Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow computer possible trojans


  • This topic is locked This topic is locked
22 replies to this topic

#1 stjohn

stjohn

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport
  • Local time:01:09 PM

Posted 22 October 2008 - 02:15 PM

I think I may be very infected as I have been having problems with freezing and crashing. I have used peer to peer programmes such as Limewire in the past but have been warned against it and have removed these and ceased using them and trying to clean up my system. I am fairly certain these created the problem. I hope you can help me and if so, I promise never to use them again!!!! :thumbsup:
I have prepared a Hijackthis log and Adaware, Spybot Search and Destroy, Malwarebytes and Avira logs. I have also used ATF cleaner.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:35:31 PM, on 10/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
E:\Winamp\winampa.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\ConAppM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F6722A2-51A8-4FFE-8545-E9CED16EF22B}: NameServer = 10.206.65.68 10.206.65.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F6722A2-51A8-4FFE-8545-E9CED16EF22B}: NameServer = 10.206.65.68 10.206.65.68
O18 - Protocol: bw+0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: nielvp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 21954 bytes

BC AdBot (Login to Remove)

 


#2 stjohn

stjohn
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport
  • Local time:01:09 PM

Posted 22 October 2008 - 02:23 PM

This is the Adaware log.

SUMMARY OF SCAN

AD-AWARE

Ad-Aware Build
Log File Created on: 2008-10-21 13:32:27
Using Definitions File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\core.aawdef
Computer name: BADCARDZ-7E7BD3
Name of user performing scan: SYSTEM

System information
===========================
Number of processors: 1
Processor type: AMD Duron™ Processor
Memory Available: 35%
Total Physical Memory: 536330240 Bytes
Available Physical Memory: 186994688 Bytes
Total Page File Size: 1310986240 Bytes
Available On Page File: 524836864 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 20123648 Bytes
OS: Microsoft Windows XP Service Pack 3 (Build 2600)

Ad-Aware Settings
===========================
Safe Mode enabled (deletes has to be confirmed)
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 0


Extended Ad-Aware Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Unloading Explorer if necessary during removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Create and save WebUpdate log file

Databaseinfo
===========================
Version number: 132
Build Number: 0
Build Date and Time: 2008/10/20 12:17:44

Scan Statistics
===========================
Method: Full
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: Off

Item Scanned: 180274
Infections Detected: 1
Infections Ignored: 0

Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 0 0
Registry PE Scan: 0 0
Hosts File Scan.: 0 0
File Scan.......: 0 0
Folder Scan.....: 0 0
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 0 0
File Hash Scan..: 0 0

Infections Found
===========================
Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0
Item Id: 1 Value: MRU Path: C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Recent Count: 6

Items Ignored During Scan
===========================


Listing of running processes
===========================
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe

c:\windows\system32\ntdll.dll

C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\csrsrv.dll

c:\windows\system32\basesrv.dll

c:\windows\system32\winsrv.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\sxs.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\authz.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\nddeapi.dll

c:\windows\system32\profmap.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\regapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\version.dll

c:\windows\system32\winsta.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msgina.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\ole32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\winscard.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\winmm.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\dimsntfy.dll

c:\windows\system32\wlnotify.dll

c:\windows\system32\mpr.dll

c:\windows\system32\winspool.drv

c:\windows\system32\rsaenh.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\sxs.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\cscui.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\msacm32.dll

c:\windows\system32\midimap.dll

c:\windows\system32\comres.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\wbem\wbemprox.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\scesrv.dll

c:\windows\system32\authz.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\umpnpmgr.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acadproc.dll

c:\windows\system32\imm32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\version.dll

c:\windows\system32\eventlog.dll

c:\windows\system32\psapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wtsapi32.dll

C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\lsasrv.dll

c:\windows\system32\mpr.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\samsrv.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msprivs.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\netlogon.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\schannel.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\wdigest.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\nwprovau.dll

c:\windows\system32\scecli.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\ipsecsvc.dll

c:\windows\system32\authz.dll

c:\windows\system32\oakley.dll

c:\windows\system32\winipsec.dll

c:\windows\system32\bmnet.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\pstorsvc.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\psbase.dll

c:\windows\system32\dssenh.dll

c:\windows\system32\cryptnet.dll

c:\windows\system32\psapi.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\xpsp2res.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\samlib.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\termsrv.dll

c:\windows\system32\icaapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\mstlsapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\atl.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\regapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\msi.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\bmnet.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\wshisn.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msi.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\samlib.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\wzcsvc.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\wmi.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\eapolqec.dll

c:\windows\system32\atl.dll

c:\windows\system32\qutil.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\dot3api.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\esent.dll

c:\windows\system32\cryptsvc.dll

c:\windows\system32\certcli.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\rastls.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\schannel.dll

c:\windows\system32\winscard.dll

c:\windows\system32\psapi.dll

c:\windows\system32\raschap.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\schedsvc.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\msidle.dll

c:\windows\system32\audiosrv.dll

c:\windows\system32\wkssvc.dll

c:\windows\system32\nwwks.dll

c:\windows\system32\nwprovau.dll

c:\windows\system32\mpr.dll

c:\windows\system32\nwapi32.dll

c:\windows\system32\qmgr.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\bmnet.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dmserver.dll

c:\windows\system32\netman.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\dot3dlg.dll

c:\windows\system32\onex.dll

c:\windows\system32\eappcfg.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\wzcsapi.dll

c:\windows\system32\ersvc.dll

c:\windows\system32\es.dll

c:\windows\pchealth\helpctr\binaries\pchsvc.dll

c:\windows\system32\srvsvc.dll

c:\windows\system32\seclogon.dll

c:\windows\system32\sens.dll

c:\windows\system32\srsvc.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\trkwks.dll

c:\windows\system32\sxs.dll

c:\windows\system32\w32time.dll

c:\windows\system32\wbem\wmisvc.dll

c:\windows\system32\vssapi.dll

c:\windows\system32\browser.dll

c:\windows\system32\upnp.dll

c:\windows\system32\ssdpapi.dll

c:\windows\system32\ipnathlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\wscsvc.dll

c:\windows\system32\msi.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\wbem\wbemcore.dll

c:\windows\system32\wbem\esscli.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\comsvcs.dll

c:\windows\system32\colbact.dll

c:\windows\system32\mtxclu.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\clusapi.dll

c:\windows\system32\resutils.dll

c:\windows\system32\wbem\wmiutils.dll

c:\windows\system32\wbem\repdrvfs.dll

c:\windows\system32\wbem\wmiprvsd.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\wbem\wbemess.dll

c:\windows\system32\wbem\ncprov.dll

c:\windows\system32\netcfgx.dll

c:\windows\system32\rasmans.dll

c:\windows\system32\winipsec.dll

c:\windows\system32\tapisrv.dll

c:\windows\system32\rastapi.dll

c:\windows\system32\unimdm.tsp

c:\windows\system32\uniplat.dll

c:\windows\system32\unimdmat.dll

c:\windows\system32\modemui.dll

c:\windows\system32\kmddsp.tsp

c:\windows\system32\ndptsp.tsp

c:\windows\system32\ipconf.tsp

c:\windows\system32\h323.tsp

c:\windows\system32\hidphone.tsp

c:\windows\system32\hid.dll

c:\windows\system32\rasppp.dll

c:\windows\system32\ntlsapi.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\rasqec.dll

c:\windows\system32\ipxwan.dll

c:\windows\system32\adptif.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\rasdlg.dll

c:\windows\system32\wuauserv.dll

c:\windows\system32\wuaueng.dll

c:\windows\system32\winspool.drv

c:\windows\system32\cabinet.dll

c:\windows\system32\mspatcha.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\msxml3.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\dssenh.dll

c:\windows\system32\winrnr.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\advpack.dll

c:\windows\system32\wups.dll

c:\windows\system32\wups2.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\dnsrslvr.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\bmnet.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\samlib.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\lmhsvc.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\webclnt.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\regsvc.dll

c:\windows\system32\ssdpsrv.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\bmnet.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\wshtcpip.dll

C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
c:\program files\lavasoft\ad-aware\aawservice.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\program files\lavasoft\ad-aware\ceapi.dll

c:\windows\system32\wininet.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\program files\lavasoft\ad-aware\pkarchive85u.dll

c:\windows\system32\shell32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\version.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\mlang.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\bmnet.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
c:\windows\system32\spoolsv.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\spoolss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\localspl.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\winspool.drv

c:\windows\system32\netapi32.dll

c:\windows\system32\cnbjmon.dll

c:\windows\system32\cnmlm8s.dll

c:\windows\system32\psapi.dll

c:\windows\system32\pjlmon.dll

c:\windows\system32\tcpmon.dll

c:\windows\system32\usbmon.dll

c:\windows\system32\spool\prtprocs\w32x86\cnmpd8s.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\nwprovau.dll

c:\windows\system32\mpr.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\win32spl.dll

c:\windows\system32\netrap.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\inetpp.dll

c:\windows\system32\xpsp2res.dll

C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
c:\program files\avira\antivir personaledition classic\sched.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\version.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\program files\avira\antivir personaledition classic\msvcr71.dll

c:\program files\avira\antivir personaledition classic\msvcp71.dll

c:\windows\system32\imm32.dll

c:\program files\avira\antivir personaledition classic\schedr.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\winmm.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\program files\avira\antivir personaledition classic\avevtlog.dll

c:\program files\avira\antivir personaledition classic\sqlite3.dll

C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
c:\program files\avira\antivir personaledition classic\avguard.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\version.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\program files\avira\antivir personaledition classic\msvcr71.dll

c:\windows\system32\imm32.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\program files\avira\antivir personaledition classic\avevtlog.dll

c:\program files\avira\antivir personaledition classic\guardmsg.dll

c:\program files\avira\antivir personaledition classic\sqlite3.dll

c:\program files\avira\antivir personaledition classic\avpref.dll

c:\program files\avira\antivir personaledition classic\smtplib.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\program files\avira\antivir personaledition classic\avgio.dll

c:\windows\system32\fltlib.dll

c:\program files\avira\antivir personaledition classic\aecore.dll

c:\program files\avira\antivir personaledition classic\aevdf.dll

c:\program files\avira\antivir personaledition classic\aescript.dll

c:\program files\avira\antivir personaledition classic\aescn.dll

c:\program files\avira\antivir personaledition classic\aerdl.dll

c:\program files\avira\antivir personaledition classic\aepack.dll

c:\program files\avira\antivir personaledition classic\unacev2.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\program files\avira\antivir personaledition classic\aeoffice.dll

c:\program files\avira\antivir personaledition classic\aeheur.dll

c:\program files\avira\antivir personaledition classic\aehelp.dll

c:\program files\avira\antivir personaledition classic\aegen.dll

c:\program files\avira\antivir personaledition classic\aeemu.dll

c:\program files\avira\antivir personaledition classic\aebb.dll

c:\program files\avira\antivir personaledition classic\avipc.dll

C:\WINDOWS\EXPLORER.EXE
c:\windows\explorer.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\browseui.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shdocvw.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\version.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\apphelp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\cscui.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\themeui.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msutb.dll

c:\windows\system32\msctf.dll

c:\program files\common files\ahead\lib\nerosearchbar.dll

c:\program files\common files\ahead\lib\msvcr71.dll

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll

c:\program files\common files\ahead\lib\mfc71u.dll

c:\program files\common files\ahead\lib\msvcp71.dll

c:\program files\common files\ahead\lib\bcgcbpro860un71.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\mfc71enu.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\samlib.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\linkinfo.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\atl.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\psapi.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\mlang.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\dot3api.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\dot3dlg.dll

c:\windows\system32\onex.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\eappcfg.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\stobject.dll

c:\windows\system32\batmeter.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\midimap.dll

c:\docume~1\simonl~3.bad\locals~1\temp\iadhide5.dll

c:\windows\system32\mpr.dll

c:\windows\system32\drprov.dll

c:\windows\system32\nwprovau.dll

c:\windows\system32\ntlanman.dll

c:\windows\system32\netui0.dll

c:\windows\system32\netui1.dll

c:\windows\system32\netrap.dll

c:\windows\system32\davclnt.dll

c:\windows\system32\sxs.dll

c:\program files\common files\ahead\lib\nerodigitalext.dll

c:\program files\common files\ahead\lib\mfc71.dll

c:\program files\common files\adobe\acrobat\activex\pdfshell.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

C:\WINDOWS\SYSTEM32\BMWEBCFG.EXE
c:\windows\system32\bmwebcfg.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\imm32.dll

C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
c:\program files\bonjour\mdnsresponder.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\bmnet.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\atl.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\samlib.dll

c:\windows\system32\setupapi.dll

C:\PROGRAM FILES\WINDOWS LIVE\FAMILY SAFETY\FSSSVC.EXE
c:\program files\windows live\family safety\fsssvc.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\version.dll

c:\program files\windows live\family safety\msidcrl40.dll

c:\windows\system32\shell32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\userenv.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msi.dll

c:\program files\windows live\family safety\fsssvcps.dll

c:\windows\system32\msxml3.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\bmnet.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\schannel.dll

C:\PROGRAM FILES\CANON\IJPLM\IJPLMSVC.EXE
c:\program files\canon\ijplm\ijplmsvc.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\psapi.dll

c:\windows\system32\winspool.drv

c:\windows\system32\shell32.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\wiaservc.dll

c:\windows\system32\cfgmgr32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\mscms.dll

c:\windows\system32\winspool.drv

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\actxprxy.dll

C:\PROGRAM FILES\VODAFONE\VODAFONE MOBILE CONNECT\BIN\MOBILECONNECT.EXE
c:\program files\vodafone\vodafone mobile connect\bin\mobileconnect.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\mscoree.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\imm32.dll

c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

c:\windows\system32\shell32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\08f80143fa483847bc28ffca256471df\mscorlib.ni.dll

c:\windows\system32\ole32.dll

c:\windows\system32\uxtheme.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system\36215bd7e87c3c4f8c01a60d265f8ec1\system.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\mobileconnect\f3c1629ceb429f4bacbb1018f2cccb7e\mobileconnect.ni.exe

c:\windows\assembly\nativeimages_v2.0.50727_32\vmc.ui.commondialogs\874cf66649d1da4b9b37ae0d420ccb01\vmc.ui.commondialogs.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\vmc.connectionservi#\2e27b4383fee3f44bf81f833348c6a3a\vmc.connectionservicesinterface.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\vmc.windowsservice.#\c5f195268fa5c443aa42f623486cacf6\vmc.windowsservice.core.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\vmc.baseservices.pl#\c8739e6d72cb1f4c9f2e3b3115eaa54f\vmc.baseservices.platform.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\vmc.baseservices.da#\48d74c09845c854eaff4728a0733b1f6\vmc.baseservices.dataaccessor.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\vmc.connectionservi#\901670cb517e884cafe95da815a1395b\vmc.connectionservices.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\vmc.windowsservice.#\ae8a3319c9f0554f963184879641263a\vmc.windowsservice.messaging.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\vmc.connectionservi#\f61cebe060c4744abb4308a2c32b1a9e\vmc.connectionservices.trafficoptimiser.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\360ed3967d9b364f874435a6a4c29682\system.drawing.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\147010fd315e774cbd8257c1c9941115\system.windows.forms.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\interop.dwupdateser#\e4e69f8af360c74abfd0fa6ce57bfe44\interop.dwupdateservicelib.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\vmc.baseservices.xm#\00a7d1ca36b71b439b409f2a52a748bc\vmc.baseservices.xmlserializers.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\vmc.baseservices.ou#\974fa49bde8f924fad7828df8de05316\vmc.baseservices.outlookconnector.ni.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\version.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\7ef01992a6fd4a48ae6905ed4e971948\system.configuration.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\34517e71c1c0894ca7643881bea4681f\system.xml.ni.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\rasadhlp.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\6c9b2f0af3933545a4bc03bcb9280f19\system.management.ni.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\oleaut32.dll

c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\wbem\wmiutils.dll

c:\windows\system32\wbem\wbemprox.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\msctf.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system.serviceproce#\1b503cb53a00d34cabb0eaef3023b3de\system.serviceprocess.ni.dll

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll

c:\docume~1\simonl~3.bad\locals~1\temp\iadhide5.dll

c:\windows\system32\msctfime.ime

c:\windows\assembly\nativeimages_v2.0.50727_32\system.security\585bb2fe61fe534d8db4972bd8c90a79\system.security.ni.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system.data\771e0a1fabab7941b9cdbad86fb5b896\system.data.ni.dll

c:\windows\assembly\gac_32\system.data\2.0.0.0__b77a5c561934e089\system.data.dll

c:\windows\system32\sxs.dll

c:\program files\common files\system\ole db\oledb32.dll

c:\windows\system32\msdart.dll

c:\windows\system32\comdlg32.dll

c:\program files\common files\system\ole db\oledb32r.dll

c:\windows\system32\msjetoledb40.dll

c:\windows\system32\msjet40.dll

c:\windows\system32\mswstr10.dll

c:\windows\system32\msjter40.dll

c:\windows\system32\msjint40.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system.transactions\4ec54a122d0b75469de7f30fdbe220b6\system.transactions.ni.dll

c:\windows\assembly\gac_32\system.transactions\2.0.0.0__b77a5c561934e089\system.transactions.dll

c:\windows\system32\msjtes40.dll

c:\windows\system32\vbajet32.dll

c:\windows\system32\expsrv.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system.runtime.remo#\2c56fa2207709245bf03671216a2d153\system.runtime.remoting.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\wwanwrapper\ad377b56dcdbdc4fbd6d8daf38f89bfb\wwanwrapper.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\csutil\876aeffea37b9845a54d2eeb7faf54d0\csutil.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\interop.shell32\0a1c8374ec7d1c4fbed82aac033ac799\interop.shell32.ni.dll

c:\program files\vodafone\vodafone mobile connect\bin\wwanwrapper.dll

c:\program files\vodafone\vodafone mobile connect\bin\wwancore.dll

c:\windows\system32\cfgmgr32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\system32\psapi.dll

c:\program files\vodafone\vodafone mobile connect\bin\diagnostic.dll

c:\program files\vodafone\vodafone mobile connect\bin\toolbx.dll

c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

c:\program files\vodafone\vodafone mobile connect\bin\devwiz.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll

c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80enu.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\interop.ngclnapilib\75f75ff5a7b6c54183e670171387477b\interop.ngclnapilib.ni.dll

c:\windows\system32\rsaenh.dll

c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll

c:\windows\system32\msi.dll

c:\program files\vodafone\vodafone mobile connect\optimization client\bmapi.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\samlib.dll

c:\windows\system32\netman.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\atl.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\dot3api.dll

c:\windows\system32\dot3dlg.dll

c:\windows\system32\onex.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\eappcfg.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\wzcsapi.dll

c:\windows\system32\wzcsvc.dll

c:\windows\system32\wmi.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\eapolqec.dll

c:\windows\system32\qutil.dll

c:\windows\system32\esent.dll

c:\windows\system32\bmnet.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\program files\vodafone\vodafone mobile connect\bin\en-gb\mobileconnect.resources.dll

c:\windows\system32\urlmon.dll

c:\program files\vodafone\vodafone mobile connect\bin\csutil.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\msxml3.dll

c:\program files\vodafone\vodafone mobile connect\bin\en-gb\vmc.ui.commondialogs.resources.dll

c:\windows\system32\dciman32.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\userenv.dll

c:\windows\system32\sensapi.dll

c:\windows\microsoft.net\framework\v2.0.50727\diasymreader.dll

C:\PROGRAM FILES\JAVA\JRE1.6.0_07\BIN\JUSCHED.EXE
c:\program files\java\jre1.6.0_07\bin\jusched.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\ole32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\uxtheme.dll

C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGNT.EXE
c:\program files\avira\antivir personaledition classic\avgnt.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\version.dll

c:\program files\avira\antivir personaledition classic\mfc71u.dll

c:\program files\avira\antivir personaledition classic\msvcr71.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shell32.dll

c:\windows\system32\comctl32.dll

c:\program files\avira\antivir personaledition classic\cclib.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ole32.dll

c:\program files\avira\antivir personaledition classic\msvcp71.dll

c:\windows\system32\imm32.dll

c:\windows\system32\mfc71enu.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctfime.ime

c:\program files\avira\antivir personaledition classic\ccgen.dll

c:\program files\avira\antivir personaledition classic\ccgenrc.dll

c:\program files\avira\antivir personaledition classic\ccguard.dll

c:\program files\avira\antivir personaledition classic\ccgrdrc.dll

c:\program files\avira\antivir personaledition classic\avipc.dll

c:\program files\avira\antivir personaledition classic\ccupdate.dll

c:\program files\avira\antivir personaledition classic\ccupdrc.dll

c:\program files\avira\antivir personaledition classic\cclic.dll

c:\program files\avira\antivir personaledition classic\cclicrc.dll

c:\program files\avira\antivir personaledition classic\ccmsg.dll

c:\windows\system32\msctf.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

C:\PROGRAM FILES\GOOGLE\GOOGLE TALK\GOOGLETALK.EXE
c:\program files\google\google talk\googletalk.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\riched20.dll

c:\windows\system32\ole32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\oleaut32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\version.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\imm32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctf.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msctfime.ime

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\psapi.dll

c:\windows\system32\sxs.dll

c:\windows\system32\msimtf.dll

c:\docume~1\simonl~3.bad\locals~1\temp\iadhide5.dll

c:\windows\system32\bmnet.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\jscript.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\userenv.dll

c:\windows\system32\msv1_0.dll

C:\PROGRAM FILES\CANON\MYPRINTER\BJMYPRT.EXE
c:\program files\canon\myprinter\bjmyprt.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winspool.drv

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\program files\canon\myprinter\bjmyres.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\ole32.dll

c:\windows\system32\msctf.dll

C:\PROGRAM FILES\COMMON FILES\LOGITECH\LCOMMGR\COMMUNICATIONS_HELPER.EXE
c:\program files\common files\logitech\lcommgr\communications_helper.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\version.dll

c:\windows\system32\winmm.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\program files\common files\logitech\lcommgr\atl80.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msctf.dll

C:\PROGRAM FILES\WINDOWS LIVE\FAMILY SAFETY\FSSUI.EXE
c:\program files\windows live\family safety\fssui.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\msi.dll

c:\program files\windows live\family safety\fsssvcps.dll

c:\windows\system32\msctf.dll

C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE
c:\program files\windows live\messenger\msnmsgr.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msimg32.dll

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll

c:\program files\windows live\messenger\msncore.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\version.dll

c:\windows\system32\winmm.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\msacm32.dll

c:\program files\windows live\messenger\msidcrl40.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\psapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\program files\windows live\messenger\contactsux.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\cryptnet.dll

c:\windows\system32\userenv.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\inetcomm.dll

c:\windows\system32\msoert2.dll

c:\windows\system32\inetres.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\mlang.dll

c:\program files\windows live\messenger\msgslang.8.5.1302.1018.dll

c:\program files\windows live\messenger\msgsres.dll

c:\program files\windows live\messenger\custsat.dll

c:\docume~1\simonl~3.bad\locals~1\temp\iadhide5.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\es.dll

c:\program files\windows live\messenger\lcapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\dsound.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\msdmo.dll

c:\program files\windows live\messenger\rtmpltfm.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\midimap.dll

c:\windows\system32\devenum.dll

c:\windows\system32\ddraw.dll

c:\windows\system32\dciman32.dll

c:\windows\system32\d3dim700.dll

c:\windows\system32\dpnhupnp.dll

c:\windows\system32\bmnet.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\winrnr.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\schannel.dll

c:\windows\system32\msxml3.dll

c:\windows\system32\sxs.dll

c:\program files\windows live\messenger\msgswcam.dll

c:\windows\system32\sirenacm.dll

c:\windows\system32\riched20.dll

c:\windows\system32\msimtf.dll

c:\windows\system32\msi.dll

c:\program files\windows live\messenger\lmcdata.dll

c:\program files\windows live\messenger\contact.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\dssenh.dll

c:\windows\system32\ieframe.dll

c:\program files\windows live\messenger\dfsr.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

c:\windows\system32\esent.dll

c:\program files\windows live\messenger\abssm.dll

c:\windows\system32\wmvcore.dll

c:\windows\system32\wmasf.dll

c:\program files\windows live\messenger\usnsvcps.dll

c:\windows\system32\ksuser.dll

c:\windows\system32\wmadmod.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\jscript.dll

c:\windows\system32\macromed\flash\flash10a.ocx

c:\windows\system32\comdlg32.dll

c:\windows\system32\mscms.dll

c:\windows\system32\winspool.drv

c:\windows\system32\linkinfo.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\atl.dll

c:\windows\system32\mscoree.dll

c:\windows\microsoft.net\framework\v2.0.50727\mscorie.dll

c:\windows\system32\dxtrans.dll

c:\windows\system32\ddrawex.dll

c:\windows\system32\imgutil.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\dot3api.dll

c:\windows\system32\dot3dlg.dll

c:\windows\system32\onex.dll

c:\windows\system32\eappcfg.dll

c:\windows\system32\eappprxy.dll

c:\program files\windows live\messenger\lcres.dll

c:\windows\system32\quartz.dll

c:\windows\system32\rsvpsp.dll

C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
c:\program files\messenger\msmsgs.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\version.dll

c:\windows\system32\winmm.dll

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\imm32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctf.dll

c:\windows\system32\xpob2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\sxs.dll

c:\windows\system32\es.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\credui.dll

c:\windows\system32\msi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\rasadhlp.dll

c:\docume~1\simonl~3.bad\locals~1\temp\iadhide5.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\bmnet.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\userenv.dll

c:\windows\system32\msv1_0.dll

C:\WINDOWS\SYSTEM32\CTFMON.EXE
c:\windows\system32\ctfmon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msutb.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\msctfime.ime

C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\LOGITECHDESKTOPMESSENGER.EXE
c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\imm32.dll

c:\program files\logitech\desktop messenger\8876480\7.2.0.157-8876480sl\program\backweb.dll

c:\program files\logitech\desktop messenger\8876480\7.2.0.157-8876480sl\program\bwsec.dll

c:\windows\system32\msvcrt.dll

c:\program files\logitech\desktop messenger\8876480\7.2.0.157-8876480sl\program\clntutil.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\snmpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\version.dll

c:\windows\system32\wininet.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\winmm.dll

c:\windows\system32\mfc42.dll

c:\windows\system32\shell32.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\wsock32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\progra~1\logitech\deskto~1\8876480\720~1.157\program\en\clientrc.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctf.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\feclient.dll

c:\windows\system32\mpr.dll

c:\windows\system32\userenv.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\program files\logitech\desktop messenger\8876480\program\bwfiles-8876480.dll

c:\program files\logitech\desktop messenger\8876480\7.2.0.157-8876480sl\program\bwfiles.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\docume~1\simonl~3.bad\locals~1\temp\iadhide5.dll

c:\program files\logitech\desktop messenger\8876480\program\bwdocmapext-8876480.dll

c:\windows\system32\inetmib1.dll

c:\windows\system32\iphlpapi.dll

c:\program files\logitech\desktop messenger\8876480\7.2.0.157-8876480sl\program\bwdocmapext.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\atl.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\samlib.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\bmnet.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\urlmon.dll

c:\program files\logitech\desktop messenger\8876480\program\bwscriptext-8876480.dll

c:\program files\logitech\desktop messenger\8876480\7.2.0.157-8876480sl\program\bwscriptext.dll

c:\windows\system32\vbscript.dll

c:\windows\system32\sxs.dll

c:\windows\system32\scrrun.dll

c:\windows\system32\wshom.ocx

c:\program files\logitech\desktop messenger\8876480\program\syncext.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\msi.dll

C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NMBGMONITOR.EXE
c:\program files\common files\ahead\lib\nmbgmonitor.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\shlwapi.dll

c:\program files\common files\ahead\lib\msvcp71.dll

c:\program files\common files\ahead\lib\msvcr71.dll

c:\windows\system32\imm32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctf.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\xpsp2res.dll

c:\program files\common files\ahead\lib\advrcntr2.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\winspool.drv

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\faultrep.dll

c:\windows\system32\userenv.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\msctfime.ime

c:\program files\common files\ahead\lib\nmindexingserviceps.dll

c:\program files\common files\ahead\lib\nmindexstoresvrps.dll

c:\program files\common files\ahead\lib\nmdataservices.dll

c:\windows\system32\iprop.dll

c:\windows\system32\winhttp.dll

C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
c:\program files\spybot - search & destroy\teatimer.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\version.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\winspool.drv

c:\windows\system32\shell32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\hhctrl.ocx

c:\windows\system32\setupapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\jsproxy.dll

c:\windows\system32\psapi.dll

c:\program files\spybot - search & destroy\advcheck.dll

c:\windows\system32\imagehlp.dll

c:\docume~1\simonl~3.bad\locals~1\temp\iadhide5.dll

C:\WINDOWS\SYSTEM32\WDFMGR.EXE
c:\windows\system32\wdfmgr.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\imm32.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

C:\PROGRAM FILES\VODAFONE\VODAFONE MOBILE CONNECT\BIN\VMCSERVICE.EXE
c:\program files\vodafone\vodafone mobile connect\bin\vmcservice.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\mscoree.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\imm32.dll

c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

c:\windows\system32\shell32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\08f80143fa483847bc28ffca256471df\mscorlib.ni.dll

c:\windows\system32\ole32.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system\36215bd7e87c3c4f8c01a60d265f8ec1\system.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system.serviceproce#\1b503cb53a00d34cabb0eaef3023b3de\system.serviceprocess.ni.dll

c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\vmc.windowsservice.#\c5f195268fa5c443aa42f623486cacf6\vmc.windowsservice.core.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\vmc.windowsservice.#\ae8a3319c9f0554f963184879641263a\vmc.windowsservice.messaging.ni.dll

c:\windows\system32\uxtheme.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\vmc.baseservices.da#\48d74c09845c854eaff4728a0733b1f6\vmc.baseservices.dataaccessor.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\vmc.baseservices.pl#\c8739e6d72cb1f4c9f2e3b3115eaa54f\vmc.baseservices.platform.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\vmc.connectionservi#\2e27b4383fee3f44bf81f833348c6a3a\vmc.connectionservicesinterface.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\interop.dwupdateser#\e4e69f8af360c74abfd0fa6ce57bfe44\interop.dwupdateservicelib.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\vmc.baseservices.xm#\00a7d1ca36b71b439b409f2a52a748bc\vmc.baseservices.xmlserializers.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\vmc.baseservices.ou#\974fa49bde8f924fad7828df8de05316\vmc.baseservices.outlookconnector.ni.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\version.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\7ef01992a6fd4a48ae6905ed4e971948\system.configuration.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\34517e71c1c0894ca7643881bea4681f\system.xml.ni.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\rasadhlp.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\6c9b2f0af3933545a4bc03bcb9280f19\system.management.ni.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\oleaut32.dll

c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\wbem\wmiutils.dll

c:\windows\system32\wbem\wbemprox.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\netapi32.dll

C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE
c:\windows\system32\wbem\wmiprvse.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\wbem\wmiutils.dll

c:\windows\system32\wbem\cimwin32.dll

c:\windows\system32\wbem\framedyn.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\security.dll

c:\windows\system32\schannel.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NMINDEXINGSERVICE.EXE
c:\program files\common files\ahead\lib\nmindexingservice.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\program files\common files\ahead\lib\msvcp71.dll

c:\program files\common files\ahead\lib\msvcr71.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\program files\common files\ahead\lib\nmindexingserviceps.dll

c:\program files\common files\ahead\lib\nmlogcxx.dll

c:\program files\common files\ahead\lib\log4cxx.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\userenv.dll

c:\windows\system32\netapi32.dll

c:\program files\common files\ahead\lib\nmdataservices.dll

c:\windows\system32\iprop.dll

c:\windows\system32\winhttp.dll

c:\program files\common files\ahead\lib\nmindexstoresvrps.dll

C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NMINDEXSTORESVR.EXE
c:\program files\common files\ahead\lib\nmindexstoresvr.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\version.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\program files\common files\ahead\lib\nmsqldb.dll

c:\program files\common files\ahead\lib\msvcp71.dll

c:\program files\common files\ahead\lib\msvcr71.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\imm32.dll

c:\windows\system32\uxtheme.dll

c:\docume~1\simonl~3.bad\locals~1\temp\iadhide5.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\program files\common files\ahead\lib\nmlogcxx.dll

c:\program files\common files\ahead\lib\log4cxx.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\shell32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\xpsp2res.dll

c:\program files\common files\ahead\lib\nmindexingserviceps.dll

c:\program files\common files\ahead\lib\nmcofoundation.dll

c:\program files\common files\ahead\lib\nmpluginbase.dll

c:\program files\common files\ahead\lib\nmfulltextextraction.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\query.dll

c:\program files\common files\ahead\lib\nmsearchpluginsimilarimages.dll

c:\program files\common files\ahead\lib\neroipp.dll

c:\program files\common files\ahead\lib\nmdataservices.dll

c:\windows\system32\iprop.dll

c:\windows\system32\winhttp.dll

c:\program files\common files\ahead\lib\nmindexstoresvrps.dll

C:\WINDOWS\SYSTEM32\ALG.EXE
c:\windows\system32\alg.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\atl.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\bmnet.dll

c:\windows\system32\wshtcpip.dll

C:\PROGRAM FILES\VODAFONE\VODAFONE MOBILE CONNECT\OPTIMIZATION CLIENT\BMCTL.EXE
c:\program files\vodafone\vodafone mobile connect\optimization client\bmctl.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\bmnet.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\ole32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\shell32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\msctf.dll

c:\windows\system32\uxtheme.dll

c:\docume~1\simonl~3.bad\locals~1\temp\iadhide5.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\atl.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\setupapi.dll

C:\PROGRAM FILES\VODAFONE\VODAFONE MOBILE CONNECT\BIN\CONAPPM.EXE
c:\program files\vodafone\vodafone mobile connect\bin\conappm.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\mscoree.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\imm32.dll

c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

c:\windows\system32\shell32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\08f80143fa483847bc28ffca256471df\mscorlib.ni.dll

c:\windows\system32\ole32.dll

c:\windows\system32\uxtheme.dll

c:\docume~1\simonl~3.bad\locals~1\temp\iadhide5.dll

c:\windows\system32\msctf.dll

c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system\36215bd7e87c3c4f8c01a60d265f8ec1\system.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\vmc.connectionservi#\2e27b4383fee3f44bf81f833348c6a3a\vmc.connectionservicesinterface.ni.dll

c:\windows\system32\xpsp2res.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\vmc.baseservices.pl#\c8739e6d72cb1f4c9f2e3b3115eaa54f\vmc.baseservices.platform.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\360ed3967d9b364f874435a6a4c29682\system.drawing.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\147010fd315e774cbd8257c1c9941115\system.windows.forms.ni.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\version.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\7ef01992a6fd4a48ae6905ed4e971948\system.configuration.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\34517e71c1c0894ca7643881bea4681f\system.xml.ni.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\rasadhlp.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\vmc.baseservices.da#\48d74c09845c854eaff4728a0733b1f6\vmc.baseservices.dataaccessor.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\interop.dwupdateser#\e4e69f8af360c74abfd0fa6ce57bfe44\interop.dwupdateservicelib.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\vmc.baseservices.xm#\00a7d1ca36b71b439b409f2a52a748bc\vmc.baseservices.xmlserializers.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\vmc.baseservices.ou#\974fa49bde8f924fad7828df8de05316\vmc.baseservices.outlookconnector.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\6c9b2f0af3933545a4bc03bcb9280f19\system.management.ni.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\oleaut32.dll

c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll

c:\windows\system32\wbem\wmiutils.dll

c:\windows\system32\wbem\wbemprox.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\psapi.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system.serviceproce#\1b503cb53a00d34cabb0eaef3023b3de\system.serviceprocess.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\vmc.ui.commondialogs\874cf66649d1da4b9b37ae0d420ccb01\vmc.ui.commondialogs.ni.dll

C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\USNSVC.EXE
c:\program files\windows live\messenger\usnsvc.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\program files\windows live\messenger\usnsvcps.dll

c:\windows\system32\rsaenh.dll

C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\AGENT.EXE
c:\program files\common files\installshield\updateservice\agent.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\version.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\uxtheme.dll

c:\docume~1\simonl~3.bad\locals~1\temp\iadhide5.dll

c:\windows\system32\msctf.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msi.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\sxs.dll

c:\program files\common files\installshield\updateservice\_isusres.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\bmnet.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\dnsapi.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\msxml3.dll

C:\WINDOWS\SYSTEM32\RSVP.EXE
c:\windows\system32\rsvp.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\imm32.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\bmnet.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\traffic.dll

c:\windows\system32\wmi.dll

C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AD-AWARE.EXE
c:\program files\lavasoft\ad-aware\ad-aware.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\version.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comdlg32.dll

c:\program files\lavasoft\ad-aware\lavalicense.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\winmm.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\shfolder.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\docume~1\simonl~3.bad\locals~1\temp\iadhide5.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\setupapi.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\userenv.dll

c:\windows\system32\olepro32.dll

c:\windows\system32\rsaenh.dll

c:\program files\lavasoft\ad-aware\lavamessage.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\samlib.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\dnsapi.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\bmnet.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

C:\WINDOWS\SYSTEM32\WUAUCLT.EXE
c:\windows\system32\wuauclt.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\wuaueng.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\esent.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\winspool.drv

c:\windows\system32\iphlpapi.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\cabinet.dll

c:\windows\system32\mspatcha.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\wups2.dll

End of Scan Section
===========================

#3 stjohn

stjohn
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport
  • Local time:01:09 PM

Posted 22 October 2008 - 02:38 PM

Spybot Search and Destroy

--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information! ()


DoubleClick: Tracking cookie (Internet Explorer: Simon Lake) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-09-16 TeaTimer.exe (1.6.3.25)
2008-10-18 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-09-02 Includes\Adware.sbi (*)
2008-10-14 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-09-02 Includes\Hijackers.sbi (*)
2008-10-07 Includes\HijackersC.sbi (*)
2008-09-09 Includes\Keyloggers.sbi (*)
2008-10-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-10-08 Includes\Malware.sbi (*)
2008-10-14 Includes\MalwareC.sbi (*)
2008-09-02 Includes\PUPS.sbi (*)
2008-10-14 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-09-30 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-09-09 Includes\Spyware.sbi (*)
2008-10-14 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-10-15 Includes\Trojans.sbi (*)
2008-10-14 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127-v2)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB956390)
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Security Update for Windows XP (KB938464)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Update for Windows XP (KB951072-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB953838)
/ Windows XP / SP4: Security Update for Windows XP (KB953839)
/ Windows XP / SP4: Security Update for Windows XP (KB954211)
/ Windows XP / SP4: Hotfix for Windows XP (KB954708)
/ Windows XP / SP4: Security Update for Windows XP (KB956391)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956841)
/ Windows XP / SP4: Security Update for Windows XP (KB957095)


--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 34672
MD5: 69B16C7B7746BA5C642FC05B3561FC73

Located: HK_LM:Run, avgnt
command: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
file: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 266497
MD5: 6E812818306D460D62B4ABEA9FDC6679

Located: HK_LM:Run, CanonMyPrinter
command: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
file: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
size: 1603152
MD5: 2F0F0E6AA6F5874E13E792996077138B

Located: HK_LM:Run, CanonSolutionMenu
command: C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
file: C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe
size: 644696
MD5: FEDB6110D3E0A7EFE6996F93CD8C48E7

Located: HK_LM:Run, fssui
command: "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
file: C:\Program Files\Windows Live\Family Safety\fssui.exe
size: 243240
MD5: 5EDA316AAE51D46D7BCF70D7BBBC8E41

Located: HK_LM:Run, googletalk
command: C:\Program Files\Google\Google Talk\googletalk.exe /autostart
file: C:\Program Files\Google\Google Talk\googletalk.exe
size: 3739648
MD5: BCD9CBF0621F9A6767276A2E0BF1DD15

Located: HK_LM:Run, LogitechCommunicationsManager
command: "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
file: C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
size: 497200
MD5: 03E0CDD5CCF362593EA52B0151750D0A

Located: HK_LM:Run, MobileConnect
command: C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
file: C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
size: 2060288
MD5: 29680021641BA556DE0CA3FF95A966B0

Located: HK_LM:Run, NeroFilterCheck
command: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
file: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
size: 153136
MD5: 8112D0DACAE746290FC87B3A980FA719

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
size: 144784
MD5: 6AB4C021FBD36DC6764924C312428D97

Located: HK_LM:Run, WinampAgent
command: E:\Winamp\winampa.exe
file: E:\Winamp\winampa.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, ZoneAlarm Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 981904
MD5: 36FDDBCCA07A2CD5F127CDF9622D4E56

Located: HK_CU:Run, BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
where: S-1-5-21-1214440339-1993962763-1343024091-1003...
command: "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
file: C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
size: 152872
MD5: 86F0D0B3A07C142C81DAB47E8495A822

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-1214440339-1993962763-1343024091-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, LDM
where: S-1-5-21-1214440339-1993962763-1343024091-1003...
command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
size: 36864
MD5: 94782C50F682CCC02C1FF4360976A5C8

Located: HK_CU:Run, MSMSGS
where: S-1-5-21-1214440339-1993962763-1343024091-1003...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2

Located: HK_CU:Run, MsnMsgr
where: S-1-5-21-1214440339-1993962763-1343024091-1003...
command: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
size: 5724184
MD5: A8972A2F9A744DD5EE0BFE429D767F1C

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1214440339-1993962763-1343024091-1003...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6

Located: Startup (common), Adobe Gamma Loader.lnk
where: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 110592
MD5: 5CD0CD0EC4DC5DF459B3AC016764F5AA

Located: Startup (common), Logitech Desktop Messenger.lnk
where: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup...
command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
size: 196608
MD5: 6F2E5108667BF1149D884E3CBEB9CDD1

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (Adobe PDF Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 6/12/2008 6:33:16 AM
Date (last access): 10/21/2008 3:09:14 PM
Date (last write): 6/12/2008 6:33:16 AM
Filesize: 75128
Attributes: archive
MD5: E96C752BBA0E22330A43258FC800200E
CRC32: E5D72083
Version: 9.0.0.332

{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} (Windows Live OneCare Family Safety Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Windows Live OneCare Family Safety Browser Helper
CLSID name: Windows Live OneCare Family Safety Browser Helper Class
Path: C:\Program Files\Windows Live\Family Safety\
Long name: fssbho.dll
Short name:
Date (created): 12/17/2007 11:12:56 AM
Date (last access): 10/21/2008 3:33:38 PM
Date (last write): 12/17/2007 11:12:56 AM
Filesize: 56360
Attributes: archive
MD5: 03C772AF735D1186B5149FAC92E64AE3
CRC32: 03877104
Version: 2.0.6010.0

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 10/18/2008 10:34:44 PM
Date (last access): 10/21/2008 3:48:56 PM
Date (last write): 9/15/2008 2:25:44 PM
Filesize: 1562960
Attributes: readonly hidden sysfile archive
MD5: 35F73F1936BDE91F1B6995510A61E7A8
CRC32: BE6A5D15
Version: 1.6.2.14

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: ssv.dll
Short name:
Date (created): 9/27/2008 2:27:54 PM
Date (last access): 10/21/2008 3:33:38 PM
Date (last write): 6/10/2008 4:27:02 AM
Filesize: 509328
Attributes: archive
MD5: F921D875A1CBD69A6A462BA2514BC831
CRC32: 38AC9EE2
Version: 6.0.70.6

{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 9/20/2007 10:30:18 AM
Date (last access): 10/21/2008 3:26:14 PM
Date (last write): 9/20/2007 10:30:18 AM
Filesize: 328752
Attributes: archive
MD5: 59CF5BF6684AFCF906CADAD39B4214DE
CRC32: C363813C
Version: 4.200.520.1

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Toolbar Helper
Path: C:\Program Files\Windows Live Toolbar\
Long name: msntb.dll
Short name:
Date (created): 10/19/2007 11:20:48 AM
Date (last access): 10/21/2008 3:33:40 PM
Date (last write): 10/19/2007 11:20:48 AM
Filesize: 546320
Attributes: archive
MD5: CEE1BE1DA21300208D07FBEAE9EA2B51
CRC32: 12446524
Version: 3.1.0.146

{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} (ZoneAlarm Spy Blocker BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: ZoneAlarm Spy Blocker BHO
CLSID name: ZoneAlarm Spy Blocker BHO
Path: C:\Program Files\ZoneAlarmSB\bar\1.bin\
Long name: SPYBLOCK.DLL
Short name:
Date (created): 10/20/2008 8:50:02 PM
Date (last access): 10/21/2008 3:25:10 PM
Date (last write): 10/20/2008 8:50:04 PM
Filesize: 262144
Attributes: archive
MD5: 6C186920871F16149331E5C911BEE931
CRC32: 0F62F9D9
Version: 2.3.0.11



--- ActiveX list ---
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
DPF name:
CLSID name: YInstStarter Class
Installer: C:\Program Files\Yahoo!\Common\yinst.inf
Codebase: C:\Program Files\Yahoo!\Common\yinsthelper.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\PROGRA~1\Yahoo!\Common\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 10/10/2008 1:51:38 PM
Date (last access): 10/21/2008 12:24:18 PM
Date (last write): 7/30/2006 1:25:34 PM
Filesize: 188968
Attributes: archive
MD5: 18B54B53CEE0E7204495BAB864EBBF03
CRC32: 6D72BB93
Version: 2006.4.14.2

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 6/10/2008 2:32:34 AM
Date (last access): 10/21/2008 11:47:12 AM
Date (last write): 6/10/2008 4:27:02 AM
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 6/10/2008 2:32:34 AM
Date (last access): 10/21/2008 3:54:58 PM
Date (last write): 6/10/2008 4:27:02 AM
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 6/10/2008 2:32:34 AM
Date (last access): 10/21/2008 3:54:58 PM
Date (last write): 6/10/2008 4:27:02 AM
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6



--- Process list ---
PID: 0 ( 0) [System]
PID: 484 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 532 ( 484) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 556 ( 484) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 600 ( 556) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 0E776ED5F7CC9F94299E70461B7B8185
PID: 612 ( 556) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 768 ( 600) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 812 ( 600) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 856 ( 600) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 916 ( 600) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 984 ( 600) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1068 ( 600) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
size: 2405776
MD5: 6E86D03D8A81CF53E17FE57AAD108659
PID: 1304 ( 600) C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
size: 611664
MD5: 17067069B9A7865028C1F2E6971D0CCC
PID: 1412 ( 600) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 1464 ( 600) C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
size: 68865
MD5: 9773E0650E0BAB7AE161D2A0ECC7678A
PID: 1884 ( 600) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
size: 149761
MD5: 6BB24E08C602E1E023FC15E25CD32490
PID: 1908 ( 600) C:\WINDOWS\system32\bmwebcfg.exe
size: 118784
MD5: 0A1D0A6F6D8064597D25FE300EAA356D
PID: 1920 ( 600) C:\Program Files\Bonjour\mDNSResponder.exe
size: 238888
MD5: 9EFE4236F8670846B6E7C5B0EFF6E715
PID: 1960 ( 600) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
size: 523816
MD5: 04034887E76799D0A4BAAA50344B3DE7
PID: 372 ( 184) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 272 ( 600) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
size: 101528
MD5: 51516252DBBFED36F70B341DBA263167
PID: 992 ( 600) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1212 ( 372) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
size: 2060288
MD5: 29680021641BA556DE0CA3FF95A966B0
PID: 1136 ( 372) C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
size: 144784
MD5: 6AB4C021FBD36DC6764924C312428D97
PID: 1272 ( 372) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 266497
MD5: 6E812818306D460D62B4ABEA9FDC6679
PID: 1332 ( 600) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5
PID: 1568 ( 372) C:\Program Files\Google\Google Talk\googletalk.exe
size: 3739648
MD5: BCD9CBF0621F9A6767276A2E0BF1DD15
PID: 1612 ( 372) C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
size: 1603152
MD5: 2F0F0E6AA6F5874E13E792996077138B
PID: 1628 ( 600) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
size: 24576
MD5: B3BFBB9C45BDAF3ECB4D1456F9017F95
PID: 1660 ( 372) C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
size: 497200
MD5: 03E0CDD5CCF362593EA52B0151750D0A
PID: 716 ( 372) C:\Program Files\Windows Live\Family Safety\fssui.exe
size: 243240
MD5: 5EDA316AAE51D46D7BCF70D7BBBC8E41
PID: 1692 ( 372) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 981904
MD5: 36FDDBCCA07A2CD5F127CDF9622D4E56
PID: 1732 ( 372) C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
size: 5724184
MD5: A8972A2F9A744DD5EE0BFE429D767F1C
PID: 1740 ( 372) C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
PID: 1752 ( 372) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 1820 ( 372) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
size: 36864
MD5: 94782C50F682CCC02C1FF4360976A5C8
PID: 1840 ( 372) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
size: 152872
MD5: 86F0D0B3A07C142C81DAB47E8495A822
PID: 1864 ( 372) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6
PID: 2912 ( 600) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
size: 279848
MD5: A328A46D87BB92CE4D8A4528E9D84787
PID: 2964 ( 768) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 218112
MD5: 0FFAE66E6D5B1C87CBD22D1F3B6079FD
PID: 3028 ( 600) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 3104 ( 768) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
size: 1213736
MD5: FFBD5650348D4F9E0AA8E72938DC6478
PID: 3516 (1212) C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe
size: 339968
MD5: A9DF4581459EB4A231F42BC509E31CEA
PID: 3672 (1212) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\ConAppM.exe
size: 208896
MD5: F6A488DBDD87BB648B290A3F1A89921C
PID: 508 ( 600) C:\Program Files\Windows Live\Messenger\usnsvc.exe
size: 98328
MD5: 9D19B042A4FD5C02195071EA2FE0C821
PID: 2932 ( 768) C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
size: 992176
MD5: 1E5B9201721D9B687546A982323C030E
PID: 3276 ( 600) C:\WINDOWS\system32\rsvp.exe
size: 132608
MD5: 471B3F9741D762ABE75E9DEEA4787E47
PID: 4060 ( 372) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891472
MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 10/21/2008 3:55:01 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://search.live.com/sphome.aspx
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: BMI over [MSAFD Tcpip [TCP/IP]]
GUID: {F1DB254C-B562-40B9-B71B-4A39F1FD67C2}
Filename: bmnet.dll

Protocol 1: BMI over [MSAFD Tcpip [UDP/IP]]
GUID: {F1DB254C-B562-40B9-B71B-4A39F1FD67C2}
Filename: bmnet.dll

Protocol 2: BMI over [MSAFD Tcpip [RAW/IP]]
GUID: {F1DB254C-B562-40B9-B71B-4A39F1FD67C2}
Filename: bmnet.dll

Protocol 3: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 4: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 5: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 6: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: MSAFD nwlnkipx [IPX]
GUID: {11058240-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware UPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkipx *

Protocol 9: MSAFD nwlnkspx [SPX]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 10: MSAFD nwlnkspx [SPX] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 11: MSAFD nwlnkspx [SPX II]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 12: MSAFD nwlnkspx [SPX II] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 13: MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5823889-3A56-4CD9-B923-89AE62CD48DF}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5823889-3A56-4CD9-B923-89AE62CD48DF}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8A4BA27C-6259-4F89-BEE5-66F77E8404A5}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8A4BA27C-6259-4F89-BEE5-66F77E8404A5}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{80AE6D72-6D42-48A9-B00C-698B6052B4FB}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{80AE6D72-6D42-48A9-B00C-698B6052B4FB}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BFAB4052-C83B-465F-BBCB-B42C10B4A585}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BFAB4052-C83B-465F-BBCB-B42C10B4A585}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{232E27C0-109A-48B9-9820-6C0F4750DFEE}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{232E27C0-109A-48B9-9820-6C0F4750DFEE}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0F6722A2-51A8-4FFE-8545-E9CED16EF22B}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0F6722A2-51A8-4FFE-8545-E9CED16EF22B}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
GUID: {E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\nwprovau.dll
Description: Microsoft Windows NT/2k/XP Novell Netware name space provider
DB filename: %SystemRoot%\system32\nwprovau.dll
DB protocol: NWLink IPX/SPX/NetBIOS*

Namespace Provider 1: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 2: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 3: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 4: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP



--- Uninstall list ---
(AddressBook)

Adobe Flash Player 10 ActiveX 10.0.12.10 (Adobe Flash Player ActiveX)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com/go/flashplayer_support/

Adobe Flash Player Plugin 9.0.124.0 (Adobe Flash Player Plugin)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
publisher: Adobe Systems Incorporated

Adobe Photoshop 7.0 7.0 (Adobe Photoshop 7.0)
version (major): 7
install location: C:\Program Files\Adobe\Photoshop 7.0
install source: C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Local Settings\Temp\Rar$EX35.631\Photoshop\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
publisher: Adobe Systems, Inc.

Adobe SVG Viewer 3.0 3.0 (Adobe SVG Viewer)
version (major): 3
install location: C:\WINDOWS\system32\Adobe\SVG Viewer 3.0
uninstall cmd: C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
publisher: Adobe Systems, Inc.

Avira AntiVir Personal - Free Antivirus (AntiVir PersonalEdition Classic)
uninstall cmd: C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
publisher: Avira GmbH
help link: http://www.avira.com/classic-support

(Branding)

Canon MP210 series User Registration (Canon MP210 series User Registration)
uninstall cmd: C:\Program Files\Canon\IJEREG\MP210 series\UNINST.EXE

PIXMA Extended Survey Program (CANONIJPLM100)
uninstall cmd: C:\Program Files\Canon\IJPLM\SETUP.EXE -R

Canon My Printer (CanonMyPrinter)
uninstall cmd: C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini

Canon Utilities Solution Menu (CanonSolutionMenu)
uninstall cmd: C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini

CCleaner (remove only) (CCleaner)
uninstall cmd: "C:\Program Files\CCleaner\uninst.exe"

(Connection Manager)

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

(Fontcore)

(ICW)

Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs)
install date: 20080930
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

(IE40)

(IE4Data)

(IE5BAKEX)

Windows Internet Explorer 7 20070813.185237 (ie7)
install date: 20080930
uninstall cmd: "C:\WINDOWS\ie7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://www.microsoft.com/ie

(IEData)

(InstallShield Uninstall Information)

Corel Graphics Suite 11 11 (InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0})
version: 184549376
version (major): 11
estimated size: 264006
install date: 20080929
install location: C:\Program Files\Corel\Corel Graphics 11\
install source: E:\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{07A540AB-D785-11D5-8E89-0090275862A0}
publisher: Corel Corporation
comments:
contact: Corel Customer Service
help link: http://www.corel.com
help telephone: U.S. 1-800-772-6735 Outside U.S. 1-800-267-35127
readme:

(KB884016)

3.1 (KB893803)
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Security Update for Windows XP (KB923689) (KB923689)
install date: 20081012
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923689

Security Update for Windows XP (KB923789) (KB923789)
uninstall cmd: C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923789

Security Update for CAPICOM (KB931906) 2.1.0.2 (KB931906)
uninstall cmd: MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931906

Security Update for Windows Internet Explorer 7 (KB938127-v2) 2 (KB938127-v2-IE7)
install date: 20081001
uninstall cmd: "C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=938127-v2

Security Update for Windows XP (KB938464) 1 (KB938464)
install date: 20080927
uninstall cmd: "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=938464

Security Update for Windows XP (KB941569) (KB941569)
install date: 20081012
uninstall cmd: "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=941569

Security Update for Windows XP (KB946648) 1 (KB946648)
install date: 20080927
uninstall cmd: "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=946648

Security Update for Windows XP (KB950762) 1 (KB950762)
install date: 20080927
uninstall cmd: "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=950762

Security Update for Windows XP (KB950974) 1 (KB950974)
install date: 20080927
uninstall cmd: "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=950974

Security Update for Windows XP (KB951066) 1 (KB951066)
install date: 20080927
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951066

Update for Windows XP (KB951072-v2) 2 (KB951072-v2)
install date: 20080927
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951072

Security Update for Windows XP (KB951376-v2) 2 (KB951376-v2)
install date: 20080927
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951376

Security Update for Windows XP (KB951698) 1 (KB951698)
install date: 20080927
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951698

Security Update for Windows XP (KB951748) 1 (KB951748)
install date: 20080927
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951748

Update for Windows XP (KB951978) 1 (KB951978)
install date: 20080928
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951978

Hotfix for Windows XP (KB952287) 1 (KB952287)
install date: 20080927
uninstall cmd: "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=952287

Security Update for Windows XP (KB952954) 1 (KB952954)
install date: 20080927
uninstall cmd: "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=952954

Security Update for Windows XP (KB953838) 1 (KB953838)
install date: 20080927
uninstall cmd: "C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=953838

Security Update for Windows Internet Explorer 7 (KB953838) 1 (KB953838-IE7)
install date: 20081001
uninstall cmd: "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=953838

Security Update for Windows XP (KB953839) 1 (KB953839)
install date: 20080927
uninstall cmd: "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=953839

Security Update for Windows XP (KB954211) 1 (KB954211)
install date: 20081015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=954211

Hotfix for Windows XP (KB954708) 1 (KB954708)
install date: 20080930
uninstall cmd: "C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=954708

Security Update for Windows Internet Explorer 7 (KB956390) 1 (KB956390-IE7)
install date: 20081015
uninstall cmd: "C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=956390

Security Update for Windows XP (KB956391) 1 (KB956391)
install date: 20081015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=956391

Security Update for Windows XP (KB956803) 1 (KB956803)
install date: 20081015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=956803

Security Update for Windows XP (KB956841) 1 (KB956841)
install date: 20081015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=956841

Security Update for Windows XP (KB957095) 1 (KB957095)
install date: 20081015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=957095

Malwarebytes' Anti-Malware (Malwarebytes' Anti-Malware_is1)
install date: 20081018
install location: C:\Program Files\Malwarebytes' Anti-Malware\
uninstall cmd: "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
publisher: Malwarebytes Corporation
help link: http://www.malwarebytes.org

Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0)
install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=45396

(MobileOptionPack)

Mozilla Firefox (3.0.3) 3.0.3 (en-GB) (Mozilla Firefox (3.0.3))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox

(MPlayer2)

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL

(NeroBackItUp!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

(NeroMediaHome!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

(NeroRecode!UninstallKey)
uninstall cmd: C:\WINDOWS\UNRecode.exe /UNINSTALL

(NeroShowTime!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

(NeroVision!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroVision.exe /UNINSTALL

(NetMeeting)

Microsoft National Language Support Downlevel APIs (NLSDownlevelMapping)
install date: 20080930
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

(QuarkXPress Passport)

(SchedulingAgent)

(WIC)

Windows Live Toolbar 03.01.0146 (Windows Live Toolbar)
uninstall cmd: "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
publisher: Microsoft Corporation

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows XP Service Pack 3 20080414.031525 (Windows XP Service Pack)
install date: 20080927
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=936929

WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

Yahoo! Install Manager (YInstHelper)
uninstall cmd: C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

ZoneAlarm 8.0.020.000 (ZoneAlarm)
uninstall cmd: C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
publisher: Check Point, Inc
help link: C:\Program Files\Zone Labs\ZoneAlarm\Help\zaclients.chm

ZoneAlarm Spy Blocker (ZoneAlarmSB Uninstall)
uninstall cmd: rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
publisher: ZoneAlarm
help link: http://www.zonealarm.com/store/content/com...3&c=P100014

Adobe AIR 1.0.8.4990 ({00203668-8170-44A0-BE44-B632FA4D780F})
version: 16777224
version (major): 1
estimated size: 24851
install date: 20080927
install source: C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Local Settings\Application Data\nos\Adobe AIR Installer\
uninstall cmd: MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
publisher: Adobe Systems Inc.

Macromedia Dreamweaver MX 2004 7.0.1 ({05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A})
version (major): 7
install location: C:\Program Files\Macromedia\Dreamweaver MX 2004
install source: C:\Program Files\Macromedia
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
publisher: Macromedia
help link: http://www.macromedia.com/go/dreamweaver_support/

Corel Graphics Suite 11 11 ({07A540AB-D785-11D5-8E89-0090275862A0})
version: 184549376
version (major): 11
estimated size: 264006
install date: 20080929
install location: C:\Program Files\Corel\Corel Graphics 11\
install source: E:\
publisher: Corel Corporation
comments:
contact: Corel Customer Service
help link: http://www.corel.com
help telephone: U.S. 1-800-772-6735 Outside U.S. 1-800-267-35127
readme:

Security Update for CAPICOM (KB931906) 2.1.0.2 ({0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A})
version: 33619968
version (major): 2
version (minor): 1
estimated size: 770
install date: 20080929
install source: C:\WINDOWS\TEMP\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
publisher: Microsoft Corporation

Canon MP210 series ({1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series)
uninstall cmd: "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series /L0x0009

Windows Live Mail 12.0.1606.1023 ({184E7118-0295-43C4-B72C-1D54AA75AAF7})
version: 201328198
version (major): 12
install date: 20081020
install source: C:\Program Files\Common Files\WindowsLiveInstaller\MsiSources\
uninstall cmd: MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
publisher: Microsoft Corporation

Google Talk (remove only) ({226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk)
uninstall cmd: "C:\Program Files\Google\Google Talk\uninstall.exe"

Windows Live Photo Gallery 12.0.1308.1023 ({257E440F-781F-459B-9A68-A0872B80C1D6})
version: 201327900
version (major): 12
estimated size: 22819
install date: 20081020
install source: C:\Program Files\Common Files\WindowsLiveInstaller\MsiSources\
uninstall cmd: MsiExec.exe /X{257E440F-781F-459B-9A68-A0872B80C1D6}
publisher: Microsoft Corporation
help link: http://photogallery.live.com/

Nero 7 Ultra Edition 7.02.9888 ({26D3E377-1DCA-4043-9410-B4A9BACF1033})
version: 117581472
version (major): 7
version (minor): 2
estimated size: 501983
install date: 20081011
install location: C:\Program Files\Nero\Nero 7\
install source: C:\DOCUME~1\SIMONL~3.BAD\LOCALS~1\Temp\NERO13390\
uninstall cmd: MsiExec.exe /X{26D3E377-1DCA-4043-9410-B4A9BACF1033}
publisher: Nero AG
comments: Nero AG
contact: techsupport@nero.com retail-support@nero.com chinese-techsupport@nero.com
help link: techsupport@nero.com retail-support@nero.com chinese-techsupport@nero.com
help telephone: xxxxxxxxxxxxxx

Macromedia Flash 8 8.00.0000 ({2BD5C305-1B27-4D41-B690-7A61172D2FEB})
version: 134217728
version (major): 8
estimated size: 252075
install date: 20081001
install location: C:\Program Files\Macromedia\Flash 8\
install source: C:\WINDOWS\Downloaded Installations\Macromedia Flash 8\
uninstall cmd: MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
publisher: Macromedia
comments: Thank you for choosing Macromedia.
contact: Support and Training
help link: http://www.macromedia.com/go/flash_support

Java™ 6 Update 7 1.6.0.70 ({3248F0A8-6813-11D6-A77B-00B0D0160070})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 116478
install date: 20080927
install source: C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Application Data\Sun\Java\jre1.6.0_07\
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_07\README.txt

Windows Live OneCare Family Safety 2.0.6010.0 ({3403CB31-D7C1-43F4-9D2F-579758C0CF09})
version: 33560442
version (major): 2
estimated size: 3894
install date: 20081021
install source: C:\WINDOWS\SoftwareDistribution\Download\4e58aceaf8d80a1c656c505c013bd544\img\
uninstall cmd: MsiExec.exe /X{3403CB31-D7C1-43F4-9D2F-579758C0CF09}
publisher: Microsoft Corporation
help link: http://feedback.live.com/eform.aspx?produc...=wlfamilysafety

Windows Live Toolbar Extension (Windows Live Toolbar) 03.01.0146 ({341201D4-4F61-4ADB-987E-9CCE4D83A58D})
version: 50397330
version (major): 3
version (minor): 1
estimated size: 609
install date: 20081020
install source: C:\WINDOWS\SoftwareDistribution\Download\baefa8ba07408455c66e04aecc4edc13\img\
uninstall cmd: MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
publisher: Microsoft Corporation

WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 1864
install date: 20080927
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

Adobe Illustrator 10 10 ({412033BC-44CF-48D9-B813-4B835101F4D3})
version (major): 10
install location: C:\Program Files\Adobe\Illustrator 10
install source: "E:\Adobe Illustrator 10"
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{412033BC-44CF-48D9-B813-4B835101F4D3}\setup.exe"
publisher: Adobe Systems, Inc.

Adobe InDesign CS CS ({416DFEDD-9F1B-4EFC-AF70-FCA891AE0251})
version: 50331648
version (major): 3
install location: C:\Program Files\Adobe\InDesign CS
install source: C:\DOCUME~1\SIMONL~3.BAD\LOCALS~1\Temp\Rar$EX09.048\Adobe InDesign CS\
uninstall cmd: RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}\zidxp.exe"
publisher: Adobe Systems Incorporated

Windows Live Messenger 8.5.1302.1018 ({508CE775-4BA4-4748-82DF-FE28DA9F03B0})
version: 134546710
version (major): 8
version (minor): 5
estimated size: 31977
install date: 20081020
install source: C:\Program Files\Common Files\WindowsLiveInstaller\MsiSources\
uninstall cmd: MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
publisher: Microsoft Corporation

VBA (2627.01) 6.03.00.9188 ({5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6})
version: 100859904
version (major): 6
version (minor): 3
estimated size: 20764
install date: 20080929
install source: E:\VBA6\
publisher: Microsoft Corporation

Macromedia Extension Manager 1.7.240 ({5546CDB5-2CE2-498B-B059-5B3BF81FC41F})
version: 17236208
version (major): 1
version (minor): 7
estimated size: 4997
install date: 20081001
install location: C:\Program Files\Macromedia\Extension Manager\
install source: C:\DOCUME~1\SIMONL~3.BAD\LOCALS~1\Temp\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}\
uninstall cmd: MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
publisher: Macromedia, Inc.
comments: Language: En
contact: Customer Support Department
help link: http://www.macromedia.com/go/dreamweaver/support

neroxml 1.0.0 ({56C049BE-79E9-4502-BEA7-9754A3E60F9B})
version: 16777216
version (major): 1
estimated size: 1365
install date: 20081011
install source: C:\DOCUME~1\SIMONL~3.BAD\LOCALS~1\Temp\NERO13390\Redist\
uninstall cmd: MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
publisher: Nero AG
contact: Nero AG

Apple Software Update 2.1.1.116 ({6956856F-B6B3-4BE0-BA0B-8F495BE32033})
version: 33619969
version (major): 2
version (minor): 1
estimated size: 2208
install date: 20081017
install location: C:\Program Files\Apple Software Update\
install source: C:\DOCUME~1\SIMONL~3.BAD\LOCALS~1\Temp\IXP040.TMP\
uninstall cmd: MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

Microsoft .NET Framework 2.0 2.0.50727 ({7131646D-CD3C-40F4-97B9-CD9E4E6262EF})
version: 33605159
version (major): 2
estimated size: 213084
install date: 20080927
install source: C:\DOCUME~1\SIMONL~3.BAD\LOCALS~1\Temp\IS60.tmp\
publisher: Microsoft Corporation

Map Button (Windows Live Toolbar) 03.01.0146 ({7745B7A9-F323-4BB9-9811-01BF57A028DA})
version: 50397330
version (major): 3
version (minor): 1
estimated size: 543
install date: 20081020
install source: C:\WINDOWS\SoftwareDistribution\Download\48012329ba6513fb48fc8bf6758964e9\img\
uninstall cmd: MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
publisher: Microsoft Corporation

Windows Live Favorites for Windows Live Toolbar 03.01.0146 ({786C4AD1-DCBA-49A6-B0EF-B317A344BD66})
version: 50397330
version (major): 3
version (minor): 1
estimated size: 1879
install date: 20081020
install source: C:\WINDOWS\SoftwareDistribution\Download\d685dc15da0012de1985c275fadd48a9\img\
uninstall cmd: MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
publisher: Microsoft Corporation
contact: Microsoft Corporation

Macromedia Flash Player 8 8.0.22.0 ({885A63EA-382B-4DD4-A755-14809B8557D6})
version: 134217750
version (major): 8
estimated size: 1458
install date: 20081001
install location: C:\WINDOWS\system32\Macromed\Flash\
install source: C:\DOCUME~1\SIMONL~3.BAD\LOCALS~1\Temp\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}\
uninstall cmd: MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
publisher: Macromedia
help link: http://www.macromedia.com/go/flashplayer_support/

Bonjour 1.0.105 ({8A25392D-C5D2-4E79-A2BD-C15DDC5B0959})
version: 16777321
version (major): 1
estimated size: 497
install date: 20080929
install location: C:\Program Files\Bonjour\
install source: C:\DOCUME~1\SIMONL~3.BAD\LOCALS~1\Temp\IXP206.TMP\
uninstall cmd: MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

Macromedia Flash 8 Video Encoder 1.00.0000 ({8BF2C401-02CE-424D-BC26-6C4F9FB446B6})
version: 16777216
version (major): 1
estimated size: 11657
install date: 20081001
install location: C:\Program Files\Macromedia\Flash 8 Video Encoder\
install source: C:\DOCUME~1\SIMONL~3.BAD\LOCALS~1\Temp\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}\
uninstall cmd: MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
publisher: Macromedia
comments: Thank you for choosing Macromedia.
contact: Support and Training
help link: http://www.macromedia.com/go/flash/support

Logitech Desktop Messenger 2.30.04 ({900B1197-53F5-4F46-A882-2CFFFE2EEDCB})
version: 23265379
install location: C:\Program Files\Logitech\Desktop Messenger
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
publisher: Logitech, Inc.
contact: Logitech Customer Support
help link: www.logitech.com/support

Windows Live Writer 12.0.1370.0325 ({9176251A-4CC1-4DDB-B343-B487195EB397})
version: 201327962
version (major): 12
estimated size: 12734
install date: 20081020
install source: C:\Program Files\Common Files\WindowsLiveInstaller\MsiSources\
uninstall cmd: MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
publisher: Microsoft Corporation

Macromedia Fireworks MX 6 ({930B2432-43D4-11D5-9871-00C04F8EEB39})
install location: C:\Program Files\Macromedia\Fireworks MX
install source: C:\Program Files\Macromedia
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
publisher: Macromedia
help link: http://www.macromedia.com/go/fireworks_support

Microsoft Application Error Reporting 12.0.6012.5000 ({95120000-00B9-0409-0000-0000000FF1CE})
version: 201332604
version (major): 12
estimated size: 8935
install date: 20080930
install source: C:\Program Files\Common Files\Windows Live\.cache\482bede01c92291\
publisher: Microsoft Corporation
help link: http://support.microsoft.com

VC 9.0 Runtime 1.0.0 ({A040AC77-C1AA-4CC9-8931-9F648AF178F6})
version: 16777216
version (major): 1
estimated size: 1418
install date: 20080930
install source: C:\DOCUME~1\SIMONL~3.BAD\LOCALS~1\Temp\09300824609\
uninstall cmd: MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
publisher: Check Point Software Technologies Ltd

Highlight Viewer (Windows Live Toolbar) 03.01.0146 ({A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF})
version: 50397330
version (major): 3
version (minor): 1
estimated size: 1303
install date: 20081020
install source: C:\WINDOWS\SoftwareDistribution\Download\329d4edabc1899429a54358bf5533513\img\
uninstall cmd: MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
publisher: Microsoft Corporation

QuarkXPress Passport 5.00.0000 ({A7BF5297-3E74-11D5-B00F-00104B398D77})
version: 83886080
version (major): 5
estimated size: 108185
install date: 20080929
install source: E:\QuarkXPress 5.0 Beta Win\
uninstall cmd: MsiExec.exe /I{A7BF5297-3E74-11D5-B00F-00104B398D77}
publisher: Quark Inc.
contact: Installer Build 001
help link: http://www.Quark.com
help telephone: 303-894-8888

Windows Live installer 12.0.1471.1025 ({A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320})
version: 201328063
version (major): 12
estimated size: 2204
install date: 20081020
install source: C:\DOCUME~1\SIMONL~3.BAD\LOCALS~1\Temp\{B3C2B571-F2A0-4672-9CDA-7C8916D2AA3C}\
uninstall cmd: MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
publisher: Microsoft Corporation
help link: http://get.live.com

Adobe Reader 9 9.0.0 ({AC76BA86-7AD7-1033-7B44-A90000000001})
version: 150994944
version (major): 9
estimated size: 208818
install date: 20080927
install location: C:\Program Files\Adobe\Reader 9.0\Reader\
install source: C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Local Settings\Application Data\Adobe\Reader 9.0\Setup Files\READER9\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
publisher: Adobe Systems Incorporated
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
readme: C:\Program Files\Adobe\Reader 9.0\Readme.htm

Windows Live Sign-in Assistant 4.200.520.1 ({AFA4E5FD-ED70-4D92-99D0-162FD56DC986})
version: 80216584
version (major): 4
version (minor): 200
estimated size: 1333
install date: 20081020
install source: C:\Program Files\Common Files\WindowsLiveInstaller\MsiSources\
uninstall cmd: MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
publisher: Microsoft Corporation

Spybot - Search & Destroy 1.6.0 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1)
install date: 20081018
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
help link: http://www.safer-networking.org/index.php?page=support

({BB8B979E-E336-47E7-96BC-1031C1B94561})

MSXML 4.0 SP2 (KB936181) 4.20.9848.0 ({C04E32E0-0416-434D-AFB9-6969D703A9EF})
version: 68429432
version (major): 4
version (minor): 20
estimated size: 2680
install date: 20080929
install source: c:\bdd2c08aeba30c56013a4a10345f\
uninstall cmd: MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/936181

Windows Live Toolbar 03.01.0146 ({D5A145FC-D00C-4F1A-9119-EB4D9D659750})
version: 50397330
version (major): 3
version (minor): 1
estimated size: 9486
install date: 20081020
install source: C:\Program Files\Common Files\WindowsLiveInstaller\MsiSources\
uninstall cmd: MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
publisher: Microsoft Corporation

Ad-Aware 7.1.0.7 ({DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF})
version: 117506048
version (major): 7
version (minor): 1
estimated size: 23149
install date: 20081006
install location: C:\Program Files\Lavasoft\Ad-Aware\
install source: C:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
publisher: Lavasoft
help link: http://www.lavasoftsupport.com

Choice Guard 1.1.69.0 ({EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB})
version: 16842821
version (major): 1
version (minor): 1
estimated size: 186
install date: 20080930
install source: C:\Program Files\Common Files\Windows Live\.cache\793204d01c92291\
uninstall cmd: MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}
publisher: Microsoft Corporation

Smart Menus (Windows Live Toolbar) 03.01.0146 ({F084395C-40FB-4DB3-981C-B51E74E1E83D})
version: 50397330
version (major): 3
version (minor): 1
estimated size: 679
install date: 20081020
install source: C:\WINDOWS\SoftwareDistribution\Download\de396f547dbbd7fc9e3e8dfb5c0d10fe\img\
uninstall cmd: MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
publisher: Microsoft Corporation

Microsoft SQL Server 2005 Compact Edition [ENU] 3.1.0000 ({F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8})
version: 50397184
version (major): 3
version (minor): 1
estimated size: 1783
install date: 20080927
install location: C:\Program Files\Microsoft SQL Server Compact Edition\
install source: C:\WINDOWS\SoftwareDistribution\Download\c7521dc9f7251d48337eb3bfee9e2b2a\img\
uninstall cmd: MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/sql/everywhere

Vodafone Mobile Connect 9.3.0.9237 ({F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF})
version: 151191552
version (major): 9
version (minor): 3
estimated size: 73665
install date: 20080927
install location: C:\Program Files\Vodafone\Vodafone Mobile Connect\
install source: E:\
uninstall cmd: MsiExec.exe /I{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}
publisher: Vodafone



--- System Services ---
Service (registry key): .NET CLR Data
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for Oracle
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for SqlServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): aawservice
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Lavasoft Ad-Aware Service
Description: Ad-Aware service
Object name: LocalSystem
Image path: "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
Image size: 611664
Image MD5: 17067069B9A7865028C1F2E6971D0CCC
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 0
Depends On services: RpcSS

Service (registry key): Abiosdsk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft ACPI Driver
Image path: system32\DRIVERS\ACPI.sys
Image size: 187776
Image MD5: 8FD99680A539792A30E97944FDAECF17
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): aec
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 142592
Image MD5: 8BED39E3C35D6A489438B8141717A557
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AFD
Description: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): Aha154x
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78u2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Alerter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): ALG
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 44544
Image MD5: 8C515081584A38AA007909CD02020B3D
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): AliIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): amsint
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): AntiVirScheduler
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avira AntiVir Personal - Free Antivirus Scheduler
Description: Service to schedule Avira AntiVir Personal - Free Antivirus jobs and updates.
Object name: LocalSystem
Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
Image size: 68865
Image MD5: 9773E0650E0BAB7AE161D2A0ECC7678A
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1

Service (registry key): AntiVirService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avira AntiVir Personal - Free Antivirus Guard
Description: Offers permanent protection against viruses and malware with the AntiVir search engine.
Object name: LocalSystem
Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
Image size: 149761
Image MD5: 6BB24E08C602E1E023FC15E25CD32490
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1

Service (registry key): AppMgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): asc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3350p
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3550
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ASP.NET
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ASP.NET_2.0.50727
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): aspnet_state
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Image size: 29896
Image MD5: D33C507942299753868204CC7642FA27
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: system32\DRIVERS\asyncmac.sys
Image size: 14336
Image MD5: B153AFFAC761E7F5FCFA822B9C4E97BC
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: system32\DRIVERS\atapi.sys
Image size: 96512
Image MD5: 9F3A2F5AA6875C72BF062C712CFA2674
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): Atdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): ati2mtag
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\ati2mtag.sys
Image size: 701440
Image MD5: 8759322FFC1A50569C1E5528EE8026B7
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): Atmarpc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: system32\DRIVERS\atmarpc.sys
Image size: 59904
Image MD5: 9916C1225104BA14794209CFA8012159
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): AudioSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): audstub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Audio Stub Driver
Image path: system32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): avgio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avgio
Image path: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
Image size: 11840
Image MD5: 53D688E5F619EDD01232B649A0C06008
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: FltMgr

Service (registry key): avgntflt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avgntflt
Description: Avira AntiVir Personal - Free Antivirus mini-filter used for on-access scan to provide real-time antivirus security.
Image path: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
Image size: 52032
Image MD5: 509BB9F79F7986CB0D4D7A7BEF35C6D5
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): avipbb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avipbb
Description: Avira's Driver for RootKit Detection
Image path: system32\DRIVERS\avipbb.sys
Image size: 75072
Image MD5: C132C2F16A99C0EAD91C600BB81A31F0
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): BattC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Beep
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): BITS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Background Intelligent Transfer Service
Description: Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Rpcss

Service (registry key): bmwebcfg
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bytemobile Web Configurator
Description: Configures web browsers for optimal performances.
Object name: LocalSystem
Image path: "C:\WINDOWS\system32\bmwebcfg.exe"
Image size: 118784
Image MD5: 0A1D0A6F6D8064597D25FE300EAA356D
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): Bonjour Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bonjour Service
Description: Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network. Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour, any network service that explicitly depends on it will fail to start.
Object name: LocalSystem
Image path: "C:\Program Files\Bonjour\mDNSResponder.exe"
Image size: 238888
Image MD5: 9EFE4236F8670846B6E7C5B0EFF6E715
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: Tcpip

Service (registry key): Browser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): cbidf2k
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): CCDECODE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Closed Caption Decoder
Image path: system32\DRIVERS\CCDECODE.sys
Image size: 17024
Image MD5: 0BE5AEF125BE881C4F854C554F2B025C
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): cd20xrnt
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Cdaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): Cdrom
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD-ROM Driver
Image path: system32\DRIVERS\cdrom.sys
Image size: 62976
Image MD5: 1F4260CC5B42272D71F79E570A27A4FE
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): Changer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): CiSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Object name: LocalSystem
Image path: %SystemRoot%\system32\cisvc.exe
Image size: 5632
Image MD5: 1CFE720EB8D93A7158A4EBC3AB178BDE
Control Set: CurrentControlSet
Start: 3
Type: 288
Error Control: 1
Depends On services: RPCSS

Service (registry key): ClipSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 33280
Image MD5: 34CBE729F38138217F9C80212A2A0C82
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Depends On services: NetDDE

Service (registry key): clr_optimization_v2.0.50727_32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: .NET Runtime Optimization Service v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Image size: 66240
Image MD5: 3C4D595E7F9B747325AEF28B4ADCAAE5
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0

Service (registry key): CmdIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): COMSysApp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 5120
Image MD5: 0A9BA6AF531AFE7FA5E4FB973852D863
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss

Service (registry key): ContentFilter
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ContentIndex
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Cpqarray
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): CryptSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): dac2w2k
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): dac960nt
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): DcomLaunch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost -k DcomLaunch
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): Dhcp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd,NetBT

Service (registry key): Disk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Disk Driver
Image path: system32\DRIVERS\disk.sys
Image size: 36352
Image MD5: 044452051F3E02E7963599FC8F4F3E25
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): dmadmin
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Object name: LocalSystem
Image path: %SystemRoot%\System32\dmadmin.exe /com
Image size: 224768
Image MD5: E46050330BD42F33609117F861E32D3C
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay,DmServer

Service (registry key): dmboot
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\drivers\dmboot.sys
Image size: 799744
Image MD5: D992FE1274BDE0F84AD826ACAE022A41
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logical Disk Manager Driver
Image path: system32\DRIVERS\dmio.sys
Image size: 153344
Image MD5: 7C824CF7BBDE77D95C08005717A95F6F
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): dmload
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): dmserver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay

Service (registry key): DMusic
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel DLS Syntheiszer
Image path: system32\drivers\DMusic.sys
Image size: 52864
Image MD5: 8A208DFCF89792A484E76C40E5F50B45
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): DNE
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Dnscache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip

Service (registry key): Dot3svc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Wired AutoConfig
Description: This service performs IEEE 802.1X authentication on Ethernet interfaces
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k dot3svc
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Ndisuio,eaphost

Service (registry key): dpti2o
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): drmkaud
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel DRM Audio Descrambler
Image path: system32\drivers\drmkaud.sys
Image size: 2944
Image MD5: 8F5FCFF8E8848AFAC920905FBD9D33C8
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): EapHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Extensible Authentication Protocol Service
Description: Provides windows clients Extensible Authentication Protocol Service
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k eapsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): ERSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): Eventlog
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108544
Image MD5: 0E776ED5F7CC9F94299E70461B7B8185
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): EventSystem
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): Fastfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1

Service (registry key): FastUserSwitchingCompatibility
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: TermService

Service (registry key): Fdc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Floppy Disk Controller Driver
Image path: system32\DRIVERS\fdc.sys
Image size: 27392
Image MD5: 92CDD60B6730B9F50F6A1A0C1F8CDC81
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Fips
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): Flpydisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): FltMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FltMgr
Description: File System Filter Manager Driver
Image path: system32\drivers\fltmgr.sys
Image size: 129792
Image MD5: B2CF4B0786F8212CB92ED2B50C6DB6B0
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1

Service (registry key): fssfltr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FssFltr
Image path: system32\DRIVERS\fssfltr.sys
Image size: 43816
Image MD5: FB7F5239C9F6A1C13052869F5A0F7C80
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Depends On services: tcpip

Service (registry key): fsssvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Live OneCare Family Safety
Description: This service enables Family Safety on the computer. If this service is not running, Family Safety will not work.
Object name: NT AUTHORITY\NetworkService
Image path: "C:\Program Files\Windows Live\Family Safety\fsssvc.exe"
Image size: 523816
Image MD5: 04034887E76799D0A4BAAA50344B3DE7
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: rpcss,fssfltr

Service (registry key): Fs_Rec
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 8
Error Control: 0

Service (registry key): Ftdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Volume Manager Driver
Image path: system32\DRIVERS\ftdisk.sys
Image size: 125056
Image MD5: 6AC26732762483366C3969C9E4D2259D
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): gameenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Game Port Enumerator
Image path: system32\DRIVERS\gameenum.sys
Image size: 10624
Image MD5: 065639773D8B03F33577F6CDAEA21063
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): Gpc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Generic Packet Classifier
Description: Generic Packet Classifier
Image path: system32\DRIVERS\msgpc.sys
Image size: 35072
Image MD5: 0A02C63C8B144BD8C86B103DEE7C86A2
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): helpsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): HidServ
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Human Interface Device Access
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): hkmsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Health Key and Certificate Management Service
Description: Manages health certificates and keys (used by NAP)
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): hpn
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): HTTP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HTTP
Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.
Image path: System32\Drivers\HTTP.sys
Image size: 264832
Image MD5: F6AACF5BCE2893E0C1754AFEB672E5C9
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): HTTPFilter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HTTP SSL
Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k HTTPFilter
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP

Service (registry key): hwdatacard
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Huawei DataCard USB Modem and USB Serial
Image path: system32\DRIVERS\ewusbmdm.sys
Image size: 101120
Image MD5: 2310CA92D37D97C9231ADF1796B47B9D
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): i2omgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): i2omp
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): i8042prt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: system32\DRIVERS\i8042prt.sys
Image size: 52480
Image MD5: 4A0B06AA8943C1E332520F7440C0AA30
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): IJPLMSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PIXMA Extended Survey Program
Description: Collects log data from the IJ printer and manages data transmission.
Object name: LocalSystem
Image path: C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
Image size: 101528
Image MD5: 51516252DBBFED36F70B341DBA263167
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): Imapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD-Burning Filter Driver
Image path: system32\DRIVERS\imapi.sys
Image size: 42112
Image MD5: 083A052659F5310DD8B6A6CB05EDCF8E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): ImapiService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\imapi.exe
Image size: 150528
Image MD5: 30DEAF54A9755BB8546168CFE8A6B5E1
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): inetaccs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ini910u
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Inport
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): IntelIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Ip6Fw
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPv6 Windows Firewall Driver
Description: Provides intrusion prevention service for a home or small office network.
Image path: system32\drivers\ip6fw.sys
Image size: 36608
Image MD5: 3BB22519A194418D5FEC05D800A19AD0
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): IpFilterDriver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Image path: system32\DRIVERS\ipfltdrv.sys
Image size: 32896
Image MD5: 731F22BA402EE4B62748ADAF6363C182
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IpInIp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Image path: system32\DRIVERS\ipinip.sys
Image size: 20864
Image MD5: B87AB476DCF76E72010632B5550955F5
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IpNat
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP Network Address Translator
Description: IP Network Address Translator
Image path: system32\DRIVERS\ipnat.sys
Image size: 152832
Image MD5: CC748EA12C6EFFDE940EE98098BF96BB
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IPSec
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPSEC driver
Description: IPSEC driver
Image path: system32\DRIVERS\ipsec.sys
Image size: 75264
Image MD5: 23C74D75E36E7158768DD63D92789A91
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): IRENUM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IR Enumerator Service
Image path: system32\DRIVERS\irenum.sys
Image size: 11264
Image MD5: C93C9FF7B04D772627A3646D89F7BF89
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ISAPISearch
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): isapnp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PnP ISA/EISA Bus Driver
Image path: system32\DRIVERS\isapnp.sys
Image size: 37248
Image MD5: 05A299EC56E52649B1CF2FC52D20F2D7
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): Kbdclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Keyboard Class Driver
Image path: system32\DRIVERS\kbdclass.sys
Image size: 24576
Image MD5: 463C1EC80CD17420A542B7F36A36F128
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): kmixer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel Wave Audio Mixer
Image path: system32\drivers\kmixer.sys
Image size: 172416
Image MD5: 692BCF44383D056AED41B045A323D378
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): KSecDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): lanmanserver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): lanmanworkstation
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): lbrtfdc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): ldap
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): LicenseService
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): LmHosts
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd

Service (registry key): LVcKap
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logitech AEC Driver
Image path: system32\DRIVERS\LVcKap.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): LVMVDrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logitech Machine Vision Engine Loader
Image path: system32\DRIVERS\LVMVDrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): LVUSBSta
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logitech USB Monitor Filter
Image path: system32\drivers\lvusbsta.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Macromedia Licensing Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Macromedia Licensing Service
Description: Provides authentication services for Macromedia applications.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"
Image size: 68096
Image MD5: 04D3A71875699098AF856EE5F9F72AC3
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): Messenger
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,NetBIOS,PlugPlay,RpcSS

Service (registry key): mnmdd
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): mnmsrvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\mnmsrvc.exe
Image size: 32768
Image MD5: D18F1F0C101D06A1C1ADF26EED16FCDD
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1

Service (registry key): Modem
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): Mouclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mouse Class Driver
Image path: system32\DRIVERS\mouclass.sys
Image size: 23040
Image MD5: 35C9E97194C8CFB8430125F8DBC34D04
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): MountMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mount Point Manager
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): mraid35x
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): MRxDAV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WebDav Client Redirector
Description: WebDav Client Redirector
Image path: system32\DRIVERS\mrxdav.sys
Image size: 180608
Image MD5: 11D42BB6206F33FBB3BA0288D3EF81BD
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): MRxSmb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MRXSMB
Description: MRXSMB
Image path: system32\DRIVERS\mrxsmb.sys
Image size: 456576
Image MD5: 68755F0FF16070178B54674FE5B847B0
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): MSDTC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: C:\WINDOWS\system32\msdtc.exe
Image size: 6144
Image MD5: A137F1470499A205ABBB9AAFB3B6F2B1
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): Msfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): MSIServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Installer
Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\msiexec.exe /V
Image size: 78848
Image MD5: 5879D691E842574A20FE63817CB76DF9
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): MSKSSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 7552
Image MD5: D1575E71568F4D9E14CA56B7B0453BF1
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPCLOCK
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 5376
Image MD5: 325BB26842FC7CCC1FCCE2C457317F3E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPQM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 4992
Image MD5: BAD59648BA099DA4A17680B39730CB3D
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): mssmbios
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft System Management BIOS Driver
Image path: system32\DRIVERS\mssmbios.sys
Image size: 15488
Image MD5: AF5F4F3F14A8EA2C26DE30F7A1E17136
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSTEE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Tee/Sink-to-Sink Converter
Image path: system32\drivers\MSTEE.sys
Image size: 5504
Image MD5: E53736A9E30C45FA9E7B5EAC55056D1D
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ms_mpu401
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft MPU-401 MIDI UART Driver
Image path: system32\drivers\msmpu401.sys
Image size: 2944
Image MD5: CA3E22598F411199ADC2DFEE76CD0AE0
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Mup
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mup
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1

Service (registry key): NABTSFEC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NABTS/FEC VBI Codec
Image path: system32\DRIVERS\NABTSFEC.sys
Image size: 85248
Image MD5: 5B50F1B2A2ED47D560577B221DA734DB
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): napagent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network Access Protection Agent
Description: Allows windows clients to participate in Network Access Protection
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): NBService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NBService
Description: Nero BackItUp Service is responsible to control all jobs created using Nero BackItUp. These jobs can create backups of selected files/folders/partitions or complete hard disk to hard disk, network drive, disc or FTP.
Object name: LocalSystem
Image path: C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
Image size: 800040
Image MD5: B498A14133BD09AD0817590ACE4470AD
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): NDIS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS System Driver
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): NdisIP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft TV/Video Connection
Image path: system32\DRIVERS\NdisIP.sys
Image size: 10880
Image MD5: 7FF1F1FD8609C149AA432F95A8163D97
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisTapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Image path: system32\DRIVERS\ndistapi.sys
Image size: 10112
Image MD5: 1AB3D00C991AB086E69DB84B6C0ED78F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Ndisuio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Image path: system32\DRIVERS\ndisuio.sys
Image size: 14592
Image MD5: F927A4434C5028758A842943EF1A3849
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisWan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access NDIS WAN Driver
Description: Remote Access NDIS WAN Driver
Image path: system32\DRIVERS\ndiswan.sys
Image size: 91520
Image MD5: EDC1531A49C80614B2CFDA43CA8659AB
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDProxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NetBIOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: system32\DRIVERS\netbios.sys
Image size: 34688
Image MD5: 5D81CF9A2F1A3A756B66CF684911CDF0
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): NetBT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NetBios over Tcpip
Description: NetBios over Tcpip
Image path: system32\DRIVERS\netbt.sys
Image size: 162816
Image MD5: 74B2B2F5BEA5E9A3DC021D685551BD3D
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): NetDDE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: B857BA82860D7FF85AE29B095645563B
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: NetDDEDSDM

Service (registry key): NetDDEdsdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: B857BA82860D7FF85AE29B095645563B
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1

Service (registry key): Netlogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: BF2466B3E18E970D8A976FB95FC1CA85
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): Netman
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): Nla
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd

Service (registry key): NMIndexingService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NMIndexingService
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
Image size: 279848
Image MD5: A328A46D87BB92CE4D8A4528E9D84787
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): Npfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): Ntfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1

Service (registry key): NtLmSsp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: BF2466B3E18E970D8A976FB95FC1CA85
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): NtmsSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Removable Storage
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Null
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): NWCWorkstation
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Client Service for NetWare
Description: Provides access to file and print resources on NetWare networks.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): NwlnkFlt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPX Traffic Filter Driver
Description: IPX Traffic Filter Driver
Image path: system32\DRIVERS\nwlnkflt.sys
Image size: 12416
Image MD5: B305F3FAD35083837EF46A0BBCE2FC57
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: NwlnkFwd

Service (registry key): NwlnkFwd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPX Traffic Forwarder Driver
Description: IPX Traffic Forwarder Driver
Image path: system32\DRIVERS\nwlnkfwd.sys
Image size: 32512
Image MD5: C99B3415198D1AAB7227F2C88FD664B9
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NwlnkIpx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
Description: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
Image path: system32\DRIVERS\nwlnkipx.sys
Image size: 88320
Image MD5: 8B8B1BE2DBA4025DA6786C645F77F123
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): NwlnkNb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NWLink NetBIOS
Description: NWLink NetBIOS
Image path: system32\DRIVERS\nwlnknb.sys
Image size: 63232
Image MD5: 56D34A67C05E94E16377C60609741FF8
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): NwlnkSpx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NWLink SPX/SPXII Protocol
Description: NWLink SPX/SPXII Protocol
Image path: system32\DRIVERS\nwlnkspx.sys
Image size: 55936
Image MD5: C0BB7D1615E1ACBDC99757F6CEAF8CF0
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): NWRDR
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NetWare Rdr
Description: NetWare Rdr
Image path: system32\DRIVERS\nwrdr.sys
Image size: 163584
Image MD5: 36B9B950E3D2E100970A48D8BAD86740
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): Parport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Parallel port driver
Image path: system32\DRIVERS\parport.sys
Image size: 80128
Image MD5: 5575FAF8F97CE5E713D108C2A58D7C7C
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): PartMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Partition Manager
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): ParVdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"

Service (registry key): PCI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PCI Bus Driver
Image path: system32\DRIVERS\pci.sys
Image size: 68224
Image MD5: A219903CCF74233761D92BEF471A07B1
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): PCIDump
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): PCIIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\pciide.sys
Image size: 3328
Image MD5: CCF5F451BB1A5A2A522A76E670000FF0
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): Pcmcia
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): PDCOMP
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDFRAME
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDRELI
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDRFRAME
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): perc2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): perc2hib
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): PerfDisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfNet
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfProc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PID_0928
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logitech QuickCam Express(PID_0928)
Image path: system32\DRIVERS\LV561AV.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): PlugPlay
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108544
Image MD5: 0E776ED5F7CC9F94299E70461B7B8185
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): PolicyAgent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: BF2466B3E18E970D8A976FB95FC1CA85
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,Tcpip,IPSec

Service (registry key): PptpMiniport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Image path: system32\DRIVERS\raspptp.sys
Image size: 48384
Image MD5: EFEEC01B1D3CF84F16DDD24D9D9D8F99
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Processor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Processor Driver
Image path: system32\DRIVERS\processr.sys
Image size: 35840
Image MD5: A32BEBAF723557681BFC6BD93E98BD26
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): ProtectedStorage
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: BF2466B3E18E970D8A976FB95FC1CA85
Control Set: CurrentControlSet
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): PSched
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Image path: system32\DRIVERS\psched.sys
Image size: 69120
Image MD5: 09298EC810B07E5D582CB3A3F9255424
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Gpc

Service (registry key): Ptilink
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Direct Parallel Link Driver
Description: Direct Parallel Link Driver
Image path: system32\DRIVERS\ptilink.sys
Image size: 17792
Image MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ql1080
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Ql10wnt
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql12160
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql1240
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql1280
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): RasAcd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: system32\DRIVERS\rasacd.sys
Image size: 8832
Image MD5: FE0D99D6F31E4FAD8159F690D68DED9C
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): RasAuto
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,Tapisrv

Service (registry key): Rasl2tp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Image path: system32\DRIVERS\rasl2tp.sys
Image size: 51328
Image MD5: 11B4A627BC9614B885C4969BFA5FF8A6
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasMan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Connection Manager
Description: Creates a network connection.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv

Service (registry key): RasPppoe
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access PPPOE Driver
Description: Remote Access PPPOE Driver
Image path: system32\DRIVERS\raspppoe.sys
Image size: 41472
Image MD5: 5BC962F2654137C9909C3D4603587DEE
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Raspti
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Direct Parallel
Description: Direct Parallel
Image path: system32\DRIVERS\raspti.sys
Image size: 16512
Image MD5: FDBB1D60066FCFBB7452FD8F9829B242
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Rdbss
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Rdbss
Description: Rdbss
Image path: system32\DRIVERS\rdbss.sys
Image size: 175744
Image MD5: 7AD224AD1A1437FE28D89CF22B17780A
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): RDPCDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 4224
Image MD5: 4912D5B403614CE99C28420F75353332
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): rdpdr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Server Device Redirector Driver
Image path: system32\DRIVERS\rdpdr.sys
Image size: 196224
Image MD5: 15CABD0F7C00C47C70124907916AF3F1
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RDPNP
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): RDPWD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): RDSessMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\sessmgr.exe
Image size: 141312
Image MD5: 3C37BF86641BDA977C3BF8A840F3B7FA
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): redbook
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Digital CD Audio Playback Filter Driver
Image path: system32\DRIVERS\redbook.sys
Image size: 57600
Image MD5: F828DD7E1419B6653894A8F97A0094C5
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): RemoteAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS
Depends On group: NetBIOSGroup

Service (registry key): RemoteRegistry
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Registry
Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): RpcLocator
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\locator.exe
Image size: 75264
Image MD5: AAED593F84AFA419BBAE8572AF87CF6A
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): RpcSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost -k rpcss
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): RSVP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Object name: LocalSystem
Image path: %SystemRoot%\system32\rsvp.exe
Image size: 132608
Image MD5: 471B3F9741D762ABE75E9DEEA4787E47
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: TcpIp,Afd,RpcSs

Service (registry key): SamSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Accounts Manager
Description: Stores security information for local user accounts.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: BF2466B3E18E970D8A976FB95FC1CA85
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): SCardSvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\SCardSvr.exe
Image size: 95744
Image MD5: 86D007E7A654B9A71D1D7D856B104353
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 0
Depends On services: PlugPlay

Service (registry key): Schedule
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): ScsiPort
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: %SystemRoot%\system32\drivers\scsiport.sys
Image size: 96384
Image MD5: 76C465F570E90C28942D52CCB2580A10
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Secdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Secdrv
Description: SafeDisc driver
Image path: system32\DRIVERS\secdrv.sys
Image size: 20480
Image MD5: 90A3935D05B494A5A39D37E71F09A677
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): seclogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 288
Error Control: 0

Service (registry key): SENS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem

Service (registry key): serenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serenum Filter Driver
Image path: system32\DRIVERS\serenum.sys
Image size: 15744
Image MD5: 0F29512CCD6BEAD730039FB4BD2C85CE
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Serial
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serial port driver
Image path: system32\DRIVERS\serial.sys
Image size: 64512
Image MD5: CCA207A8896D4C6A0C9CE29A4AE411A7
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): Sfloppy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Depends On group: "SCSI miniport"

Service (registry key): SharedAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Firewall/Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Netman,WinMgmt

Service (registry key): ShellHWDetection
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Shell Hardware Detection
Description: Provides notifications for AutoPlay hardware events.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): Simbad
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): SiS7018
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service for AC'97 Sample Driver (WDM)
Image path: system32\drivers\ac97sis.sys
Image size: 297728
Image MD5: D3BA744433F14E5C77107D9D82297801
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): sisagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SIS AGP Bus Filter
Image path: system32\DRIVERS\sisagp.sys
Image size: 40960
Image MD5: 6B33D0EBD30DB32E27D1D78FE946A754
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): SISNIC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SiS PCI Fast Ethernet Adapter Driver
Image path: system32\DRIVERS\sisnic.sys
Image size: 32768
Image MD5: 3FBB6EF8B5A71A2FA11F5F461BB73219
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SLIP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: BDA Slip De-Framer
Image path: system32\DRIVERS\SLIP.sys
Image size: 11136
Image MD5: 866D538EBE33709A5C9F5C62B73B7D14
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Sparrow
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): splitter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel Audio Splitter
Image path: system32\drivers\splitter.sys
Image size: 6272
Image MD5: AB8B92451ECB048A4D1DE7C3FFCB4A9F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Spooler
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Print Spooler
Description: Loads files to memory for later printing.
Object name: LocalSystem
Image path: %SystemRoot%\system32\spoolsv.exe
Image size: 57856
Image MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS

Service (registry key): sr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: System Restore Filter Driver
Image path: \SystemRoot\system32\DRIVERS\sr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1

Service (registry key): srescan
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\ZoneLabs\srescan.sys
Image size: 51648
Image MD5: 44F8645BCFFBD1FBDA6C3766F6EC61E2
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 0

Service (registry key): srservice
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: System Restore Service
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Srv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Srv
Description: Srv
Image path: system32\DRIVERS\srv.sys
Image size: 333824
Image MD5: 4F8A43ADEF66F135564085A9DCA96A26
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): SSDPSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SSDP Discovery Service
Description: Enables discovery of UPnP devices on your home network.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP

Service (registry key): ssmdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ssmdrv
Description: Avira Snapshot Driver
Image path: system32\DRIVERS\ssmdrv.sys
Image size: 28352
Image MD5: 3D2829FDE1C52FC64DA5413889CE4DEE
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): stisvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k imgsvc
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): streamip
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: BDA IPSink
Image path: system32\DRIVERS\StreamIP.sys
Image size: 15232
Image MD5: 77813007BA6265C4B6098187E6ED79D2
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): swenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Software Bus Driver
Image path: system32\DRIVERS\swenum.sys
Image size: 4352
Image MD5: 3941D127AEF12E93ADDF6FE6EE027E0F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): swmidi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel GS Wavetable Synthesizer
Image path: system32\drivers\swmidi.sys
Image size: 56576
Image MD5: 8CE882BCC6CF8A62F2B2323D95CB3D01
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SwPrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{AFB79A49-CB3C-4FD6-957B-688064A59861}
Image size: 5120
Image MD5: 0A9BA6AF531AFE7FA5E4FB973852D863
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: rpcss

Service (registry key): swwd
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): symc810
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): symc8xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): sym_hi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): sym_u3
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): sysaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel System Audio Device
Image path: system32\drivers\sysaudio.sys
Image size: 60800
Image MD5: 8B83F3ED0F1688B4958F77CD6D2BF290
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SysmonLog
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Performance Logs and Alerts
Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\smlogsvc.exe
Image size: 89600
Image MD5: C7ABBC59B43274B1109DF6B24D617051
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): TapiSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): Tcpip
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Image path: system32\DRIVERS\tcpip.sys
Image size: 361600
Image MD5: 9AEFA14BD6B182D61E3119FA5F436D3D
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: IPSec

Service (registry key): Tcpip6
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): tcpipBM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bytemobile Kernel Network Provider
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): TDPIPE
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): TDSSserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): TDTCP
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): TermDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Device Driver
Image path: system32\DRIVERS\termdd.sys
Image size: 40840
Image MD5: 88155247177638048422893737429D9E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): TermService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost -k DComLaunch
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): Themes
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Themes
Description: Provides user experience theme management.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): TlntSvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Telnet
Description: Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\tlntsvr.exe
Image size: 73216
Image MD5: DB7205804759FF62C34E3EFD8A4CC76A
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Depends On services: RPCSS,TCPIP,NTLMSSP

Service (registry key): TosIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): TrkWks
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): TSDDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Udfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1

Service (registry key): ultra
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): UMWdf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows User Mode Driver Framework
Description: Enables Windows user mode drivers.
Object name: NT AUTHORITY\LocalService
Image path: C:\WINDOWS\system32\wdfmgr.exe
Image size: 38912
Image MD5: C81B8635DEE0D3EF5F64B3DD643023A5
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs

Service (registry key): Update
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microcode Update Driver
Image path: system32\DRIVERS\update.sys
Image size: 384768
Image MD5: 402DDC88356B1BAC0EE3DD1580C76A31
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): upnphost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Universal Plug and Play Device Host
Description: Provides support to host Universal Plug and Play devices.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: SSDPSRV,HTTP

Service (registry key): UPS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\ups.exe
Image size: 18432
Image MD5: 05365FB38FCA1E98F7A566AAAF5D1815
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): usbccgp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Generic Parent Driver
Image path: system32\DRIVERS\usbccgp.sys
Image size: 32128
Image MD5: 173F317CE0DB8E21322E71B7E60A27E8
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbhub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Standard Hub Driver
Image path: system32\DRIVERS\usbhub.sys
Image size: 59520
Image MD5: 1AB3CDDE553B6E064D2E754EFE20285C
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbohci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Open Host Controller Miniport Driver
Image path: system32\DRIVERS\usbohci.sys
Image size: 17152
Image MD5: 0DAECCE65366EA32B162F85F07C6753B
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbprint
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB PRINTER Class
Image path: system32\DRIVERS\usbprint.sys
Image size: 25856
Image MD5: A717C8721046828520C9EDF31288FC00
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbscan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Scanner Driver
Image path: system32\DRIVERS\usbscan.sys
Image size: 15104
Image MD5: A0B8CF9DEB1184FBDD20784A58FA75D4
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Mass Storage Driver
Image path: system32\DRIVERS\USBSTOR.SYS
Image size: 26368
Image MD5: A32426D9B14A089EAA1D922E0C5801A9
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usnjsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Messenger Sharing Folders USN Journal Reader service
Description: Service installed by Messenger to enable sharing scenarios
Object name: LocalSystem
Image path: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
Image size: 98328
Image MD5: 9D19B042A4FD5C02195071EA2FE0C821
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss,eventlog

Service (registry key): VgaSave
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VGA Display Controller.
Description: Controls the VGA display adapter to provide basic display capabilities.
Image path: \SystemRoot\System32\drivers\vga.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): ViaIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): VMCService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Vodafone Mobile Connect Service
Description: Detects mobile devices and manages applications that might otherwise conflict with Vodafone Mobile Connect (VMC). If this service is stopped, the VMC software will not work properly, as it will not be able to identify devices or manage conflicting applications.
Object name: LocalSystem
Image path: "C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe"
Image size: 24576
Image MD5: B3BFBB9C45BDAF3ECB4D1456F9017F95
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0

Service (registry key): VolSnap
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): vsdatant
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: vsdatant
Image path: System32\vsdatant.sys
Image size: 353680
Image MD5: 129744A30F0CF34D2F97629A9F3145E9
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: TCPIP

Service (registry key): vsmon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TrueVector Internet Monitor
Description: Monitors internet traffic and generates alerts for disallowed access.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
Image size: 2405776
Image MD5: 6E86D03D8A81CF53E17FE57AAD108659
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: Afd,RpcSs,CryptSvc,vsdatant

Service (registry key): VSS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\vssvc.exe
Image size: 289792
Image MD5: 7A9DB3A67C333BF0BD42E42B8596854B
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): W32Time
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): W3SVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Wanarp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Image path: system32\DRIVERS\wanarp.sys
Image size: 34560
Image MD5: E20B95BAEDB550F32DD489265C1DA1F6
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): WDICA
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): wdmaud
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft WINMM WDM Audio Compatibility Driver
Image path: system32\drivers\wdmaud.sys
Image size: 83072
Image MD5: 6768ACF64B18196494413695F0C3A00F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): WebClient
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: MRxDAV

Service (registry key): winmgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS

Service (registry key): Winsock
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 4
Error Control: 1

Service (registry key): WinSock2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): WinTrust
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): WLSetupSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Live Setup Service
Description: Windows Live Setup Service
Object name: LocalSystem
Image path: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
Image size: 266240
Image MD5: 94A85E956A065E23E0010A6A7826243B
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): WmdmPmSN
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): Wmi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Management Instrumentation Driver Extensions
Description: Provides systems management information to and from drivers.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): WmiApRpl
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): WmiApSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\wbem\wmiapsrv.exe
Image size: 126464
Image MD5: E0673F1106E62A68D2257E376079F821
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): WS2IFSL
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Socket 2.0 Non-IFS Service Provider Support Environment
Image path: \SystemRoot\System32\drivers\ws2ifsl.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): wscsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Center
Description: Monitors system security settings and configurations.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,winmgmt

Service (registry key): WSTCODEC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: World Standard Teletext Codec
Image path: system32\DRIVERS\WSTCODEC.SYS
Image size: 19200
Image MD5: C98B39829C2BBD34E454150633C62C78
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): wuauserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Automatic Updates
Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): WZCSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Wireless Zero Configuration
Description: Provides automatic configuration for the 802.11 adapters
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio

Service (registry key): xmlprov
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network Provisioning Service
Description: Manages XML configuration files on a domain basis for automatic network provisioning.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): {8A4BA27C-6259-4F89-BEE5-66F77E8404A5}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {E5823889-3A56-4CD9-B923-89AE62CD48DF}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

#4 stjohn

stjohn
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport
  • Local time:01:09 PM

Posted 22 October 2008 - 02:39 PM

Malwarebytes

Malwarebytes' Anti-Malware 1.29
Database version: 1301
Windows 5.1.2600 Service Pack 3

10/21/2008 6:31:37 PM
mbam-log-2008-10-21 (18-31-37).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 119477
Time elapsed: 2 hour(s), 18 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 stjohn

stjohn
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport
  • Local time:01:09 PM

Posted 22 October 2008 - 02:43 PM

And finally....Avira...phew!

Malwarebytes' Anti-Malware 1.29
Database version: 1301
Windows 5.1.2600 Service Pack 3

10/21/2008 6:31:37 PM
mbam-log-2008-10-21 (18-31-37).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 119477
Time elapsed: 2 hour(s), 18 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:09 AM

Posted 22 October 2008 - 04:10 PM

Hello stjohn.
(Topic continued from here: http://www.bleepingcomputer.com/forums/ind...amp;pid=967326)

Download and Run OTViewIt
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check both the Scan All Users and Use Whitelist checkboxes. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized. A new Extra.txt will not be created if one exists already.
Copy and Paste the logs into your next reply.
Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.



With Regards,
The Panda

#7 stjohn

stjohn
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport
  • Local time:01:09 PM

Posted 22 October 2008 - 10:33 PM

Hello Panda,
Here is the OTViewIt log:
OTViewIt logfile created on: 10/22/2008 10:48:32 PM - Run 4
OTViewIt by OldTimer - Version 1.0.17.0 Folder = C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 139.66 Mb Available Physical Memory | 27.30% Memory free
1.22 Gb Paging File | 0.75 Gb Available in Paging File | 61.30% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.89 Gb Total Space | 4.52 Gb Free Space | 25.25% Space Free | Partition Type: NTFS
Drive D: | 26.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BADCARDZ-7E7BD3
Current User Name: Simon Lake
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/08/21 20:41:32 | 02,405,776 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[2008/10/06 22:53:27 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/06/12 14:46:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2008/08/07 09:17:00 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2007/04/03 12:49:44 | 00,118,784 | ---- | M] (Bytemobile, Inc.) -- C:\WINDOWS\system32\bmwebcfg.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/12/17 11:13:18 | 00,523,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe
[2007/04/13 07:49:00 | 00,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
[2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2008/03/13 19:08:58 | 00,024,576 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
[2008/03/13 19:09:10 | 02,060,288 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/06/12 14:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2008/06/12 10:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[2007/01/01 22:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
[2007/04/03 17:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
[2006/06/26 17:46:04 | 00,497,200 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
[2007/12/17 11:12:58 | 00,243,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fssui.exe
[2008/08/21 20:41:32 | 00,981,904 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[2005/07/15 22:48:33 | 00,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/10/05 22:38:19 | 00,036,864 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[2007/06/27 19:03:40 | 00,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2008/04/14 05:42:42 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
[2007/06/27 19:04:00 | 01,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
[2007/04/03 12:49:16 | 00,339,968 | ---- | M] (Bytemobile, Inc.) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe
[2008/03/13 19:08:50 | 00,208,896 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\ConAppM.exe
[2008/10/22 22:29:09 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/06 22:53:27 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/06/12 14:46:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/08/07 09:17:00 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/04/03 12:49:44 | 00,118,784 | ---- | M] (Bytemobile, Inc.) -- C:\WINDOWS\system32\bmwebcfg.exe -- (bmwebcfg [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/12/17 11:13:18 | 00,523,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [Auto | Running])
[2007/04/13 07:49:00 | 00,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC [Auto | Running])
[2008/09/28 21:50:34 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
[2007/06/29 19:16:56 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
[2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008/03/13 19:08:58 | 00,024,576 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService [Auto | Running])
[2008/08/21 20:41:32 | 02,405,776 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

========== Driver Services ==========

[2004/08/03 23:29:28 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/02/27 15:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008/05/20 16:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2008/06/27 15:03:55 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2007/10/17 13:53:16 | 00,043,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fssfltr.sys -- (fssfltr [Auto | Running])
[2008/04/14 00:15:30 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/03/07 21:46:38 | 00,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard [On_Demand | Running])
[2001/08/17 15:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
[2008/04/14 00:26:08 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
[2004/09/01 09:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb [Auto | Running])
[2004/09/01 09:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
[2008/04/14 00:04:14 | 00,163,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwrdr.sys -- (NWRDR [On_Demand | Running])
[2004/09/01 09:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/09/16 01:14:18 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2008/04/13 22:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001/08/17 13:20:16 | 00,297,728 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\system32\drivers\ac97sis.sys -- (SiS7018 [On_Demand | Running])
[2008/04/14 00:06:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Boot | Running])
[2004/08/03 23:31:36 | 00,032,768 | ---- | M] (SiS Corporation) -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC [On_Demand | Running])
[2008/04/21 07:19:58 | 00,051,648 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
[2007/03/01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2007/04/03 12:46:08 | 00,018,816 | ---- | M] (Bytemobile, Inc.) -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM [System | Running])
[2008/08/21 20:41:40 | 00,353,680 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])
[2004/09/01 09:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://search.live.com/sphome.aspx

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default"=
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Live Search
"SearchMigratedDefaultURL"=http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"AutoSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1214440339-1993962763-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default"=
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Live Search
"SearchMigratedDefaultURL"=http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_USERS\S-1-5-21-1214440339-1993962763-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Search]
"AutoSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_USERS\S-1-5-21-1214440339-1993962763-1343024091-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-1214440339-1993962763-1343024091-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1214440339-1993962763-1343024091-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1214440339-1993962763-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} (HKLM) -- C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}" (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

[HKEY_USERS\S-1-5-21-1214440339-1993962763-1343024091-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1214440339-1993962763-1343024091-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1214440339-1993962763-1343024091-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon (CANON INC.)
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon (CANON INC.)
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun (Microsoft Corporation)
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe /autostart (Google)
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" (Logitech Inc.)
"MobileConnect"=C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent (Vodafone)
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"WinampAgent"=E:\Winamp\winampa.exe File not found
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Check Point Software Technologies LTD)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\S-1-5-21-1214440339-1993962763-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) Startup Folders ==========

[2003/09/17 23:11:36 | 00,110,592 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2008/10/05 22:38:17 | 00,196,608 | ---- | M] (Logitech) -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1214440339-1993962763-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
Add to Windows &Live Favorites: File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: File not found

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1214440339-1993962763-1343024091-1003\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
Add to Windows &Live Favorites: File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Blog This -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Blog This in Windows Live Writer -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search && Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1214440339-1993962763-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
internet: about in Internet
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1214440339-1993962763-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
internet: about in Internet
45 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

========== (O17) DNS Name Servers ==========

{8A4BA27C-6259-4F89-BEE5-66F77E8404A5} (Servers: | Description: SiS 900 PCI Fast Ethernet Adapter)
{E5823889-3A56-4CD9-B923-89AE62CD48DF} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=nielvp.dll
>File not found --

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,nwprovau,
>[2008/04/14 05:42:04 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\nwprovau.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/09/16 05:28:12 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf [[autorun] | open=StartVMCLite.exe | icon=icon.ico | label=VMCLite V3.2.2.182 | action=Run VMCLite | ]
[2007/11/07 22:01:06 | 00,000,095 | R--- | M] () -- D:\autorun.inf -- [ CDFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15bbfc80-8c3a-11dd-84b0-0007951134ba}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15bbfc80-8c3a-11dd-84b0-0007951134ba}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15bbfc80-8c3a-11dd-84b0-0007951134ba}\Shell\AutoRun\command]
""=D:\setup.exe -- [2007/11/07 22:09:18 | 16,792,054 | R--- | M] ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b8b3277-8d6d-11dd-84c7-0007951134ba}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b8b3277-8d6d-11dd-84c7-0007951134ba}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b8b3277-8d6d-11dd-84c7-0007951134ba}\Shell\AutoRun\command]
""=D:\setup.exe -- [2007/11/07 22:09:18 | 16,792,054 | R--- | M] ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7667b310-8c46-11dd-84b5-0007951134ba}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7667b310-8c46-11dd-84b5-0007951134ba}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7667b310-8c46-11dd-84b5-0007951134ba}\Shell\AutoRun\command]
""=D:\setup.exe -- [2007/11/07 22:09:18 | 16,792,054 | R--- | M] ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a601ec52-972f-11dd-8544-0007951134ba}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a601ec52-972f-11dd-8544-0007951134ba}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a601ec52-972f-11dd-8544-0007951134ba}\Shell\AutoRun\command]
""=D:\StartVMCLite.exe -- [2007/11/07 22:04:28 | 00,204,800 | R--- | M] (Vodafone)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8d61b00-8c37-11dd-84ae-0007951134ba}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8d61b00-8c37-11dd-84ae-0007951134ba}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8d61b00-8c37-11dd-84ae-0007951134ba}\Shell\AutoRun\command]
""=D:\setup.exe -- [2007/11/07 22:09:18 | 16,792,054 | R--- | M] ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6892c21-83a7-11dd-9078-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6892c21-83a7-11dd-9078-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6892c21-83a7-11dd-9078-806d6172696f}\Shell\AutoRun\command]
""=D:\setup.exe -- [2007/11/07 22:09:18 | 16,792,054 | R--- | M] ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd6e6270-9b9d-11dd-8558-0007951134ba}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd6e6270-9b9d-11dd-8558-0007951134ba}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd6e6270-9b9d-11dd-8558-0007951134ba}\Shell\AutoRun\command]
""=D:\StartVMCLite.exe -- [2007/11/07 22:04:28 | 00,204,800 | R--- | M] (Vodafone)

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[2008/10/22 22:29:05 | 00,421,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\OTViewIt.exe
[2008/10/22 19:32:50 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\HijackThis.lnk
[2008/10/22 19:32:47 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/22 15:35:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Application Data\DivX
[2008/10/21 22:18:04 | 00,000,795 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\DivX Player.lnk
[2008/10/21 22:17:45 | 00,000,806 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\DivX Converter.lnk
[2008/10/21 22:16:48 | 00,001,500 | ---- | C] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\DivX Movies.lnk
[2008/10/21 22:16:48 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2008/10/21 22:13:35 | 20,698,272 | ---- | C] (DivX, Inc.) -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\DivXInstaller.exe
[2008/10/21 19:26:28 | 25,119,2600 | ---- | C] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\3149.flv
[2008/10/21 16:05:52 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/10/20 20:58:11 | 00,000,268 | -H-- | C] () -- C:\sqmdata19.sqm
[2008/10/20 20:58:11 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt19.sqm
[2008/10/20 20:50:01 | 00,000,000 | ---D | C] -- C:\Program Files\ZoneAlarmSB
[2008/10/20 20:47:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2008/10/20 20:47:38 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2008/10/20 20:47:35 | 00,348,371 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/10/20 20:29:20 | 00,000,244 | -H-- | C] () -- C:\sqmdata18.sqm
[2008/10/20 20:29:19 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt18.sqm
[2008/10/20 20:20:05 | 00,000,280 | -H-- | C] () -- C:\sqmdata17.sqm
[2008/10/20 20:20:05 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt17.sqm
[2008/10/20 20:12:00 | 00,000,268 | -H-- | C] () -- C:\sqmdata16.sqm
[2008/10/20 20:12:00 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt16.sqm
[2008/10/20 20:10:28 | 00,001,827 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Windows Live Mail.lnk
[2008/10/20 20:06:53 | 00,043,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fssfltr.sys
[2008/10/20 20:06:17 | 00,000,264 | ---- | C] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2008/10/20 20:05:05 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Favorites
[2008/10/20 10:37:06 | 00,000,280 | -H-- | C] () -- C:\sqmdata15.sqm
[2008/10/20 10:37:05 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt15.sqm
[2008/10/19 22:48:47 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt14.sqm
[2008/10/19 22:48:47 | 00,000,244 | -H-- | C] () -- C:\sqmdata14.sqm
[2008/10/19 22:38:44 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt13.sqm
[2008/10/19 22:38:44 | 00,000,244 | -H-- | C] () -- C:\sqmdata13.sqm
[2008/10/19 22:32:50 | 00,000,280 | -H-- | C] () -- C:\sqmdata12.sqm
[2008/10/19 22:32:49 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt12.sqm
[2008/10/18 23:34:15 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt11.sqm
[2008/10/18 23:34:15 | 00,000,232 | -H-- | C] () -- C:\sqmdata11.sqm
[2008/10/18 22:35:26 | 00,000,963 | ---- | C] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\Spybot - Search & Destroy.lnk
[2008/10/18 22:34:40 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/10/18 22:10:15 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2008/10/18 22:10:10 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/10/18 19:37:41 | 00,000,292 | -H-- | C] () -- C:\sqmdata10.sqm
[2008/10/18 19:37:41 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt10.sqm
[2008/10/17 22:36:55 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/17 16:24:41 | 00,000,280 | -H-- | C] () -- C:\sqmdata09.sqm
[2008/10/17 16:24:41 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt09.sqm
[2008/10/17 16:13:10 | 00,000,280 | -H-- | C] () -- C:\sqmdata08.sqm
[2008/10/17 16:13:10 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt08.sqm
[2008/10/16 22:02:03 | 00,000,268 | -H-- | C] () -- C:\sqmdata07.sqm
[2008/10/16 22:02:02 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt07.sqm
[2008/10/16 17:09:15 | 00,000,280 | -H-- | C] () -- C:\sqmdata06.sqm
[2008/10/16 17:09:14 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt06.sqm
[2008/10/15 23:43:38 | 00,000,280 | -H-- | C] () -- C:\sqmdata05.sqm
[2008/10/15 23:43:38 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt05.sqm
[2008/10/15 18:27:58 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/15 18:27:08 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/15 18:27:01 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 18:26:59 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 18:26:54 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/15 18:26:51 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/15 08:46:19 | 00,000,280 | -H-- | C] () -- C:\sqmdata04.sqm
[2008/10/15 08:46:19 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt04.sqm
[2008/10/15 02:31:28 | 00,000,292 | -H-- | C] () -- C:\sqmdata03.sqm
[2008/10/15 02:31:28 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt03.sqm
[2008/10/14 12:02:21 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\Stuff
[2008/10/13 19:04:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\My Documents\Corel User Files
[2008/10/13 18:59:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Application Data\Corel
[2008/10/12 17:20:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Local Settings\Application Data\Downloaded Installations
[2008/10/11 22:47:19 | 00,000,268 | -H-- | C] () -- C:\sqmdata02.sqm
[2008/10/11 22:47:19 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt02.sqm
[2008/10/11 19:29:55 | 00,000,292 | -H-- | C] () -- C:\sqmdata01.sqm
[2008/10/11 19:29:55 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt01.sqm
[2008/10/11 14:43:05 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/11 14:35:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Local Settings\Application Data\Ahead
[2008/10/11 14:29:41 | 00,002,361 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Nero StartSmart.lnk
[2008/10/11 14:27:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Application Data\Ahead
[2008/10/11 14:25:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead
[2008/10/11 14:16:12 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2008/10/11 14:16:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2008/10/11 14:16:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
[2008/10/11 14:09:32 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2008/10/11 14:09:27 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2008/10/10 20:51:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Application Data\Winamp
[2008/10/10 16:49:05 | 00,009,728 | ---- | C] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/10 13:51:35 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2008/10/06 22:51:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/10/05 22:38:37 | 00,001,885 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2008/10/05 22:38:13 | 00,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2008/10/05 20:45:00 | 00,000,106 | ---- | C] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\Windows Live Hotmail.URL
[2008/10/04 12:56:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Local Settings\Application Data\PCHealth
[2008/10/02 23:16:53 | 00,001,863 | ---- | C] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\Start Avira AntiVir Personal.lnk
[2008/10/02 22:35:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2008/10/02 21:04:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Application Data\Malwarebytes
[2008/10/02 21:03:45 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/02 21:03:45 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/02 21:03:44 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/02 21:03:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2008/10/02 21:03:41 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/02 15:05:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2008/10/02 14:11:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2008/10/01 23:01:58 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\Music
[2008/10/01 17:49:02 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2008/10/01 11:24:23 | 00,923,712 | -HS- | C] () -- C:\WINDOWS\System32\myvaqeox.ini
[2008/10/01 11:19:13 | 00,104,448 | ---- | C] () -- C:\WINDOWS\System32\qsnsgltt.dll
[2008/10/01 10:35:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Macromedia
[2008/10/01 10:31:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2008/10/01 07:16:46 | 00,000,609 | ---- | C] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\Windows Messenger.lnk
[2008/10/01 06:11:06 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2008/10/01 06:11:06 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2008/10/01 06:11:01 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2008/10/01 06:10:58 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2008/10/01 06:10:58 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2008/10/01 06:10:57 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2008/10/01 06:10:55 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2008/10/01 06:10:53 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2008/10/01 06:10:48 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/09/30 17:53:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Application Data\Canon
[2008/09/30 17:22:15 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\Tutorials
[2008/09/30 16:33:15 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\CCleaner.lnk
[2008/09/30 14:21:31 | 16,721,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/09/30 14:20:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2008/09/30 13:47:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\My Documents\Downloads
[2008/09/30 02:48:18 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/09/30 02:46:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2008/09/30 01:54:29 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Toolbar
[2008/09/30 01:23:27 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2008/09/30 01:23:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\microsoft
[2008/09/30 00:30:36 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2008/09/29 23:39:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Application Data\Apple Computer
[2008/09/29 23:37:49 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/09/29 23:36:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
[2008/09/29 23:17:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Local Settings\Application Data\Scansoft
[2008/09/29 22:41:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Application Data\LimeWire
[2008/09/29 21:35:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Application Data\uTorrent
[2008/09/29 20:54:48 | 00,000,779 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\QuarkXPress Passport 5.0.lnk
[2008/09/29 20:54:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Color
[2008/09/29 20:54:03 | 00,000,000 | ---D | C] -- C:\Program Files\Quark
[2008/09/29 20:49:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Local Settings\Application Data\Adobe
[2008/09/29 20:47:14 | 00,000,539 | ---- | C] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\Adobe InDesign CS.lnk
[2008/09/29 20:28:38 | 00,000,814 | ---- | C] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\Adobe Photoshop 7.0.lnk
[2008/09/29 20:28:22 | 00,002,487 | ---- | C] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\CorelDRAW 11.lnk
[2008/09/29 20:28:08 | 00,002,140 | ---- | C] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\Adobe Illustrator 10.lnk
[2008/09/29 20:17:28 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2008/09/29 20:12:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2008/09/29 19:44:37 | 00,000,000 | ---D | C] -- C:\Program Files\Corel
[2008/09/29 18:19:28 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\My Documents\My Videos
[2008/09/29 18:05:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Logitech
[2008/09/29 14:32:23 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSTEE.sys
[2008/09/29 14:32:23 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2008/09/29 14:32:12 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\NdisIP.sys
[2008/09/29 14:32:12 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2008/09/29 14:32:09 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\StreamIP.sys
[2008/09/29 14:32:09 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2008/09/29 14:32:08 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2008/09/29 14:32:08 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2008/09/29 14:32:04 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\SLIP.sys
[2008/09/29 14:32:04 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2008/09/29 14:31:56 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WSTCODEC.SYS
[2008/09/29 14:31:56 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2008/09/29 14:31:49 | 00,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\NABTSFEC.sys
[2008/09/29 14:31:49 | 00,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2008/09/29 14:31:44 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\CCDECODE.sys
[2008/09/29 14:31:44 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2008/09/29 14:31:06 | 00,348,160 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System\msvcr71.dll
[2008/09/29 14:31:01 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2008/09/29 14:31:01 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2008/09/29 14:31:01 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2008/09/29 14:31:01 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2008/09/29 14:31:00 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2008/09/29 14:31:00 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2008/09/29 14:30:53 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2008/09/29 14:30:53 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2008/09/28 22:23:51 | 00,000,000 | R-SD | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\My Documents\My Stationery
[2008/09/28 21:51:15 | 00,001,825 | ---- | C] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\Macromedia Dreamweaver MX 2004.lnk
[2008/09/28 21:50:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macromedia Shared
[2008/09/28 21:49:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macromedia
[2008/09/28 21:46:49 | 00,000,000 | ---D | C] -- C:\Program Files\Macromedia
[2008/09/28 20:44:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Local Settings\Application Data\Apple
[2008/09/28 20:41:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Local Settings\Application Data\Apple Computer
[2008/09/28 18:50:42 | 00,000,000 | ---D | C] -- C:\Program Files\NewTek
[2008/09/28 17:07:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonIJPLM
[2008/09/28 17:03:53 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2008/09/28 17:03:53 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2008/09/28 17:03:23 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2008/09/28 17:03:23 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2008/09/28 16:57:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft
[2008/09/28 16:50:17 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
[2008/09/28 16:31:50 | 00,000,890 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2008/09/28 14:10:24 | 00,210,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2008/09/28 14:10:24 | 00,029,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2008/09/28 14:10:23 | 00,270,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2008/09/27 18:44:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Local Settings\Application Data\Windows Live Writer
[2008/09/27 18:41:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Local Settings\Application Data\Identities
[2008/09/27 18:37:23 | 00,000,595 | ---- | C] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\My Documents\My Sharing Folders.lnk
[2008/09/27 18:29:26 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2008/09/27 18:29:18 | 00,000,304 | -H-- | C] () -- C:\sqmdata00.sqm
[2008/09/27 18:29:18 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
[2008/09/27 18:25:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\My Documents\My Received Files
[2008/09/27 18:20:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
[2008/09/27 18:12:29 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2008/09/27 18:10:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/27 17:58:07 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/09/27 17:58:07 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/09/27 17:58:07 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/09/27 17:58:06 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2008/09/27 17:58:00 | 00,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2008/09/27 17:58:00 | 00,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2008/09/27 17:58:00 | 00,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2008/09/27 17:58:00 | 00,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2008/09/27 17:57:59 | 00,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2008/09/27 17:57:59 | 00,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2008/09/27 17:57:59 | 00,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2008/09/27 17:57:58 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2008/09/27 17:57:58 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2008/09/27 17:57:58 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2008/09/27 17:57:58 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2008/09/27 17:57:57 | 00,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2008/09/27 17:57:57 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2008/09/27 17:57:57 | 00,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2008/09/27 17:57:57 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2008/09/27 17:57:57 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2008/09/27 17:57:57 | 00,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2008/09/27 17:57:55 | 00,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2008/09/27 17:57:55 | 00,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2008/09/27 17:57:54 | 00,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2008/09/27 17:57:54 | 00,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2008/09/27 17:57:54 | 00,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2008/09/27 17:57:54 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2008/09/27 17:57:54 | 00,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2008/09/27 17:57:54 | 00,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2008/09/27 17:57:54 | 00,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2008/09/27 17:57:54 | 00,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2008/09/27 17:57:54 | 00,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2008/09/27 17:57:53 | 00,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2008/09/27 17:57:53 | 00,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2008/09/27 17:57:53 | 00,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2008/09/27 17:57:53 | 00,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2008/09/27 17:57:53 | 00,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2008/09/27 17:57:53 | 00,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2008/09/27 17:57:53 | 00,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2008/09/27 17:57:53 | 00,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2008/09/27 17:57:53 | 00,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2008/09/27 17:57:53 | 00,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2008/09/27 17:57:53 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2008/09/27 17:57:52 | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2008/09/27 17:57:52 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2008/09/27 17:57:52 | 00,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2008/09/27 17:57:52 | 00,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2008/09/27 17:57:52 | 00,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2008/09/27 17:57:51 | 00,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2008/09/27 17:57:51 | 00,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2008/09/27 17:57:51 | 00,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2008/09/27 17:57:51 | 00,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2008/09/27 17:57:51 | 00,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2008/09/27 17:57:50 | 00,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2008/09/27 17:57:50 | 00,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2008/09/27 17:57:50 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2008/09/27 17:57:50 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2008/09/27 17:57:50 | 00,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2008/09/27 17:57:50 | 00,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2008/09/27 17:57:50 | 00,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2008/09/27 17:57:50 | 00,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2008/09/27 17:57:50 | 00,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2008/09/27 17:57:50 | 00,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2008/09/27 17:57:50 | 00,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2008/09/27 17:57:50 | 00,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2008/09/27 17:57:50 | 00,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2008/09/27 17:57:50 | 00,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2008/09/27 17:57:50 | 00,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2008/09/27 17:57:49 | 00,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2008/09/27 17:57:48 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2008/09/27 17:57:47 | 00,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2008/09/27 17:57:47 | 00,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2008/09/27 17:57:47 | 00,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2008/09/27 17:57:46 | 00,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2008/09/27 17:57:45 | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2008/09/27 17:57:45 | 00,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2008/09/27 17:57:44 | 00,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2008/09/27 17:57:44 | 00,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2008/09/27 17:57:44 | 00,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2008/09/27 17:57:44 | 00,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2008/09/27 17:57:43 | 00,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2008/09/27 17:57:43 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2008/09/27 17:57:43 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2008/09/27 17:57:43 | 00,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2008/09/27 17:57:43 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2008/09/27 17:57:43 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2008/09/27 17:57:42 | 00,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2008/09/27 17:57:22 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2008/09/27 17:56:57 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2008/09/27 17:56:57 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2008/09/27 17:56:57 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2008/09/27 17:56:56 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2008/09/27 17:56:47 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/09/27 17:56:43 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/09/27 17:56:42 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/09/27 17:56:41 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/09/27 17:56:41 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/09/27 17:56:41 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/09/27 17:56:41 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/09/27 17:56:40 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/09/27 17:56:40 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/09/27 17:56:40 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/09/27 17:56:40 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/09/27 17:56:40 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/09/27 17:56:40 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/09/27 17:56:40 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/09/27 17:56:39 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/09/27 17:56:39 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/09/27 17:56:39 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/09/27 17:56:39 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/09/27 17:56:39 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/09/27 17:56:38 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/09/27 17:56:38 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/09/27 17:56:38 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/09/27 17:56:37 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hccoin.dll
[2008/09/27 17:56:34 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/09/27 17:56:34 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/09/27 17:56:33 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/09/27 17:56:33 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/09/27 17:56:33 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/09/27 17:56:33 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/09/27 17:56:32 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/09/27 17:56:31 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/09/27 17:56:31 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/09/27 17:56:31 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/09/27 17:56:30 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/09/27 17:56:30 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/09/27 17:56:29 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/09/27 17:56:29 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/09/27 17:56:29 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/09/27 17:56:28 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/09/27 17:56:27 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2008/09/27 17:56:27 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/09/27 17:56:26 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/09/27 17:56:26 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/09/27 17:56:26 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/09/27 17:56:26 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/09/27 17:56:26 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/09/27 17:56:25 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/09/27 17:56:24 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/09/27 17:56:24 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/09/27 17:56:24 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2008/09/27 17:56:24 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2008/09/27 17:56:24 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2008/09/27 17:56:23 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2008/09/27 17:56:23 | 00,347,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2008/09/27 17:56:22 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2008/09/27 17:56:22 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/09/27 17:56:20 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2008/09/27 17:45:11 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2008/09/27 17:40:23 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/09/27 17:40:22 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/09/27 17:40:22 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/09/27 17:40:21 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/09/27 17:40:21 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/09/27 17:40:20 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/09/27 17:40:20 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2008/09/27 17:40:17 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/09/27 17:40:15 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/09/27 17:40:15 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/09/27 17:40:15 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/09/27 17:40:13 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/09/27 17:40:12 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/09/27 17:40:12 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbehci.sys
[2008/09/27 17:40:12 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/09/27 17:40:11 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/09/27 17:28:03 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/09/27 16:20:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Application Data\Macromedia
[2008/09/27 16:20:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Application Data\Adobe
[2008/09/27 16:16:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
[2008/09/27 15:11:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/27 15:10:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Local Settings\Application Data\Mozilla
[2008/09/27 15:10:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Application Data\Mozilla
[2008/09/27 15:02:54 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2008/09/27 15:02:42 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/09/27 14:41:04 | 00,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2008/09/27 14:35:55 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2008/09/27 14:35:55 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2008/09/27 14:35:54 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2008/09/27 14:35:50 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2008/09/27 14:35:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
[2008/09/27 14:26:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Application Data\Sun
[2008/09/27 08:43:25 | 00,000,024 | ---- | C] () -- C:\url_history.xml
[2008/09/27 06:04:40 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2008/09/27 06:04:39 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2008/09/27 06:04:38 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2008/09/27 06:04:38 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2008/09/27 06:04:37 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2008/09/27 06:04:36 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2008/09/27 06:04:34 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2008/09/27 06:04:34 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2008/09/27 06:04:31 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2008/09/27 06:04:29 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2008/09/27 06:04:29 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2008/09/27 06:04:28 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2008/09/27 06:04:28 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2008/09/27 06:04:27 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2008/09/27 06:04:26 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2008/09/27 06:04:20 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2008/09/27 06:04:20 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2008/09/27 06:04:18 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2008/09/27 06:04:15 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2008/09/27 06:04:14 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2008/09/27 06:04:14 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2008/09/27 06:04:13 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2008/09/27 06:04:13 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2008/09/27 06:04:11 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2008/09/27 06:04:11 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2008/09/27 06:04:10 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2008/09/27 06:04:05 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2008/09/27 06:04:02 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2008/09/27 06:03:58 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2008/09/27 06:03:57 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2008/09/27 06:03:56 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2008/09/27 06:03:53 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2008/09/27 06:03:52 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2008/09/27 06:03:52 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2008/09/27 06:03:52 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2008/09/27 06:03:51 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2008/09/27 06:03:50 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2008/09/27 06:03:50 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2008/09/27 06:03:50 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2008/09/27 06:03:50 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2008/09/27 06:03:49 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2008/09/27 06:03:49 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2008/09/27 06:03:49 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2008/09/27 06:03:48 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2008/09/27 06:03:48 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2008/09/27 06:03:48 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2008/09/27 06:03:47 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2008/09/27 06:03:47 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2008/09/27 06:03:46 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2008/09/27 06:03:39 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2008/09/27 06:03:37 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2008/09/27 06:03:34 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2008/09/27 06:03:34 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2008/09/27 06:03:30 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2008/09/27 06:03:28 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2008/09/27 06:03:28 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2008/09/27 06:03:24 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2008/09/27 06:03:23 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2008/09/27 06:03:23 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2008/09/27 06:03:18 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2008/09/27 06:03:17 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2008/09/27 06:03:17 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2008/09/27 06:03:17 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2008/09/27 06:03:16 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2008/09/27 06:03:16 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2008/09/27 06:03:15 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2008/09/27 06:03:15 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2008/09/27 06:03:14 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2008/09/27 06:03:14 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2008/09/27 06:03:12 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2008/09/27 06:03:12 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2008/09/27 06:03:11 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2008/09/27 06:03:11 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2008/09/27 06:03:11 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2008/09/27 06:03:04 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2008/09/27 06:03:00 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2008/09/27 06:02:55 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2008/09/27 06:02:45 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2008/09/27 06:02:44 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2008/09/27 06:02:27 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2008/09/27 06:02:27 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2008/09/27 06:02:26 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2008/09/27 06:02:23 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2008/09/27 06:02:21 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2008/09/27 06:02:17 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2008/09/27 06:02:17 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2008/09/27 06:02:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2008/09/27 06:02:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2008/09/27 06:02:15 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2008/09/27 06:02:15 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2008/09/27 06:02:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2008/09/27 06:02:14 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2008/09/27 06:02:14 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2008/09/27 06:02:14 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2008/09/27 06:02:13 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2008/09/27 06:02:12 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2008/09/27 06:02:12 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2008/09/27 06:02:12 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2008/09/27 06:02:11 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2008/09/27 06:02:10 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2008/09/27 06:02:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2008/09/27 06:02:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2008/09/27 06:02:09 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2008/09/27 06:02:09 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2008/09/27 06:02:09 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2008/09/27 06:02:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2008/09/27 06:02:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2008/09/27 06:02:07 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2008/09/27 06:02:07 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2008/09/27 06:02:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2008/09/27 06:02:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2008/09/27 06:02:05 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2008/09/27 06:02:05 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2008/09/27 06:02:05 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2008/09/27 06:02:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2008/09/27 06:02:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2008/09/27 06:02:03 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2008/09/27 06:02:03 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2008/09/27 06:02:02 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2008/09/27 06:02:01 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2008/09/27 06:01:58 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2008/09/27 06:01:56 | 00,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2008/09/27 06:01:55 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2008/09/27 06:01:55 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2008/09/27 06:01:55 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2008/09/27 06:01:54 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2008/09/27 06:01:54 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2008/09/27 06:01:54 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2008/09/27 06:01:53 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2008/09/27 06:01:53 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2008/09/27 06:01:53 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2008/09/27 06:01:52 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2008/09/27 06:01:52 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2008/09/27 06:01:52 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2008/09/27 06:01:51 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2008/09/27 06:01:51 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2008/09/27 06:01:51 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2008/09/27 06:01:50 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2008/09/27 06:01:50 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2008/09/27 06:01:49 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2008/09/27 06:01:49 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2008/09/27 06:01:49 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2008/09/27 06:01:48 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2008/09/27 06:01:48 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2008/09/27 06:01:48 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2008/09/27 06:01:47 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2008/09/27 06:01:47 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2008/09/27 06:01:46 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2008/09/27 06:01:46 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2008/09/27 06:01:45 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2008/09/27 06:01:45 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2008/09/27 06:01:36 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2008/09/27 06:01:30 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2008/09/27 06:01:22 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2008/09/27 06:01:18 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2008/09/27 06:01:17 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2008/09/27 06:01:11 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2008/09/27 06:01:11 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2008/09/27 06:01:08 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2008/09/27 06:01:07 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2008/09/27 06:01:06 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2008/09/27 06:01:06 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2008/09/27 06:01:03 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2008/09/27 06:01:01 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2008/09/27 06:00:58 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2008/09/27 06:00:57 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2008/09/27 06:00:57 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2008/09/27 06:00:57 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2008/09/27 06:00:41 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2008/09/27 06:00:37 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2008/09/27 06:00:36 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2008/09/27 06:00:36 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2008/09/27 06:00:35 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2008/09/27 06:00:35 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2008/09/27 06:00:30 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2008/09/27 06:00:29 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2008/09/27 06:00:29 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2008/09/27 06:00:28 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2008/09/27 06:00:28 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2008/09/27 06:00:27 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2008/09/27 06:00:27 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2008/09/27 06:00:26 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2008/09/27 06:00:25 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2008/09/27 06:00:25 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2008/09/27 06:00:25 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2008/09/27 06:00:24 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2008/09/27 06:00:24 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2008/09/27 06:00:22 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2008/09/27 06:00:21 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2008/09/27 06:00:20 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2008/09/27 06:00:00 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2008/09/27 05:59:56 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2008/09/27 05:59:53 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2008/09/27 05:59:53 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2008/09/27 05:59:51 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2008/09/27 05:59:45 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2008/09/27 05:59:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2008/09/27 05:59:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2008/09/27 05:59:36 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2008/09/27 05:59:20 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2008/09/27 05:59:19 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2008/09/27 05:59:18 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2008/09/27 05:59:17 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2008/09/27 05:59:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2008/09/27 05:59:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2008/09/27 05:59:05 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2008/09/27 05:52:14 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
[2008/09/27 05:52:08 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspqm.sys
[2008/09/27 05:52:00 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dmusic.sys
[2008/09/27 05:51:52 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspclock.sys
[2008/09/27 05:51:48 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mskssrv.sys
[2008/09/27 05:43:05 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2008/09/27 05:43:05 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2008/09/27 05:43:05 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2008/09/27 05:43:05 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2008/09/27 05:42:47 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2008/09/27 05:42:47 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2008/09/27 05:42:46 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2008/09/27 05:42:46 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2008/09/27 05:42:46 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2008/09/27 05:42:45 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2008/09/27 04:46:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2008/09/27 04:04:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2008/09/27 04:03:54 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2008/09/27 03:08:09 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\audstub.sys
[2008/09/27 03:06:42 | 00,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2008/09/27 03:06:00 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msmpu401.sys
[2008/09/27 03:05:36 | 00,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\drivers\ac97sis.sys
[2008/09/27 03:05:33 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2008/09/27 03:05:33 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2008/09/27 03:05:33 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2008/09/27 03:05:33 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2008/09/27 03:05:19 | 00,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\drivers\sisnic.sys
[2008/09/27 03:02:02 | 00,458,340 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/27 03:02:00 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/27 03:01:28 | 00,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2008/09/27 03:01:28 | 00,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2008/09/27 03:01:27 | 00,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2008/09/27 03:01:27 | 00,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2008/09/27 03:01:27 | 00,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2008/09/27 03:01:26 | 00,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2008/09/27 03:01:25 | 00,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2008/09/27 03:01:24 | 00,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2008/09/27 03:01:23 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2008/09/27 03:01:23 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irenum.sys
[2008/09/27 03:01:23 | 00,001,789 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2008/09/27 03:01:20 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2008/09/27 03:01:04 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini
[2008/09/27 03:01:04 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\desktop.ini
[2008/09/27 03:01:04 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
[2008/09/27 03:01:02 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2008/09/27 03:00:32 | 00,225,296 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2008/09/27 03:00:32 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
[2008/09/27 02:59:51 | 00,114,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/27 02:58:50 | 00,015,437 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/09/27 02:57:20 | 00,101,120 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2008/09/27 02:52:52 | 00,023,488 | ---- | C] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/09/27 02:52:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Application Data\Vodafone
[2008/09/27 02:50:44 | 04,839,820 | -H-- | C] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Local Settings\Application Data\IconCache.db
[2008/09/27 02:50:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield
[2008/09/27 02:48:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Vodafone
[2008/09/27 02:47:31 | 00,008,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SpOrder.dll
[2008/09/27 02:37:49 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2008/09/27 02:33:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Application Data\Identities
[2008/09/27 02:33:24 | 00,000,081 | -HS- | C] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\My Documents\desktop.ini
[2008/09/27 02:33:24 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\My Documents\My Pictures
[2008/09/27 02:33:24 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\My Documents\My Music
[2008/09/27 02:33:19 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Application Data\desktop.ini
[2008/09/27 02:33:18 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Start Menu\Programs\Startup\desktop.ini
[2008/09/27 02:33:18 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Application Data\Microsoft
[2008/09/27 02:33:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Local Settings\Application Data\Microsoft
[2008/09/27 02:31:09 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2008/09/27 02:30:54 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2008/09/27 02:29:33 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/27 02:22:11 | 00,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/09/27 02:22:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2008/09/27 02:21:57 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/09/27 02:21:57 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/09/27 02:21:54 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2008/09/27 02:21:32 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2008/09/27 02:18:25 | 04,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2008/09/27 02:17:31 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2008/09/27 02:17:31 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2008/09/27 02:17:31 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2008/09/27 02:17:31 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2008/09/27 02:17:31 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2008/09/27 02:17:31 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2008/09/27 02:17:23 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2008/09/27 02:17:23 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2008/09/27 02:17:23 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\desktop.ini
[2008/09/27 02:17:23 | 00,000,002 | ---- | C] () -- C:\WINDOWS\desktop.ini
[2008/09/27 02:17:15 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2008/09/27 02:17:14 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg723.acm
[2008/09/27 02:17:14 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2008/09/27 02:17:14 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2008/09/27 02:17:14 | 00,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2008/09/27 02:17:13 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2008/09/27 02:17:13 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2008/09/27 02:17:11 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2008/09/27 02:17:11 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2008/09/27 02:17:11 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2008/09/27 02:17:11 | 00,000,065 | RH-- | C] () -- C:\WINDOWS\tasks\desktop.ini
[2008/09/27 02:17:01 | 00,325,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2008/09/27 02:17:01 | 00,325,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2008/09/27 02:17:01 | 00,205,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuweb.dll
[2008/09/27 02:17:01 | 00,205,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2008/09/27 02:17:00 | 01,811,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2008/09/27 02:17:00 | 01,811,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2008/09/27 02:17:00 | 00,215,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2008/09/27 02:17:00 | 00,215,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2008/09/27 02:17:00 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2008/09/27 02:17:00 | 00,036,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2008/09/27 02:17:00 | 00,036,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2008/09/27 02:17:00 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauserv.dll
[2008/09/27 02:16:59 | 00,563,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2008/09/27 02:16:59 | 00,563,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2008/09/27 02:16:59 | 00,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2008/09/27 02:16:59 | 00,053,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2008/09/27 02:16:59 | 00,053,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2008/09/27 02:16:59 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2008/09/27 02:16:59 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2008/09/27 02:16:58 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll
[2008/09/27 02:16:58 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2008/09/27 02:16:53 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2008/09/27 02:16:53 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2008/09/27 02:16:52 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2008/09/27 02:16:52 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2008/09/27 02:16:48 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe
[2008/09/27 02:16:48 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltlib.dll
[2008/09/27 02:16:47 | 00,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2008/09/27 02:16:47 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srsvc.dll
[2008/09/27 02:16:47 | 00,129,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fltmgr.sys
[2008/09/27 02:16:46 | 00,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sr.sys
[2008/09/27 02:16:46 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srclient.dll
[2008/09/27 02:16:45 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2008/09/27 02:16:44 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2008/09/27 02:16:44 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msh261.drv
[2008/09/27 02:16:44 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2008/09/27 02:16:44 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2008/09/27 02:16:44 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2008/09/27 02:16:44 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmsrvc.exe
[2008/09/27 02:16:44 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2008/09/27 02:16:43 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcomm.dll
[2008/09/27 02:16:43 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2008/09/27 02:16:41 | 00,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstask.dll
[2008/09/27 02:16:41 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schedsvc.dll
[2008/09/27 02:16:41 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2008/09/27 02:16:40 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2008/09/27 02:16:40 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2008/09/27 02:16:40 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2008/09/27 02:16:39 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2008/09/27 02:16:26 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Pictures
[2008/09/27 02:15:23 | 00,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/27 02:15:06 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2008/09/27 02:15:06 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2008/09/27 02:14:43 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Music
[2008/09/27 02:14:31 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2008/09/27 02:14:31 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2008/09/27 02:14:19 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2008/09/27 02:14:19 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2008/09/27 02:14:18 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2008/09/27 02:14:18 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2008/09/27 02:14:18 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2008/09/27 02:14:18 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2008/09/27 02:14:18 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2008/09/27 02:14:18 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2008/09/27 02:14:17 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2008/09/27 02:14:17 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2008/09/27 02:14:09 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2008/09/27 02:14:09 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2008/09/27 02:14:09 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2008/09/27 02:14:09 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2008/09/27 02:14:09 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2008/09/27 02:14:09 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2008/09/27 02:14:08 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2008/09/27 02:14:08 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2008/09/27 02:14:08 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2008/09/27 02:14:08 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2008/09/27 02:14:08 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2008/09/27 02:14:07 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2008/09/27 02:14:07 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2008/09/27 02:14:06 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2008/09/27 02:14:06 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2008/09/27 02:14:06 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2008/09/27 02:14:06 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2008/09/27 02:14:05 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2008/09/27 02:14:05 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2008/09/27 02:14:04 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2008/09/27 02:14:04 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2008/09/27 02:14:04 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2008/09/27 02:14:04 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2008/09/27 02:14:03 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2008/09/27 02:14:03 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2008/09/27 02:14:03 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2008/09/27 02:14:03 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2008/09/27 02:14:03 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2008/09/27 02:14:03 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2008/09/27 02:14:03 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2008/09/27 02:14:03 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2008/09/27 02:14:03 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2008/09/27 02:14:03 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2008/09/27 02:14:03 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2008/09/27 02:14:03 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2008/09/27 02:14:03 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2008/09/27 02:14:03 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2008/09/27 02:14:03 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2008/09/27 02:14:02 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2008/09/27 02:14:02 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2008/09/27 02:14:02 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2008/09/27 02:14:02 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2008/09/27 02:14:02 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2008/09/27 02:14:02 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2008/09/27 02:14:02 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2008/09/27 02:14:02 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2008/09/27 02:14:02 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2008/09/27 02:14:02 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2008/09/27 02:14:02 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2008/09/27 02:14:02 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2008/09/27 02:14:02 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2008/09/27 02:14:02 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2008/09/27 02:14:02 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2008/09/27 02:14:02 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2008/09/27 02:14:01 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2008/09/27 02:14:01 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2008/09/27 02:14:01 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2008/09/27 02:14:01 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2008/09/27 02:14:00 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2008/09/27 02:14:00 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2008/09/27 02:14:00 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2008/09/27 02:14:00 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2008/09/27 02:14:00 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2008/09/27 02:13:59 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2008/09/27 02:13:59 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2008/09/27 02:13:59 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2008/09/27 02:13:59 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2008/09/27 02:13:59 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2008/09/27 02:13:53 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2008/09/27 02:13:53 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2008/09/27 02:13:52 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2008/09/27 02:13:52 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2008/09/27 02:13:52 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2008/09/27 02:13:52 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2008/09/27 02:13:52 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2008/09/27 02:13:51 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2008/09/27 02:13:51 | 00,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2008/09/27 02:13:51 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2008/09/27 02:13:51 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2008/09/27 02:13:51 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2008/09/27 02:13:51 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2008/09/27 02:13:51 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2008/09/27 02:13:50 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2008/09/27 02:13:50 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2008/09/27 02:13:50 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2008/09/27 02:13:49 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2008/09/27 02:13:49 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2008/09/27 02:13:49 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2008/09/27 02:13:48 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2008/09/27 02:13:48 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2008/09/27 02:13:47 | 00,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2008/09/27 02:13:47 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2008/09/27 02:13:47 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2008/09/27 02:13:46 | 00,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys
[2008/09/27 02:13:46 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2008/09/27 02:13:46 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys
[2008/09/27 02:13:46 | 00,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys
[2008/09/27 02:13:45 | 02,061,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstscax.dll
[2008/09/27 02:13:45 | 00,655,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2008/09/27 02:13:44 | 00,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe
[2008/09/27 02:13:44 | 00,407,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe
[2008/09/27 02:13:44 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2008/09/27 02:13:44 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2008/09/27 02:13:44 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2008/09/27 02:13:44 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\remotepg.dll
[2008/09/27 02:13:44 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2008/09/27 02:13:43 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv.dll
[2008/09/27 02:13:43 | 00,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2008/09/27 02:13:43 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2008/09/27 02:13:43 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2008/09/27 02:13:43 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe
[2008/09/27 02:13:43 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2008/09/27 02:13:43 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2008/09/27 02:13:42 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2008/09/27 02:13:42 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2008/09/27 02:13:42 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2008/09/27 02:13:42 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2008/09/27 02:13:41 | 00,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2008/09/27 02:13:41 | 00,427,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2008/09/27 02:13:41 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2008/09/27 02:13:41 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2008/09/27 02:13:41 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtc.exe
[2008/09/27 02:13:40 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2008/09/27 02:13:40 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2008/09/27 02:13:39 | 00,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2008/09/27 02:13:39 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2008/09/27 02:13:39 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2008/09/27 02:13:38 | 01,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2008/09/27 02:13:38 | 00,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2008/09/27 02:13:38 | 00,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatq.dll
[2008/09/27 02:13:25 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2008/09/27 02:13:25 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2008/09/27 02:13:24 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2008/09/27 02:13:24 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2008/09/27 02:13:21 | 00,196,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2008/09/27 02:13:20 | 00,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys
[2008/09/27 02:13:14 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Videos
[2008/09/25 19:32:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IOSUBSYS
[2008/09/25 03:25:26 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2008/09/24 01:15:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\Corel
[2008/09/24 01:13:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2008/09/23 15:58:05 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2008/09/23 15:57:36 | 00,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2008/09/23 00:44:08 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[2008/10/22 22:44:15 | 00,348,371 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/10/22 22:42:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/22 22:42:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/22 22:29:09 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\OTViewIt.exe
[2008/10/22 22:05:03 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2008/10/22 19:59:30 | 00,000,595 | ---- | M] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\My Documents\My Sharing Folders.lnk
[2008/10/22 19:32:50 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\HijackThis.lnk
[2008/10/22 15:35:15 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/21 22:18:04 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\DivX Player.lnk
[2008/10/21 22:17:45 | 00,000,806 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\DivX Converter.lnk
[2008/10/21 22:16:48 | 00,001,500 | ---- | M] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\DivX Movies.lnk
[2008/10/21 22:15:42 | 20,698,272 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\DivXInstaller.exe
[2008/10/21 21:56:50 | 25,119,2600 | ---- | M] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\3149.flv
[2008/10/21 16:06:00 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2008/10/21 10:06:51 | 00,000,963 | ---- | M] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\Spybot - Search & Destroy.lnk
[2008/10/20 21:00:21 | 00,000,304 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/10/20 21:00:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/10/20 20:58:11 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2008/10/20 20:58:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2008/10/20 20:48:09 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/10/20 20:29:20 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/10/20 20:29:20 | 00,000,244 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/10/20 20:20:16 | 00,458,340 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/20 20:20:16 | 00,392,920 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/20 20:20:16 | 00,059,110 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/20 20:20:05 | 00,000,280 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/10/20 20:20:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/10/20 20:12:00 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/10/20 20:12:00 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/10/20 20:10:28 | 00,001,827 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Windows Live Mail.lnk
[2008/10/20 16:36:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/20 10:37:06 | 00,000,280 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/10/20 10:37:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/10/19 22:48:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/10/19 22:48:47 | 00,000,244 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/10/19 22:38:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/10/19 22:38:44 | 00,000,244 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/10/19 22:32:50 | 00,000,280 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/10/19 22:32:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/10/18 23:34:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/10/18 23:34:15 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/10/18 22:10:15 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2008/10/18 19:37:41 | 00,000,292 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/10/18 19:37:41 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/10/17 16:24:41 | 00,000,280 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/10/17 16:24:41 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/10/17 16:13:10 | 00,000,280 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/10/17 16:13:10 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/10/16 22:02:03 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/10/16 22:02:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/10/16 20:25:46 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/16 20:25:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/16 17:09:15 | 00,000,280 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/10/16 17:09:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/10/15 23:43:38 | 00,000,280 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/10/15 23:43:38 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/10/15 23:30:41 | 00,114,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/15 08:46:19 | 00,000,280 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/10/15 08:46:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/10/15 02:31:28 | 00,000,292 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/10/15 02:31:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/10/14 22:59:13 | 00,002,487 | ---- | M] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\CorelDRAW 11.lnk
[2008/10/14 20:10:55 | 00,009,728 | ---- | M] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/11 22:47:19 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/10/11 22:47:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/10/11 19:29:55 | 00,000,292 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/10/11 19:29:55 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/10/11 14:29:41 | 00,002,361 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Nero StartSmart.lnk
[2008/10/11 14:12:43 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/10/11 12:47:28 | 04,839,820 | -H-- | M] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Local Settings\Application Data\IconCache.db
[2008/10/10 13:51:22 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\CCleaner.lnk
[2008/10/07 20:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/06 12:47:54 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/05 22:38:37 | 00,001,885 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2008/10/05 22:38:04 | 00,118,784 | R--- | M] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2008/10/05 20:45:00 | 00,000,106 | ---- | M] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\Windows Live Hotmail.URL
[2008/10/03 18:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 18:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/10/02 23:16:53 | 00,001,863 | ---- | M] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\Start Avira AntiVir Personal.lnk
[2008/10/02 21:03:45 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/01 17:49:02 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2008/10/01 11:24:27 | 00,923,712 | -HS- | M] () -- C:\WINDOWS\System32\myvaqeox.ini
[2008/10/01 11:19:14 | 00,104,448 | ---- | M] () -- C:\WINDOWS\System32\qsnsgltt.dll
[2008/10/01 07:16:46 | 00,000,609 | ---- | M] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\Windows Messenger.lnk
[2008/09/30 14:25:15 | 00,000,081 | -HS- | M] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\My Documents\desktop.ini
[2008/09/29 20:54:48 | 00,000,779 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\QuarkXPress Passport 5.0.lnk
[2008/09/29 20:47:14 | 00,000,539 | ---- | M] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\Adobe InDesign CS.lnk
[2008/09/29 20:35:17 | 00,023,488 | ---- | M] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/09/29 20:28:38 | 00,000,814 | ---- | M] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\Adobe Photoshop 7.0.lnk
[2008/09/29 20:28:08 | 00,002,140 | ---- | M] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\Adobe Illustrator 10.lnk
[2008/09/29 20:12:30 | 00,000,890 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2008/09/28 21:51:15 | 00,001,825 | ---- | M] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop\Macromedia Dreamweaver MX 2004.lnk
[2008/09/27 15:11:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2008/09/27 08:43:25 | 00,000,024 | ---- | M] () -- C:\url_history.xml
[2008/09/27 06:05:45 | 00,015,437 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/09/27 05:58:43 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini
[2008/09/27 05:58:33 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/09/27 05:58:33 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/09/27 05:58:12 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/27 05:56:03 | 00,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/09/27 05:54:18 | 00,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/27 05:52:21 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2008/09/27 05:43:13 | 00,000,250 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/09/27 05:42:48 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\desktop.ini
[2008/09/27 05:42:48 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
[2008/09/27 05:15:55 | 00,225,296 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2008/09/27 05:15:53 | 00,001,789 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2008/09/27 03:01:04 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Application Data\desktop.ini
[2008/09/27 02:47:31 | 00,008,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SpOrder.dll
[2008/09/27 02:30:54 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2008/09/27 02:22:21 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Start Menu\Programs\Startup\desktop.ini
[2008/09/27 02:22:11 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/09/27 02:22:11 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2008/09/27 02:15:06 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2008/09/27 02:15:06 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
< End of report >


And the Extras:
OTViewIt Extras logfile created on: 10/22/2008 10:48:32 PM - Run 4
OTViewIt by OldTimer - Version 1.0.17.0 Folder = C:\Documents and Settings\Simon Lake.BADCARDZ-7E7BD3\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 139.66 Mb Available Physical Memory | 27.30% Memory free
1.22 Gb Paging File | 0.75 Gb Available in Paging File | 61.30% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.89 Gb Total Space | 4.52 Gb Free Space | 25.25% Space Free | Partition Type: NTFS
Drive D: | 26.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BADCARDZ-7E7BD3
Current User Name: Simon Lake
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/10/05 22:38:19 | 00,036,864 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/01/01 22:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2002/05/13 14:32:30 | 12,193,852 | ---- | M] (Macromedia Inc.) -- C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe:*:Enabled:Fireworks MX
[2008/10/05 22:38:19 | 00,036,864 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] -- C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000002 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000003 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000004 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000005 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000006 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000007 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000008 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000009 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000010 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000011 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000012 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000013 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000014 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000015 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000016 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000017 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000018 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000019 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000020 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000021 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000022 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000023 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000024 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000025 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000026 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000027 -- File not found

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw+0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw+0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw-0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw00:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw00s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw-0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw10:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw10s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw20:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw20s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw30:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw30s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw40:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw40s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw50:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw50s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw60:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw60s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw70:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw70s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw80:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw80s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw90:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw90s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwa0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwa0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwb0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwb0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwc0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwc0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwd0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwd0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwe0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwe0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwf0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwf0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} (HKLM) [BackWeb GA Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwg0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwg0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwh0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwh0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwi0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwi0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwj0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwj0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwk0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwk0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwl0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwl0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwm0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwm0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwn0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwn0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwo0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwo0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwp0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwp0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwq0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwq0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwr0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwr0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bws0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bws0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwt0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwt0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwu0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwu0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwv0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwv0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bww0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bww0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwx0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwx0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwy0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwy0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwz0:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwz0s:{847f70e1-0020-41e0-a2e4-5e39e46d24a3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/14 13:42:00 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/14 13:42:00 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/14 13:42:00 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:38:19 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (offline-8876480:{847F70E1-0020-41E0-A2E4-5E39E46D24A3} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/23 12:14:52 | 00,858,136 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=Google Gmail Notifier
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}"=Macromedia Dreamweaver MX 2004
"{07A540AB-D785-11D5-8E89-0090275862A0}"=Corel Graphics Suite 11
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series"=Canon MP210 series
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}"=Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk"=Google Talk (remove only)
"{257E440F-781F-459B-9A68-A0872B80C1D6}"=Windows Live Photo Gallery
"{26D3E377-1DCA-4043-9410-B4A9BACF1033}"=Nero 7 Ultra Edition
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}"=Macromedia Flash 8
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{3403CB31-D7C1-43F4-9D2F-579758C0CF09}"=Windows Live OneCare Family Safety
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}"=Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{412033BC-44CF-48D9-B813-4B835101F4D3}"=Adobe Illustrator 10
"{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}"=Adobe InDesign CS
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}"=VBA (2627.01)
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}"=Macromedia Extension Manager
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}"=Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}"=Windows Live Favorites for Windows Live Toolbar
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{885A63EA-382B-4DD4-A755-14809B8557D6}"=Macromedia Flash Player 8
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}"=Macromedia Flash 8 Video Encoder
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{9176251A-4CC1-4DDB-B343-B487195EB397}"=Windows Live Writer
"{930B2432-43D4-11D5-9871-00C04F8EEB39}"=Macromedia Fireworks MX
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}"=VC 9.0 Runtime
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}"=Highlight Viewer (Windows Live Toolbar)
"{A7BF5297-3E74-11D5-B00F-00104B398D77}"=QuarkXPress Passport
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}"=Windows Live Toolbar
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}"=Choice Guard
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}"=Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]
"{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}"=Vodafone Mobile Connect
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Photoshop 7.0"=Adobe Photoshop 7.0
"Adobe SVG Viewer"=Adobe SVG Viewer 3.0
"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus
"Canon MP210 series User Registration"=Canon MP210 series User Registration
"CANONIJPLM100"=PIXMA Extended Survey Program
"CanonMyPrinter"=Canon My Printer
"CanonSolutionMenu"=Canon Utilities Solution Menu
"CCleaner"=CCleaner (remove only)
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}"=Corel Graphics Suite 11
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Windows Live Toolbar"=Windows Live Toolbar
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"YInstHelper"=Yahoo! Install Manager
"ZoneAlarm"=ZoneAlarm
"ZoneAlarmSB Uninstall"=ZoneAlarm Spy Blocker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/12/2008 1:01:10 PM | Computer Name = BADCARDZ-7E7BD3 | Source = Application Hang | ID = 1002
Description = Hanging application agent.exe, version 6.0.100.54472, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2008 8:32:16 AM | Computer Name = BADCARDZ-7E7BD3 | Source = VMCService | ID = 0
Description = GetLoggedOnUser

Error - 10/14/2008 5:08:57 AM | Computer Name = BADCARDZ-7E7BD3 | Source = VMCService | ID = 0
Description = GetLoggedOnUser

Error - 10/15/2008 3:27:29 AM | Computer Name = BADCARDZ-7E7BD3 | Source = VMCService | ID = 0
Description = GetLoggedOnUser

Error - 10/16/2008 7:56:32 AM | Computer Name = BADCARDZ-7E7BD3 | Source = VMCService | ID = 0
Description = GetLoggedOnUser

Error - 10/17/2008 5:28:54 PM | Computer Name = BADCARDZ-7E7BD3 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/18/2008 5:15:05 PM | Computer Name = BADCARDZ-7E7BD3 | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/18/2008 5:15:07 PM | Computer Name = BADCARDZ-7E7BD3 | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/19/2008 5:16:23 PM | Computer Name = BADCARDZ-7E7BD3 | Source = VMCService | ID = 0
Description = GetLoggedOnUser

Error - 10/20/2008 11:19:38 AM | Computer Name = BADCARDZ-7E7BD3 | Source = VMCService | ID = 0
Description = GetLoggedOnUser

[ System Events ]
Error - 10/16/2008 8:30:21 PM | Computer Name = BADCARDZ-7E7BD3 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/16/2008 8:30:25 PM | Computer Name = BADCARDZ-7E7BD3 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/16/2008 8:30:28 PM | Computer Name = BADCARDZ-7E7BD3 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/16/2008 8:30:32 PM | Computer Name = BADCARDZ-7E7BD3 | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 10/21/2008 8:43:23 AM | Computer Name = BADCARDZ-7E7BD3 | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 10/21/2008 5:01:19 PM | Computer Name = BADCARDZ-7E7BD3 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {46986115-84D6-459C-8F95-52DD653E532E}.
The
error: "%21" Happened while starting this command: "E:\Winamp\winamp.exe" -Embedding

Error - 10/21/2008 5:01:31 PM | Computer Name = BADCARDZ-7E7BD3 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {46986115-84D6-459C-8F95-52DD653E532E}.
The
error: "%21" Happened while starting this command: "E:\Winamp\winamp.exe" -Embedding

Error - 10/21/2008 5:09:31 PM | Computer Name = BADCARDZ-7E7BD3 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {46986115-84D6-459C-8F95-52DD653E532E}.
The
error: "%21" Happened while starting this command: "E:\Winamp\winamp.exe" -Embedding

Error - 10/21/2008 5:28:55 PM | Computer Name = BADCARDZ-7E7BD3 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 10/21/2008 5:28:55 PM | Computer Name = BADCARDZ-7E7BD3 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053


< End of report >


KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, October 23, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, October 22, 2008 22:47:14
Records in database: 1337822
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Files scanned 60283
Threat name 3
Infected objects 3
Suspicious objects 0
Duration of the scan 03:59:36

File name Threat name Threats count
C:\install\Applications\mIRC\mIRC.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\install\wpi\common\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1
C:\WINDOWS\system32\qsnsgltt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.alvd 1
The selected area was scanned.

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:09 AM

Posted 23 October 2008 - 07:15 AM

Hello stjohn.

I see some leftovers, but nothing active at the moment.

Download and Run OTMoveIT
  • Please download OTMoveIt3 by OldTimer to your desktop. If you have already used the program, there is no need to download a new one.
  • Double-click OTMoveIt3.exe to run it. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Copy the lines in the codebox below. Do not copy the word "code".
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_Dlls"=""
    :processes
    
    :files
    C:\WINDOWS\System32\myvaqeox.ini
    C:\WINDOWS\System32\qsnsgltt.dll
    :commands
    [Reboot]
  • Return to OTMoveIt3, right click in the Paste List Of Files/Patterns To Move window (under the yellow bar) and choose Paste.
  • Close all open windows expect OTMoveIt.
  • Click the Posted Image button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3.
Note: If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key. Navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest ".log" file present, and copy/paste the contents of that document back here in your next post.

Please post back a new HijackThis log.

If you are still having slowness, we'll try to disable some startup items to free up memory.

With Regards,
The Panda

#9 stjohn

stjohn
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport
  • Local time:01:09 PM

Posted 25 October 2008 - 01:21 PM

Hello PP,
Here is the result.....
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_Dlls"|"":processes /E : value set successfully!
========== FILES ==========
C:\WINDOWS\System32\myvaqeox.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\qsnsgltt.dll
C:\WINDOWS\System32\qsnsgltt.dll NOT unregistered.
C:\WINDOWS\System32\qsnsgltt.dll moved successfully.
========== COMMANDS ==========

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10252008_191214

#10 stjohn

stjohn
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport
  • Local time:01:09 PM

Posted 25 October 2008 - 01:24 PM

and the hijackthis log..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:39 PM, on 10/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
E:\Winamp\winampa.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\ConAppM.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmop.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F6722A2-51A8-4FFE-8545-E9CED16EF22B}: NameServer = 10.203.65.68 10.203.65.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F6722A2-51A8-4FFE-8545-E9CED16EF22B}: NameServer = 10.203.65.68 10.203.65.68
O18 - Protocol: bw+0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ":processe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 21916 bytes

Many thanks
stjohn

#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:09 AM

Posted 25 October 2008 - 02:36 PM

Hello stjohn.

It looks good.

Apply Registry Script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "code".
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_Dlls"=""
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.reg
  • Hit OK.
When done properly, the icon should look like Posted Image.

Double click fix.reg and answer Yes to the prompts. You should recieve the message that the entries have been successfully merged. If not, post back with the error message.

Delete fix.reg after use.


Post a new HijackThis log.

Any problem still?

With Regards,
The Panda

#12 stjohn

stjohn
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport
  • Local time:01:09 PM

Posted 25 October 2008 - 03:06 PM

Yes I got the icon on the desktop that looks like that, but when I double-click on it, all I get is a message saying are you sure you want to add the information in C:\Documents and Settings\SimonLake.BADCARDZ-7E7BD3\Desktop\fix.reg to the registry? I don't get any prompts or any message that the entries have been successfully merged. If I right click on the icon there is an option to merge.

#13 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:09 AM

Posted 25 October 2008 - 03:07 PM

Hello.

In that case click Merge.

Please post a new HijackThis log after so we know if it worked or not :thumbsup: .

With Regards,
The Panda

#14 stjohn

stjohn
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport
  • Local time:01:09 PM

Posted 25 October 2008 - 03:17 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:15 PM, on 10/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
E:\Winamp\winampa.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\ConAppM.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmop.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F6722A2-51A8-4FFE-8545-E9CED16EF22B}: NameServer = 10.206.65.68 10.206.65.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F6722A2-51A8-4FFE-8545-E9CED16EF22B}: NameServer = 10.206.65.68 10.206.65.68
O18 - Protocol: bw+0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {847F70E1-0020-41E0-A2E4-5E39E46D24A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 21584 bytes

#15 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:09 AM

Posted 25 October 2008 - 03:34 PM

Hello stjohn.

Doesn't look like it worked. Let's try disableing your protection first.

To disable Avira:
  • Navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Posted Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Posted Image )
To disable SpyBot's TeaTimer:
  • Run Spybot-S&D in Advanced Mode. If it is not already set to do this Go to the Mode menu select Advanced Mode.
  • On the left hand side, Click on Tools.
  • Click on the Resident icon in the list.
  • Uncheck Resident TeaTimer and OK any prompts.
  • Download ResetTeaTimer.bat and run it to remove entries set by TeaTimer. The file should take only a second to finish. Delete this file after use.
Restart your computer for the changes to take affect.
----
Try the registry script again after disabling. Post a new HijackThis log after too.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users