI Software -> ATI - Software Uninstall Utility
America Online us -> America Online (Choose which version to remove)
AOL Spyware Protection -> AOL Spyware Protection
AT&T Connection Services Software -> AT&T Connection Services Manager
ATI Display Driver -> ATI Display Driver
AviSynth -> AviSynth 2.5
cayahooantispy -> CA Yahoo! Anti-Spy (remove only)
CdaC13Ba -> Cda Product Service - shared component
comcastDD -> Desktop Doctor
ComcastHSI -> Comcast High-Speed Internet Install Wizard
ComcastToolbar -> Comcast Toolbar
DECCHECK -> Microsoft Windows XP Video Decoder Checkup Utility
Free iPod Video Converter_is1 -> Free iPod Video Converter 1.34
Game Elements GGE910 Wireless PC Control Pad -> Game Elements GGE910 Wireless PC Control Pad
Google Updater -> Google Updater
HijackThis -> HijackThis 2.0.2
hp photosmart 140 series_Driver -> hp photosmart 140 series
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
ie7 -> Windows Internet Explorer 7
InstallShield_{231F68F4-70E4-41A6-BEDA-7E7934169B54} -> Maxtor OneTouch
InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3} -> Quicken 2005
InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547} -> SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA} -> OpenMG Secure Module 4.3.00
InterActual Player -> InterActual Player
KB867282 -> Windows XP Hotfix - KB867282
KB873333 -> Windows XP Hotfix - KB873333
KB873339 -> Windows XP Hotfix - KB873339
KB884018 -> Windows XP Hotfix - KB884018
KB885250 -> Windows XP Hotfix - KB885250
KB885835 -> Windows XP Hotfix - KB885835
KB885836 -> Windows XP Hotfix - KB885836
KB885855 -> Windows XP Hotfix - KB885855
KB886185 -> Windows XP Hotfix - KB886185
KB887472 -> Windows XP Hotfix - KB887472
KB887742 -> Windows XP Hotfix - KB887742
KB888113 -> Windows XP Hotfix - KB888113
KB888302 -> Windows XP Hotfix - KB888302
KB889673 -> Windows XP Hotfix - KB889673
KB890046 -> Security Update for Windows XP (KB890046)
KB890047 -> Windows XP Hotfix - KB890047
KB890175 -> Windows XP Hotfix - KB890175
KB890859 -> Windows XP Hotfix - KB890859
KB891781 -> Windows XP Hotfix - KB891781
KB893066 -> Security Update for Windows XP (KB893066)
KB893756 -> Security Update for Windows XP (KB893756)
KB893803v2 -> Windows Installer 3.1 (KB893803)
KB894391 -> Update for Windows XP (KB894391)
KB895200 -> Hotfix for Windows XP (KB895200)
KB896358 -> Security Update for Windows XP (KB896358)
KB896422 -> Security Update for Windows XP (KB896422)
KB896423 -> Security Update for Windows XP (KB896423)
KB896424 -> Security Update for Windows XP (KB896424)
KB896428 -> Security Update for Windows XP (KB896428)
KB896688 -> Security Update for Windows XP (KB896688)
KB898461 -> Update for Windows XP (KB898461)
KB899587 -> Security Update for Windows XP (KB899587)
KB899591 -> Security Update for Windows XP (KB899591)
KB900485 -> Update for Windows XP (KB900485)
KB900725 -> Security Update for Windows XP (KB900725)
KB901017 -> Security Update for Windows XP (KB901017)
KB901190 -> Security Update for Windows XP (KB901190)
KB901214 -> Security Update for Windows XP (KB901214)
KB902344 -> Hotfix for Windows Media Format SDK (KB902344)
KB902400 -> Security Update for Windows XP (KB902400)
KB904706 -> Security Update for Windows XP (KB904706)
KB904942 -> Update for Windows XP (KB904942)
KB905414 -> Security Update for Windows XP (KB905414)
KB905749 -> Security Update for Windows XP (KB905749)
KB905915 -> Security Update for Windows XP (KB905915)
KB908519 -> Security Update for Windows XP (KB908519)
KB908531 -> Update for Windows XP (KB908531)
KB910437 -> Update for Windows XP (KB910437)
KB910998 -> Hotfix for Windows Media Format SDK (KB910998)
KB911280 -> Update for Windows XP (KB911280)
KB911562 -> Security Update for Windows XP (KB911562)
KB911564 -> Security Update for Windows Media Player (KB911564)
KB911565 -> Security Update for Windows Media Player 10 (KB911565)
KB911567 -> Security Update for Windows XP (KB911567)
KB911927 -> Security Update for Windows XP (KB911927)
KB912919 -> Security Update for Windows XP (KB912919)
KB913446 -> Security Update for Windows XP (KB913446)
KB913580 -> Security Update for Windows XP (KB913580)
KB914388 -> Security Update for Windows XP (KB914388)
KB914389 -> Security Update for Windows XP (KB914389)
KB914440 -> Hotfix for Windows XP (KB914440)
KB915865 -> Hotfix for Windows XP (KB915865)
KB916281 -> Security Update for Windows XP (KB916281)
KB916595 -> Update for Windows XP (KB916595)
KB917159 -> Security Update for Windows XP (KB917159)
KB917344 -> Security Update for Windows XP (KB917344)
KB917422 -> Security Update for Windows XP (KB917422)
KB917734_WMP10 -> Security Update for Windows Media Player 10 (KB917734)
KB917953 -> Security Update for Windows XP (KB917953)
KB918118 -> Security Update for Windows XP (KB918118)
KB918439 -> Security Update for Windows XP (KB918439)
KB918899 -> Security Update for Windows XP (KB918899)
KB919007 -> Security Update for Windows XP (KB919007)
KB920213 -> Security Update for Windows XP (KB920213)
KB920214 -> Security Update for Windows XP (KB920214)
KB920670 -> Security Update for Windows XP (KB920670)
KB920683 -> Security Update for Windows XP (KB920683)
KB920685 -> Security Update for Windows XP (KB920685)
KB920872 -> Update for Windows XP (KB920872)
KB921398 -> Security Update for Windows XP (KB921398)
KB921503 -> Security Update for Windows XP (KB921503)
KB921883 -> Security Update for Windows XP (KB921883)
KB922582 -> Update for Windows XP (KB922582)
KB922616 -> Security Update for Windows XP (KB922616)
KB922819 -> Security Update for Windows XP (KB922819)
KB923191 -> Security Update for Windows XP (KB923191)
KB923414 -> Security Update for Windows XP (KB923414)
KB923694 -> Security Update for Windows XP (KB923694)
KB923980 -> Security Update for Windows XP (KB923980)
KB924191 -> Security Update for Windows XP (KB924191)
KB924270 -> Security Update for Windows XP (KB924270)
KB924496 -> Security Update for Windows XP (KB924496)
KB924667 -> Security Update for Windows XP (KB924667)
KB925398_WMP64 -> Security Update for Windows Media Player 6.4 (KB925398)
KB925486 -> Security Update for Windows XP (KB925486)
KB925902 -> Security Update for Windows XP (KB925902)
KB926239 -> Hotfix for Windows XP (KB926239)
KB926255 -> Security Update for Windows XP (KB926255)
KB926436 -> Security Update for Windows XP (KB926436)
KB927779 -> Security Update for Windows XP (KB927779)
KB927802 -> Security Update for Windows XP (KB927802)
KB927891 -> Update for Windows XP (KB927891)
KB928090-IE7 -> Security Update for Windows Internet Explorer 7 (KB928090)
KB928255 -> Security Update for Windows XP (KB928255)
KB928843 -> Security Update for Windows XP (KB928843)
KB929123 -> Security Update for Windows XP (KB929123)
KB929338 -> Update for Windows XP (KB929338)
KB929399 -> Hotfix for Windows Media Format 11 SDK (KB929399)
KB929969 -> Security Update for Windows Internet Explorer 7 (KB929969)
KB930178 -> Security Update for Windows XP (KB930178)
KB930916 -> Update for Windows XP (KB930916)
KB931261 -> Security Update for Windows XP (KB931261)
KB931768-IE7 -> Security Update for Windows Internet Explorer 7 (KB931768)
KB931784 -> Security Update for Windows XP (KB931784)
KB931836 -> Update for Windows XP (KB931836)
KB932168 -> Security Update for Windows XP (KB932168)
KB933360 -> Update for Windows XP (KB933360)
KB933566-IE7 -> Security Update for Windows Internet Explorer 7 (KB933566)
KB933729 -> Security Update for Windows XP (KB933729)
KB935839 -> Security Update for Windows XP (KB935839)
KB935840 -> Security Update for Windows XP (KB935840)
KB936021 -> Security Update for Windows XP (KB936021)
KB936357 -> Update for Windows XP (KB936357)
KB936782_WMP11 -> Security Update for Windows Media Player 11 (KB936782)
KB937143-IE7 -> Security Update for Windows Internet Explorer 7 (KB937143)
KB938127-IE7 -> Security Update for Windows Internet Explorer 7 (KB938127)
KB938828 -> Update for Windows XP (KB938828)
KB938829 -> Security Update for Windows XP (KB938829)
KB939653-IE7 -> Security Update for Windows Internet Explorer 7 (KB939653)
KB939683 -> Hotfix for Windows Media Player 11 (KB939683)
KB941202 -> Security Update for Windows XP (KB941202)
KB941568 -> Security Update for Windows XP (KB941568)
KB941569 -> Security Update for Windows XP (KB941569)
KB941644 -> Security Update for Windows XP (KB941644)
KB942615-IE7 -> Security Update for Windows Internet Explorer 7 (KB942615)
KB942763 -> Update for Windows XP (KB942763)
KB943055 -> Security Update for Windows XP (KB943055)
KB943460 -> Security Update for Windows XP (KB943460)
KB943485 -> Security Update for Windows XP (KB943485)
KB944533-IE7 -> Security Update for Windows Internet Explorer 7 (KB944533)
KB944653 -> Security Update for Windows XP (KB944653)
KB946026 -> Security Update for Windows XP (KB946026)
KLiteCodecPack_is1 -> K-Lite Mega Codec Pack 3.5.7
Lexmark 1200 Series -> Lexmark 1200 Series
LimeWire -> LimeWire 4.14.10
M928366 -> Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1  (1033) -> Microsoft .NET Framework 1.1
Mozilla Firefox (2.0.0.12) -> Mozilla Firefox (2.0.0.12)
MSC -> McAfee SecurityCenter
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
MSNINST -> MSN
MXOFX -> USB Storage Adapter FX (MXO)
Nero - Burning Rom!UninstallKey -> Nero 6
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
Notebook_Maximizer -> Notebook Maximizer
OpenMG HotFix4.3-05-09-14-01 -> OpenMG Limited Patch 4.3-05-10-05-01
OtsTurntables -> OtsTurntables 1.00.012
Panda ActiveScan -> Panda ActiveScan
PC Diagnostic Tool -> TOSHIBA PC Diagnostic Tool
Port Magic -> Pure Networks Port Magic
Power Saver -> TOSHIBA Power Saver
PSP Video 9 -> PSP Video 9 1.74
PSPVideoExpress -> PSP Video Express(remove only)
QcDrv -> Logitech Camera Driver
sat_screensaver_30mb.scr -> sat_screensaver_30mb
ShockwaveFlash -> Adobe Flash Player 9 ActiveX
StreetPlugin -> Learn2 Player (Uninstall Only)
SynTPDeinstKey -> Synaptics Pointing Device Driver
TOSHIBA Software Modem -> TOSHIBA Software Modem
Toshiba Tbiosdrv Driver -> Toshiba Tbiosdrv Driver
TTM70 -> Talk to Me
UnixUtils for Yahoo! Widgets -> Unix Utilities for Yahoo! Widgets
ViewpointMediaPlayer -> Viewpoint Media Player
WgaNotify -> Windows Genuine Advantage Notifications (KB905474)
WIC -> Windows Imaging Component
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows Media Player -> Windows Media Player 11
WMFDist11 -> Windows Media Format 11 runtime
wmp11 -> Windows Media Player 11
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0
Yahoo! Anti-Spy -> Yahoo! Anti-Spy
Yahoo! Companion -> Yahoo! Toolbar
Yahoo! Customizations -> Yahoo! Browser Services
Yahoo! Internet Mail -> Yahoo! Mail
Yahoo! Messenger -> Yahoo! Messenger
Yahoo! Widget Engine -> Yahoo! Widgets
YMEPlugins_InTheLoop -> In The Loop
Zuma Deluxe 1.0 -> Zuma Deluxe 1.0
< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
BitTorrent -> BitTorrent
GoToMeeting -> GoToMeeting/GoToWebinar 3.0.0.198


[Files/Folders - Created Within 30 days]
C_DILLA -> %SystemDrive%\C_DILLA ->  [Folder | Created Date = 2/10/2008 11:32:28 PM | Attr =  H ]
CDAC11BA.EXE -> %SystemRoot%\System32\drivers\CDAC11BA.EXE -> C-Dilla Ltd [Ver = 4.11.050 | Size = 39936 bytes | Modified Date = 2/10/2008 11:32:22 PM | Attr =	]
CDAC15BA.SYS -> %SystemRoot%\System32\drivers\CDAC15BA.SYS ->  [Ver =  | Size = 8864 bytes | Modified Date = 2/10/2008 11:32:18 PM | Attr =	]
mfeavfk.sys -> %SystemRoot%\System32\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.108.x86 | Size = 71496 bytes | Modified Date = 6/25/2007 2:54:44 PM | Attr =	]
mfebopk.sys -> %SystemRoot%\System32\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.136.x86 | Size = 34184 bytes | Modified Date = 6/25/2007 10:57:10 AM | Attr =	]
mfehidk.sys -> %SystemRoot%\System32\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.136.x86 | Size = 171240 bytes | Modified Date = 6/25/2007 10:57:20 AM | Attr =	]
mferkdk.sys -> %SystemRoot%\System32\drivers\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.136.x86 | Size = 32008 bytes | Modified Date = 6/25/2007 10:57:24 AM | Attr =	]
mfesmfk.sys -> %SystemRoot%\System32\drivers\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.136.x86 | Size = 37480 bytes | Modified Date = 6/25/2007 10:57:28 AM | Attr =	]
Mpfp.sys -> %SystemRoot%\System32\drivers\Mpfp.sys -> McAfee, Inc. [Ver = 8.3.111.0 | Size = 109608 bytes | Modified Date = 3/2/2007 2:16:52 PM | Attr =	]
SDTHOOK.SYS -> %SystemRoot%\System32\drivers\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Modified Date = 6/5/2007 10:56:40 AM | Attr =	]
ActiveScan -> %SystemRoot%\System32\ActiveScan ->  [Folder | Created Date = 2/10/2008 10:37:11 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
adssite-remove.exe -> %SystemRoot%\System32\adssite-remove.exe ->  [Ver =  | Size = 80090 bytes | Modified Date = 2/10/2008 11:20:34 PM | Attr =	]
asuninst.exe -> %SystemRoot%\System32\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Modified Date = 8/2/2006 12:39:06 PM | Attr =	]
Config.MPF -> %SystemRoot%\System32\Config.MPF ->  [Ver =  | Size = 7088 bytes | Modified Date = 2/15/2008 7:52:57 AM | Attr =	]
gzmrt.dll -> %SystemRoot%\System32\gzmrt.dll ->  [Ver = 1, 1, 0, 0 | Size = 72192 bytes | Modified Date = 1/25/2008 6:23:24 AM | Attr =	]
Help.ico -> %SystemRoot%\System32\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 2/10/2008 10:37:20 PM | Attr =	]
nsqC93.dll -> %SystemRoot%\System32\nsqC93.dll ->  [Ver = 4, 5, 1, 0 | Size = 80896 bytes | Modified Date = 2/7/2008 8:49:54 AM | Attr =	]
pavas.ico -> %SystemRoot%\System32\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 2/10/2008 10:37:20 PM | Attr =	]
rightonadz-uninst.exe -> %SystemRoot%\System32\rightonadz-uninst.exe ->  [Ver =  | Size = 40724 bytes | Modified Date = 2/2/2008 4:48:15 PM | Attr =	]
Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 2/10/2008 10:37:21 PM | Attr =	]
ZPORT4AS.dll -> %SystemRoot%\System32\ZPORT4AS.dll ->  [Ver =  | Size = 11776 bytes | Modified Date = 3/25/2003 6:53:50 PM | Attr =	]
CdaC13BA.EXE -> %SystemRoot%\CdaC13BA.EXE ->  [Ver = 2.11.040 | Size = 30720 bytes | Modified Date = 2/10/2008 11:32:20 PM | Attr = RH ]
CdaC14BA.DLL -> %SystemRoot%\CdaC14BA.DLL ->  [Ver = 2.11.060 | Size = 112128 bytes | Modified Date = 2/10/2008 11:32:20 PM | Attr = RH ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2/5/2008 11:10:03 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2/13/2008 8:24:16 AM | Attr =  H ]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job ->  [Ver =  | Size = 346 bytes | Modified Date = 2/5/2008 12:08:27 PM | Attr =	]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job ->  [Ver =  | Size = 338 bytes | Modified Date = 2/5/2008 12:08:25 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Created Date = 2/5/2008 2:30:11 AM | Attr =	]
McAfee -> %AllUsersProfile%\Application Data\McAfee ->  [Folder | Created Date = 2/5/2008 12:00:24 PM | Attr =	]
2008-02-12 18.58 ChatLog.rtf -> %UserProfile%\My Documents\2008-02-12 18.58 ChatLog.rtf ->  [Ver =  | Size = 545 bytes | Modified Date = 2/12/2008 6:58:05 PM | Attr =	]
backups -> %UserProfile%\My Documents\backups ->  [Folder | Created Date = 2/4/2008 11:54:42 AM | Attr =	]
Board_Study_Guide_5_3.pdf -> %UserProfile%\My Documents\Board_Study_Guide_5_3.pdf ->  [Ver =  | Size = 1527208 bytes | Modified Date = 11/20/2007 4:13:34 PM | Attr =	]
Fonts (unzipped) -> %UserProfile%\My Documents\Fonts (unzipped) ->  [Folder | Created Date = 1/28/2008 5:06:42 AM | Attr =	]
Fonts (zipped) -> %UserProfile%\My Documents\Fonts (zipped) ->  [Folder | Created Date = 1/27/2008 8:28:31 PM | Attr =	]
Form W-4 (2008).pdf -> %UserProfile%\My Documents\Form W-4 (2008).pdf ->  [Ver =  | Size = 237721 bytes | Modified Date = 2/11/2008 9:15:47 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1798 bytes | Modified Date = 2/5/2008 2:30:24 AM | Attr =	]
backups -> %UserProfile%\Desktop\backups ->  [Folder | Created Date = 2/4/2008 12:03:35 PM | Attr =	]
g2m_download.exe -> %UserProfile%\Desktop\g2m_download.exe -> Citrix Online, a division of Citrix Systems, Inc. [Ver = 3.0 Build 198 | Size = 94808 bytes | Modified Date = 2/12/2008 6:04:31 PM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1625 bytes | Modified Date = 2/5/2008 3:58:09 AM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 2/13/2008 10:22:03 PM | Attr =	]
McAfee -> %CommonProgramFiles%\McAfee ->  [Folder | Created Date = 2/5/2008 12:07:48 PM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 2/5/2008 2:29:04 AM | Attr =	]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2/9/2008 11:59:59 AM | Attr =  HS]
C_DILLA -> %SystemDrive%\C_DILLA ->  [Folder | Modified Date = 2/10/2008 11:32:28 PM | Attr =  H ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1004851200 bytes | Modified Date = 2/13/2008 8:22:55 AM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/12/2008 6:04:19 PM | Attr =	]
temp -> %SystemDrive%\temp ->  [Folder | Modified Date = 1/21/2008 6:56:54 PM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/13/2008 8:26:16 AM | Attr =	]
CDAC11BA.EXE -> %SystemRoot%\System32\drivers\CDAC11BA.EXE -> C-Dilla Ltd [Ver = 4.11.050 | Size = 39936 bytes | Modified Date = 2/10/2008 11:32:22 PM | Attr =	]
CDAC15BA.SYS -> %SystemRoot%\System32\drivers\CDAC15BA.SYS ->  [Ver =  | Size = 8864 bytes | Modified Date = 2/10/2008 11:32:18 PM | Attr =	]
lvuvc.hs -> %SystemRoot%\System32\drivers\lvuvc.hs ->  [Ver =  | Size = 0 bytes | Modified Date = 2/13/2008 8:22:15 AM | Attr =	]
ActiveScan -> %SystemRoot%\System32\ActiveScan ->  [Folder | Modified Date = 2/10/2008 11:20:46 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
adssite-remove.exe -> %SystemRoot%\System32\adssite-remove.exe ->  [Ver =  | Size = 80090 bytes | Modified Date = 2/10/2008 11:20:34 PM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 2/13/2008 8:26:05 AM | Attr =	]
Config.MPF -> %SystemRoot%\System32\Config.MPF ->  [Ver =  | Size = 7088 bytes | Modified Date = 2/15/2008 7:52:57 AM | Attr =	]
dla -> %SystemRoot%\System32\dla ->  [Folder | Modified Date = 2/10/2008 10:53:11 PM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/13/2008 8:16:21 AM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 2/13/2008 8:16:21 AM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 179448 bytes | Modified Date = 2/5/2008 4:24:03 AM | Attr =	]
FxsTmp -> %SystemRoot%\System32\FxsTmp ->  [Folder | Modified Date = 2/10/2008 10:00:18 PM | Attr =	]
gzmrt.dll -> %SystemRoot%\System32\gzmrt.dll ->  [Ver = 1, 1, 0, 0 | Size = 72192 bytes | Modified Date = 1/25/2008 6:23:24 AM | Attr =	]
Help.ico -> %SystemRoot%\System32\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 2/10/2008 10:37:20 PM | Attr =	]
nsqC93.dll -> %SystemRoot%\System32\nsqC93.dll ->  [Ver = 4, 5, 1, 0 | Size = 80896 bytes | Modified Date = 2/7/2008 8:49:54 AM | Attr =	]
pavas.ico -> %SystemRoot%\System32\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 2/10/2008 10:37:20 PM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 65446 bytes | Modified Date = 1/22/2008 6:14:16 PM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 411142 bytes | Modified Date = 1/22/2008 6:14:16 PM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 463840 bytes | Modified Date = 1/22/2008 6:14:15 PM | Attr =	]
rightonadz-uninst.exe -> %SystemRoot%\System32\rightonadz-uninst.exe ->  [Ver =  | Size = 40724 bytes | Modified Date = 2/2/2008 4:48:15 PM | Attr =	]
Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 2/10/2008 10:37:21 PM | Attr =	]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 2/10/2008 10:58:55 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 2/5/2008 11:11:05 AM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/13/2008 2:56:16 AM | Attr =  H ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 2/10/2008 11:00:03 PM | Attr =	]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 1/22/2008 6:29:54 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/13/2008 8:23:05 AM | Attr =   S]
CdaC13BA.EXE -> %SystemRoot%\CdaC13BA.EXE ->  [Ver = 2.11.040 | Size = 30720 bytes | Modified Date = 2/10/2008 11:32:20 PM | Attr = RH ]
CdaC14BA.DLL -> %SystemRoot%\CdaC14BA.DLL ->  [Ver = 2.11.060 | Size = 112128 bytes | Modified Date = 2/10/2008 11:32:20 PM | Attr = RH ]
dellstat.ini -> %SystemRoot%\dellstat.ini ->  [Ver =  | Size = 108 bytes | Modified Date = 2/10/2008 11:14:30 AM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2/10/2008 10:49:18 PM | Attr =   S]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 2/3/2008 2:05:04 AM | Attr = R S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 1/28/2008 5:00:06 AM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/13/2008 8:16:14 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/13/2008 8:16:23 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/9/2008 11:59:59 AM | Attr =  HS]
lexstat.ini -> %SystemRoot%\lexstat.ini ->  [Ver =  | Size = 335 bytes | Modified Date = 2/11/2008 9:19:09 PM | Attr =	]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 1/22/2008 6:29:57 PM | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 116 bytes | Modified Date = 2/12/2008 8:13:39 AM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/15/2008 8:48:50 AM | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2/5/2008 11:10:03 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2/13/2008 8:24:16 AM | Attr =  H ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 2/13/2008 8:22:53 AM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2/5/2008 12:08:26 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/15/2008 9:05:12 AM | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 936 bytes | Modified Date = 2/10/2008 10:48:06 PM | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 1/22/2008 6:14:01 PM | Attr =	]
AD066E64994E0F1C.job -> %SystemRoot%\tasks\AD066E64994E0F1C.job ->  [Ver =  | Size = 272 bytes | Modified Date = 2/15/2008 9:00:01 AM | Attr =  H ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 2/7/2008 12:27:06 PM | Attr =	]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job ->  [Ver =  | Size = 346 bytes | Modified Date = 2/5/2008 12:08:27 PM | Attr =	]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job ->  [Ver =  | Size = 338 bytes | Modified Date = 2/5/2008 12:08:25 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/13/2008 8:23:25 AM | Attr =  H ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 1307 bytes | Modified Date = 1/8/2006 9:55:57 AM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 2/13/2008 2:56:40 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4617 bytes | Modified Date = 2/13/2008 2:56:40 AM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11160 bytes | Modified Date = 2/2/2006 10:13:51 AM | Attr =	]
data.data -> C:\Documents and Settings\All Users\Application Data\Microsoft\Plus! Digital Media Edition\data\data.dat ->  [Ver =  | Size = 2524 bytes | Modified Date = 2/3/2007 8:32:51 AM | Attr =	]
CalMRU.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\CalMRU.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 11/26/2006 2:26:51 AM | Attr =	]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/26/2006 11:40:26 AM | Attr =	]
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat ->  [Ver =  | Size = 162451 bytes | Modified Date = 1/26/2006 11:46:39 AM | Attr =	]
aupd.exe -> C:\Documents and Settings\Willie P\Local Settings\Temp\aupd.exe ->  [Ver =  | Size = 0 bytes | Modified Date = 2/15/2008 8:46:27 AM | Attr =	]
rtdrvmon.exe -> C:\Documents and Settings\Willie P\Local Settings\Temp\rtdrvmon.exe -> Realtek [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 2/15/2008 9:21:36 AM | Attr =	]
20 C:\Documents and Settings\Willie P\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Willie P\Local Settings\Temp\*.tmp -> 
IadHide5.dll -> C:\Documents and Settings\Willie P\Local Settings\Temp\IadHide5.dll -> BackWeb [Ver = Version 7.2.0 (Build 157R) | Size = 24613 bytes | Modified Date = 1/22/2006 8:01:20 PM | Attr =	]
jjbqlsyrUSER.dll -> C:\Documents and Settings\Willie P\Local Settings\Temp\jjbqlsyrUSER.dll ->  [Ver =  | Size = 53248 bytes | Modified Date = 2/15/2008 8:45:12 AM | Attr =	]
20 C:\Documents and Settings\Willie P\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Willie P\Local Settings\Temp\*.tmp -> 
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Google Updater -> %AllUsersProfile%\Application Data\Google Updater ->  [Folder | Modified Date = 2/14/2008 6:36:25 PM | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 2/5/2008 2:31:25 AM | Attr =	]
McAfee -> %AllUsersProfile%\Application Data\McAfee ->  [Folder | Modified Date = 2/5/2008 12:13:39 PM | Attr =	]
RetroExp -> %AllUsersProfile%\Application Data\RetroExp ->  [Folder | Modified Date = 2/13/2008 8:39:02 AM | Attr =	]
ComcastToolbar -> %AppData%\ComcastToolbar ->  [Folder | Modified Date = 2/10/2008 11:15:00 PM | Attr =	]
LimeWire -> %AppData%\LimeWire ->  [Folder | Modified Date = 2/2/2008 4:44:20 PM | Attr =	]
Microsoft -> %AppData%\Microsoft ->  [Folder | Modified Date = 1/21/2008 8:49:56 AM | Attr =   S]
Real -> %AppData%\Real ->  [Folder | Modified Date = 2/5/2008 3:37:03 PM | Attr =	]
wklnhst.dat -> %AppData%\wklnhst.dat ->  [Ver =  | Size = 1414 bytes | Modified Date = 2/3/2008 2:52:02 AM | Attr =	]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory ->  [Folder | Modified Date = 2/13/2008 8:27:38 AM | Attr =	]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 49008 bytes | Modified Date = 2/5/2008 4:29:26 AM | Attr =	]
2008-02-12 18.58 ChatLog.rtf -> %UserProfile%\My Documents\2008-02-12 18.58 ChatLog.rtf ->  [Ver =  | Size = 545 bytes | Modified Date = 2/12/2008 6:58:05 PM | Attr =	]
backups -> %UserProfile%\My Documents\backups ->  [Folder | Modified Date = 2/4/2008 11:56:03 AM | Attr =	]
Downloads -> %UserProfile%\My Documents\Downloads ->  [Folder | Modified Date = 2/4/2008 10:17:47 AM | Attr =	]
FamilyGuy_XtremeDesktop_Setup -> %UserProfile%\My Documents\FamilyGuy_XtremeDesktop_Setup ->  [Folder | Modified Date = 1/27/2008 10:00:49 PM | Attr =	]
Fonts (unzipped) -> %UserProfile%\My Documents\Fonts (unzipped) ->  [Folder | Modified Date = 2/1/2008 9:26:15 PM | Attr =	]
Fonts (zipped) -> %UserProfile%\My Documents\Fonts (zipped) ->  [Folder | Modified Date = 1/27/2008 9:13:32 PM | Attr =	]
Form W-4 (2008).pdf -> %UserProfile%\My Documents\Form W-4 (2008).pdf ->  [Ver =  | Size = 237721 bytes | Modified Date = 2/11/2008 9:15:47 PM | Attr =	]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 1/21/2008 6:56:54 PM | Attr = R  ]
Recipes -> %UserProfile%\My Documents\Recipes ->  [Folder | Modified Date = 2/3/2008 1:00:39 AM | Attr = R  ]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1798 bytes | Modified Date = 2/5/2008 2:30:24 AM | Attr =	]
iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk ->  [Ver =  | Size = 2137 bytes | Modified Date = 2/7/2008 7:56:28 AM | Attr =	]
backups -> %UserProfile%\Desktop\backups ->  [Folder | Modified Date = 2/4/2008 12:18:26 PM | Attr =	]
g2m_download.exe -> %UserProfile%\Desktop\g2m_download.exe -> Citrix Online, a division of Citrix Systems, Inc. [Ver = 3.0 Build 198 | Size = 94808 bytes | Modified Date = 2/12/2008 6:04:31 PM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1625 bytes | Modified Date = 2/5/2008 3:58:09 AM | Attr =	]
Unused Desktop Shortcuts -> %UserProfile%\Desktop\Unused Desktop Shortcuts ->  [Folder | Modified Date = 1/16/2008 11:00:11 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 2/15/2008 8:49:52 AM | Attr =	]
McAfee -> %CommonProgramFiles%\McAfee ->  [Folder | Modified Date = 2/5/2008 12:11:28 PM | Attr =	]
Real -> %CommonProgramFiles%\Real ->  [Folder | Modified Date = 2/5/2008 3:38:02 PM | Attr =	]
Scanner -> %CommonProgramFiles%\Scanner ->  [Folder | Modified Date = 2/2/2008 4:53:46 PM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2/5/2008 2:29:04 AM | Attr =	]

< End of report >

Edited by pioneer_1973, 15 February 2008 - 12:31 PM.


#4 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:12:17 AM

Posted 16 February 2008 - 04:44 AM

Hi,

Please go to add/remove programs and uninstall the following:

Browser Optimizer Adssite
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2

Once done that --

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> postSetupCheck -> %SystemRoot%\system32\gzmrt.dll
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
YN -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
YN -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
YN -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: Main\\Search Page -> http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
YN -> HKEY_CURRENT_USER\: SearchURL\\ -> http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 32 domain(s) and sub-domain(s) not assigned to a zone. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 33 domain(s) and sub-domain(s) not assigned to a zone. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {9C8A568E-4201-478a-8536-526CF371D2E2} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\nsqC93.dll [ads_optimizer]
[Files/Folders - Created Within 30 days]
NY -> adssite-remove.exe -> %SystemRoot%\System32\adssite-remove.exe
NY -> gzmrt.dll -> %SystemRoot%\System32\gzmrt.dll
NY -> nsqC93.dll -> %SystemRoot%\System32\nsqC93.dll
NY -> rightonadz-uninst.exe -> %SystemRoot%\System32\rightonadz-uninst.exe
[Files/Folders - Modified Within 30 days]
NY -> adssite-remove.exe -> %SystemRoot%\System32\adssite-remove.exe
NY -> gzmrt.dll -> %SystemRoot%\System32\gzmrt.dll
NY -> nsqC93.dll -> %SystemRoot%\System32\nsqC93.dll
NY -> rightonadz-uninst.exe -> %SystemRoot%\System32\rightonadz-uninst.exe
NY -> AD066E64994E0F1C.job -> %SystemRoot%\tasks\AD066E64994E0F1C.job
NY -> aupd.exe -> C:\Documents and Settings\Willie P\Local Settings\Temp\aupd.exe
NY -> 20 C:\Documents and Settings\Willie P\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Willie P\Local Settings\Temp\*.tmp
[Empty Temp Folders]
[Reboot]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

If you need to reboot, the log file will be placed in the MovedFiles folder in the folder that WinPFind35 is running from. It will have a .log extension and a name in the format of mmddyyyy_hhmmss.log. Once you reboot, locate that file, open it with Notepad (not Write or any other text program) and post the contents back here.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#5 pioneer_1973

pioneer_1973
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 16 February 2008 - 09:56 AM

All done Mr. Blender, here are the files you requested, I hope you have some good news for me. :thumbsup:

[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\postSetupCheck deleted successfully.
C:\WINDOWS\system32\gzmrt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL\\'' updated successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL\\provider not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A568E-4201-478a-8536-526CF371D2E2}\ deleted successfully.
C:\WINDOWS\system32\nsqC93.dll moved successfully.
[Files/Folders - Created Within 30 days]
File C:\WINDOWS\System32\adssite-remove.exe not found!
File C:\WINDOWS\System32\gzmrt.dll not found!
File C:\WINDOWS\System32\nsqC93.dll not found!
C:\WINDOWS\System32\rightonadz-uninst.exe moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\adssite-remove.exe not found!
File C:\WINDOWS\System32\gzmrt.dll not found!
File C:\WINDOWS\System32\nsqC93.dll not found!
File C:\WINDOWS\System32\rightonadz-uninst.exe not found!
C:\WINDOWS\tasks\AD066E64994E0F1C.job moved successfully.
C:\Documents and Settings\Willie P\Local Settings\Temp\aupd.exe moved successfully.
File delete failed. C:\Documents and Settings\Willie P\Local Settings\Temp\~DFB4FE.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Willie P\Local Settings\Temp\~DFB548.tmp scheduled to be deleted on reboot.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Willie P\Local Settings\Temp\IadHide5.dll scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Willie P\Local Settings\Temp\Perflib_Perfdata_140c.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Willie P\Local Settings\Temp\~DFB4FE.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Willie P\Local Settings\Temp\~DFB548.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_02iGRHzCv9ZnP1B scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_CKf9pAxeyeMnPSr scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_gHJ0rLhw6r8UyAA scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_HnI35ZSCTXh8ePk scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_HrwP2H7oZ6ulD0P scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_ISMPXacPSseHsll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_RBfLN7pbIGiOQ91 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_a18.dat scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
< End of fix log >
WinPFind35U Version Beta51 fix logfile created on 02162008_063252

#6 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:12:17 AM

Posted 16 February 2008 - 03:08 PM

Hi,

Looks like the fix did what I wanted. :blink:
How is the computer acting now?

I'd like to do an online scan please.

Using Internet Explorer please do an online scan with Kaspersky Online Scanner

Click on Kaspersky Online Scanner

Click "I accept"

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save report button.
  • Call it Kaspersky.txt
  • Expand the arrow beside "file types" and save as .txt file.
    http://i266.photobucket.com/albums/ii277/s...Kas-Savetxt.gif
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

*Note2
If you have Internet Explorer 7 installed:
If you have trouble getting past the initial download you may need to use the "zoom" tool at bottom right of the scanner window and increase it to 125% to see and press the "accept" button.
Page will reload and you should be able to carry on scan.

Please also post fresh hijackthis log.
make sure wordwrap is unchecked please before you copy/paste the log.

Don't be alarmed if Kaspersky finds stuff in system restore or _Moved files folder. We'll clean that up when we are done.
None of which can hurt you at the moment.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#7 pioneer_1973

pioneer_1973
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 18 February 2008 - 12:22 AM

This is the report for Blender, you said to start a new topic. Hope you have some good news for me.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT


Sunday, February 17, 2008 9:16:02 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/02/2008
Kaspersky Anti-Virus database records: 570276
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 123312
Number of viruses found: 2
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 02:27:33

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{719680E3-0E6A-4366-B510-9EBD4E6F013F}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{E854E440-3C2D-45A1-89FD-2A741DBE7682}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFRB.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\RetroExp\config10.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\RetroExp\operations_log.utx Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Willie P\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Willie P\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Willie P\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Willie P\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Willie P\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Willie P\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Willie P\Local Settings\History\History.IE5\MSHist012008021720080218\index.dat Object is locked skipped
C:\Documents and Settings\Willie P\Local Settings\Temp\Perflib_Perfdata_5e4.dat Object is locked skipped
C:\Documents and Settings\Willie P\Local Settings\Temp\~DF28EC.tmp Object is locked skipped
C:\Documents and Settings\Willie P\Local Settings\Temp\~DF2932.tmp Object is locked skipped
C:\Documents and Settings\Willie P\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Willie P\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Willie P\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Willie P\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Willie P\Data\BWDocMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Willie P\Data\BWInfopakMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Willie P\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Willie P\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Willie P\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Willie P\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Willie P\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Willie P\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Willie P\Data\L0000018.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Willie P\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Willie P\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Willie P\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Willie P\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Willie P\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Willie P\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Willie P\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Willie P\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Willie P\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Willie P\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Willie P\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Willie P\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Willie P\Data\storydb.idx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP116\A0023099.dll Infected: not-a-virus:AdWare.Win32.Agent.zm skipped
C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP126\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9A52B061-DA23-47C6-92CF-9B6063796B67}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_Ht8Jc4iDfgdlcik Object is locked skipped
C:\WINDOWS\Temp\mcafee_moY2aObGI2vBaIr Object is locked skipped
C:\WINDOWS\Temp\mcmsc_3QrnL4BTWtfmCkG Object is locked skipped
C:\WINDOWS\Temp\mcmsc_ljPcvPUkFU6W6ue Object is locked skipped
C:\WINDOWS\Temp\mcmsc_nNHsshgg8BwYuHl Object is locked skipped
C:\WINDOWS\Temp\mcmsc_QuAmiMWcvdmvaRr Object is locked skipped
C:\WINDOWS\Temp\mcmsc_VQyv79u0pPXj9rt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\LimeWire Downloads\06 Track 6.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


Mod Edit:Topics merged for continuity ~TMacK

Edited by TMacK, 18 February 2008 - 12:34 AM.


#8 pioneer_1973

pioneer_1973
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 19 February 2008 - 11:46 PM

I got another pop up today. This time from something called "AdSite". It came when I used my FireFox. I saw it once before but was hoping it was from the site I was on, but unfortanely not. But it showed "this site can not be displayed" instead of where ever it was tring to get to. Never the less it in my computer somewhere I believe. What does my log from Kapersky show?

#9 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:12:17 AM

Posted 20 February 2008 - 02:42 AM

Hi,

Sorry for delay.
Not sure how I gave message to start new topic -- Let's stay in this one please. :blink:

Kaspersky log looks pretty good.
Couple items in system restore which we'll fix later.

This file -- you need to delete:

E:\LimeWire Downloads\06 Track 6.wma

----------------------

FF popups --

Open Firefox
click "tools" then "add-ons"
Extensions should be hilighted.
There should be one there called "adsite", "adpops" or similar.
Hilight it and choose "Uninstall"

Let me know if that helps or not.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#10 pioneer_1973

pioneer_1973
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 20 February 2008 - 08:54 PM

I got confused when you said to post another HijackThis log, I thought you meant start a new topic :thumbsup: Anyway here's the new log. Also there was no "Ad-...." anything under FireFox add-ons. I have Ad-Blocker which prevents pop ups from showing on the site you are viewing, but that's it. Hopefully it was in the 'Track 06' you told me to delete. Here's the log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:28 PM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsd6FDB.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [PINGER] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [MXOBG] C:\Documents and Settings\Willie P\Local Settings\Temp\{231F68F4-70E4-41A6-BEDA-7E7934169B54}\MXOALDR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://browser.skillport.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O18 - Protocol: bw+0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 25228 bytes

#11 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:12:17 AM

Posted 20 February 2008 - 11:13 PM

Hi,

Thanks for the log.
I see the popup maker now :blink:

Start Hijackthis
Run system scan and check:

O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsd6FDB.dll
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe


Close all open windows and click "fix checked"
Say OK and reboot.

Post fresh hijackthis log please.
Let me know if the popups quit.

Thanks :thumbsup:

Note:
The last 2 items I have you fixing are not malicious. (so don't delete files) Rather just an annoying program bundled with logitech products that give you periodic messages about deals, and all this (what they think is) great stuff to buy.
You can visit the site if you wanna shop logitech.
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#12 pioneer_1973

pioneer_1973
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 22 February 2008 - 03:46 AM

No more pop ups thus far! Here's the latest log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:05 AM, on 2/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Trend Micro\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [PINGER] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [MXOBG] C:\Documents and Settings\Willie P\Local Settings\Temp\{231F68F4-70E4-41A6-BEDA-7E7934169B54}\MXOALDR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://browser.skillport.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O18 - Protocol: bw+0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 24827 bytes

#13 pioneer_1973

pioneer_1973
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 24 February 2008 - 10:20 PM

I've been sick the past few days, so I haven't been on the computer. But I got on today and got another pop up. It said "Ads by Adsite" on the window's name (at least the "CiD" ones appear to be gone), think you can get rid of it?

#14 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:12:17 AM

Posted 29 February 2008 - 04:32 AM

Hi,

Sorry for delay. Hope you are feeling better.
My internet has been sick the last few days. :blink:

Can you post me a fresh hijackthis log please? I'd like to see if that ad-site toolbar is back.

Is this popup occurring in IE or Firefox or both?

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#15 pioneer_1973

pioneer_1973
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 02 March 2008 - 12:47 AM

It has happened on both IE anf FireFox, but when it happens on FireFox, FireFox doesn't allow it to display for some reason. Here's another Log freshly made (don't you just love that new log smell?). Noticed a BHO that says something about "ad optimizer", could that be the problem? Take a look...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:16 PM, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Trend Micro\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsi24E.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [PINGER] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [MXOBG] C:\Documents and Settings\Willie P\Local Settings\Temp\{231F68F4-70E4-41A6-BEDA-7E7934169B54}\MXOALDR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://browser.skillport.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O18 - Protocol: bw+0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CD3FEC9A-155F-4AB6-8BAC-E27E26681440} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 25109 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users