Win32.TrojanDownloader.Small

13 november, 2008

dusc:

Om du har problem att svara i tråden så kan du mejla mig informationen. Du ser min mejladress när du trycker på Anv.info här under.

13 november, 2008

C:\WINDOWS\System32\dllcache\user32.dll

13 november, 2008

Okej, då väntar jag på den andra filen och svaren på de andra frågorna.

13 november, 2008

[log]FileLook.exe v2.0 by jpshortstuff

Log created at 20:35 on 13/11/2008

==================================

FileLook - "ttp"

Unable to find file.

==================================

FileLook - "install.txt"

Filename: install.txt

Path: C:\Documents and Settings\Stefan\Application Data\

MD5: 44D110BDAAC1F2AC1AB51098AEB78C9D

Created: 18:57:56 on 03/11/2008

Modified: 19:00:42 on 03/11/2008

Size: 2668368 bytes

Attributes: Archive

-

==============================

=EOF=[/log]

13 november, 2008

Skanna C:\Documents and Settings\Stefan\Application Data\install.txt på virustotal-sidan.

13 november, 2008

Du har problem med att klistra in suspectfile-loggen för att den är så stor, jag delar upp den i bitar.

[log]SystemScan - www.suspectfile.com - ver. 3.6.0 (code: holifay & bReAkdOWn)

Running on: Windows XP PROFESSIONAL Edition, Service Pack 3 (2600.5.1)

System directory: C:\WINDOWS

SystemScan file: C:\Documents and Settings\Stefan\Skrivbord\sys33840.exe

Running in: User mode

Date: 2008-11-13

Time: 17:47:18

Output limited to:

-Recent files

-Registry Run Keys

-Services and Drivers (all)

-Loaded Dlls

-Hidden objects

-Suspicious Files

===================== RECENT FILES =====================

Listing files newer than 30 days

---- recent files in C:10/08/2008 17:50:03 -- 13/11/2008 17:43:47 (DIR) ---- 0 days old -- C:\SLASK

09/08/2008 20:17:31 -- 13/11/2008 17:38:12 (DIR) ---- 0 days old -- C:\WINDOWS

12/11/2008 22:31:13 -- 12/11/2008 22:45:50 (DIR) ---- 0 days old -- C:\SDFix

09/08/2008 20:32:07 -- 12/11/2008 21:58:09 (DIR) --R- 0 days old -- C:\Program

12/11/2008 21:12:35 -- 12/11/2008 21:12:35 (DIR) HS-- 0 days old -- C:\RECYCLER

10/11/2008 19:11:39 -- 12/11/2008 21:05:05 (DIR) ---- 0 days old -- C:\Qoobox

10/11/2008 19:31:18 -- 10/11/2008 19:31:25 (DIR) HSRA 2 days old -- C:\cmdcons

10/08/2008 18:21:59 -- 13/11/2008 17:38:17 2189 ---A 0 days old -- C:\caisslog.txt

12/11/2008 22:40:27 -- 13/11/2008 16:29:542145554432 HS-A 0 days old -- C:\hiberfil.sys

09/08/2008 20:17:31 -- 13/11/2008 16:29:532145484800 HS-A 0 days old -- C:\pagefile.sys

25/08/2008 22:00:55 -- 13/11/2008 13:05:47 232 H--A 0 days old -- C:\sqmdata05.sqm

25/08/2008 22:00:55 -- 13/11/2008 13:05:47 244 H--A 0 days old -- C:\sqmnoopt05.sqm

25/08/2008 21:00:43 -- 13/11/2008 06:51:58 232 H--A 0 days old -- C:\sqmdata04.sqm

25/08/2008 21:00:43 -- 13/11/2008 06:51:58 244 H--A 0 days old -- C:\sqmnoopt04.sqm

25/08/2008 18:53:44 -- 13/11/2008 00:28:36 244 H--A 0 days old -- C:\sqmnoopt03.sqm

25/08/2008 18:53:44 -- 13/11/2008 00:28:36 232 H--A 0 days old -- C:\sqmdata03.sqm

25/08/2008 11:31:24 -- 12/11/2008 23:07:41 244 H--A 0 days old -- C:\sqmnoopt02.sqm

25/08/2008 11:31:24 -- 12/11/2008 23:07:41 232 H--A 0 days old -- C:\sqmdata02.sqm

25/08/2008 07:12:04 -- 12/11/2008 22:32:25 244 H--A 0 days old -- C:\sqmnoopt01.sqm

25/08/2008 07:12:04 -- 12/11/2008 22:32:25 232 H--A 0 days old -- C:\sqmdata01.sqm

25/08/2008 05:58:45 -- 12/11/2008 21:57:10 244 H--A 0 days old -- C:\sqmnoopt00.sqm

25/08/2008 05:58:45 -- 12/11/2008 21:57:10 232 H--A 0 days old -- C:\sqmdata00.sqm

30/08/2008 14:22:19 -- 12/11/2008 21:38:51 232 H--A 0 days old -- C:\sqmdata19.sqm

30/08/2008 14:22:18 -- 12/11/2008 21:38:51 244 H--A 0 days old -- C:\sqmnoopt19.sqm

12/11/2008 21:04:58 -- 12/11/2008 21:04:58 15063 ---A 0 days old -- C:\ComboFix.txt

29/08/2008 22:56:06 -- 12/11/2008 19:34:12 232 H--A 0 days old -- C:\sqmdata18.sqm

29/08/2008 22:56:06 -- 12/11/2008 19:34:12 244 H--A 0 days old -- C:\sqmnoopt18.sqm

29/08/2008 17:17:52 -- 12/11/2008 06:48:39 232 H--A 1 days old -- C:\sqmdata17.sqm

29/08/2008 17:17:52 -- 12/11/2008 06:48:39 244 H--A 1 days old -- C:\sqmnoopt17.sqm

29/08/2008 15:52:19 -- 11/11/2008 23:34:19 244 H--A 1 days old -- C:\sqmnoopt16.sqm

29/08/2008 15:52:20 -- 11/11/2008 23:34:19 232 H--A 1 days old -- C:\sqmdata16.sqm

28/08/2008 21:46:53 -- 11/11/2008 20:56:47 232 H--A 1 days old -- C:\sqmdata15.sqm

28/08/2008 21:46:53 -- 11/11/2008 20:56:46 244 H--A 1 days old -- C:\sqmnoopt15.sqm

28/08/2008 19:06:02 -- 11/11/2008 19:07:34 244 H--A 1 days old -- C:\sqmnoopt14.sqm

28/08/2008 19:06:02 -- 11/11/2008 19:07:34 232 H--A 1 days old -- C:\sqmdata14.sqm

27/08/2008 21:47:27 -- 11/11/2008 12:31:57 232 H--A 2 days old -- C:\sqmdata13.sqm

27/08/2008 21:47:27 -- 11/11/2008 12:31:57 244 H--A 2 days old -- C:\sqmnoopt13.sqm

27/08/2008 19:24:31 -- 11/11/2008 00:25:41 232 H--A 2 days old -- C:\sqmdata12.sqm

27/08/2008 19:24:31 -- 11/11/2008 00:25:41 244 H--A 2 days old -- C:\sqmnoopt12.sqm

27/08/2008 19:12:08 -- 10/11/2008 22:35:39 232 H--A 2 days old -- C:\sqmdata11.sqm

27/08/2008 19:12:08 -- 10/11/2008 22:35:39 244 H--A 2 days old -- C:\sqmnoopt11.sqm

27/08/2008 19:08:58 -- 10/11/2008 22:19:05 244 H--A 2 days old -- C:\sqmnoopt10.sqm

27/08/2008 19:08:58 -- 10/11/2008 22:19:05 232 H--A 2 days old -- C:\sqmdata10.sqm

10/11/2008 19:06:10 -- 10/11/2008 22:14:59 2722 ---A 2 days old -- C:\rapport.txt

27/08/2008 13:27:58 -- 10/11/2008 22:04:54 244 H--A 2 days old -- C:\sqmnoopt09.sqm

27/08/2008 13:27:58 -- 10/11/2008 22:04:54 232 H--A 2 days old -- C:\sqmdata09.sqm

26/08/2008 22:14:49 -- 10/11/2008 20:58:04 244 H--A 2 days old -- C:\sqmnoopt08.sqm

26/08/2008 22:14:49 -- 10/11/2008 20:58:04 232 H--A 2 days old -- C:\sqmdata08.sqm

30/10/2008 23:00:51 -- 10/11/2008 20:50:17 3315 ---A 2 days old -- C:\aaw7boot.log

26/08/2008 09:54:15 -- 10/11/2008 20:49:03 232 H--A 2 days old -- C:\sqmdata07.sqm

26/08/2008 09:54:15 -- 10/11/2008 20:49:03 244 H--A 2 days old -- C:\sqmnoopt07.sqm

25/08/2008 22:10:38 -- 10/11/2008 20:36:55 244 H--A 2 days old -- C:\sqmnoopt06.sqm

25/08/2008 22:10:38 -- 10/11/2008 20:36:55 232 H--A 2 days old -- C:\sqmdata06.sqm

09/08/2008 20:22:52 -- 10/11/2008 19:31:25 396 HSRA 2 days old -- C:\boot.ini

10/11/2008 19:31:25 -- 30/10/2008 23:44:31 325 ---A 2 days old -- C:\Boot.bak

10/11/2008 19:31:23 -- 03/08/2004 23:00:00 260272 ---A 2 days old -- C:\cmldr

04/08/2004 03:59:58 -- 31/10/2008 19:08:00 250560 HSRA 12 days old -- C:\ntldr

---- recent files in C:\DOCUME~1\Stefan\LOKALA~1\Temp13/11/2008 17:46:04 -- 13/11/2008 17:46:04 (DIR) ---- 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\nsc1E.tmp

13/11/2008 16:30:23 -- 13/11/2008 16:30:23 (DIR) ---- 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\WPDNSE

13/11/2008 15:39:46 -- 13/11/2008 15:39:51 (DIR) ---- 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\MessengerCache

12/11/2008 21:07:21 -- 12/11/2008 21:07:21 (DIR) ---- 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\Google Toolbar

13/11/2008 17:46:04 -- 13/11/2008 17:46:04 55 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\systemscan.ini

13/11/2008 17:46:04 -- 13/11/2008 17:46:04 16384 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\~DFF094.tmp

12/11/2008 22:51:31 -- 13/11/2008 16:35:21 1012 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\jusched.log

13/11/2008 16:30:21 -- 13/11/2008 16:30:35 540672 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\~DF47F1.tmp

13/11/2008 16:30:21 -- 13/11/2008 16:30:21 147456 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\~DF4801.tmp

13/11/2008 13:15:11 -- 13/11/2008 13:15:33 540672 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\~DFE867.tmp

13/11/2008 13:15:12 -- 13/11/2008 13:15:13 147456 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\~DFF3D9.tmp

13/11/2008 10:38:22 -- 13/11/2008 10:38:29 540672 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\~DF686A.tmp

13/11/2008 10:38:18 -- 13/11/2008 10:38:19 147456 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\~DF2CD0.tmp

13/11/2008 06:38:29 -- 13/11/2008 06:38:37 540672 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\~DFF057.tmp

13/11/2008 06:38:29 -- 13/11/2008 06:38:30 147456 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\~DFF059.tmp

12/11/2008 23:13:18 -- 12/11/2008 23:13:18 147456 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\~DF8096.tmp

12/11/2008 23:10:30 -- 12/11/2008 23:10:39 540672 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\~DF8D33.tmp

12/11/2008 23:10:26 -- 12/11/2008 23:10:26 147456 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\~DF34E5.tmp

12/11/2008 22:52:44 -- 12/11/2008 22:52:44 147456 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\~DF4E6A.tmp

12/11/2008 22:46:34 -- 12/11/2008 22:46:41 540672 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\~DF2D8F.tmp

12/11/2008 22:46:31 -- 12/11/2008 22:46:31 147456 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\~DFFC82.tmp

---- recent files in C:\WINDOWS09/08/2008 20:17:31 -- 13/11/2008 17:38:12 (DIR) ---- 0 days old -- C:\WINDOWS\system32

12/11/2008 21:05:04 -- 13/11/2008 17:36:42 (DIR) ---- 0 days old -- C:\WINDOWS\temp

12/11/2008 22:34:59 -- 12/11/2008 22:35:12 (DIR) ---- 0 days old -- C:\WINDOWS\ERUNT

09/08/2008 18:52:05 -- 12/11/2008 22:15:50 (DIR) -S-- 0 days old -- C:\WINDOWS\Tasks

09/08/2008 20:17:31 -- 12/11/2008 21:03:56 (DIR) ---- 0 days old -- C:\WINDOWS\AppPatch

10/11/2008 19:11:39 -- 12/11/2008 19:48:40 (DIR) ---- 0 days old -- C:\WINDOWS\ERDNT

31/10/2008 19:22:48 -- 12/11/2008 19:46:33 (DIR) ---- 0 days old -- C:\WINDOWS\Prefetch

10/08/2008 19:31:37 -- 12/11/2008 19:37:08 (DIR) ---- 0 days old -- C:\WINDOWS\CAVTemp

09/08/2008 20:17:31 -- 12/11/2008 19:30:58 (DIR) HS-- 0 days old -- C:\WINDOWS\Installer

09/08/2008 20:17:31 -- 12/11/2008 19:28:21 (DIR) H--- 0 days old -- C:\WINDOWS\inf

12/11/2008 19:28:18 -- 12/11/2008 19:28:18 (DIR) H--- 0 days old -- C:\WINDOWS\$NtUninstallKB957097$

09/08/2008 18:54:21 -- 12/11/2008 19:28:17 (DIR) H--- 0 days old -- C:\WINDOWS\$hf_mig$

12/11/2008 19:28:11 -- 12/11/2008 19:28:11 (DIR) H--- 0 days old -- C:\WINDOWS\$NtUninstallKB954459$

12/11/2008 19:28:02 -- 12/11/2008 19:28:02 (DIR) H--- 0 days old -- C:\WINDOWS\$NtUninstallKB955069$

09/08/2008 20:17:31 -- 12/11/2008 19:27:51 (DIR) ---- 0 days old -- C:\WINDOWS\WinSxS

09/08/2008 18:55:40 -- 05/11/2008 23:03:48 (DIR) -SR- 7 days old -- C:\WINDOWS\assembly

09/08/2008 20:17:31 -- 05/11/2008 23:03:07 (DIR) -SR- 7 days old -- C:\WINDOWS\Fonts

09/08/2008 20:17:31 -- 05/11/2008 19:03:14 (DIR) -S-- 7 days old -- C:\WINDOWS\Downloaded Program Files

01/11/2008 16:09:46 -- 01/11/2008 16:09:46 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB946648$

01/11/2008 16:09:37 -- 01/11/2008 16:09:38 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB951978$

09/08/2008 20:17:31 -- 31/10/2008 19:22:55 (DIR) ---- 12 days old -- C:\WINDOWS\ime

31/10/2008 19:20:32 -- 31/10/2008 19:20:33 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB958644$

31/10/2008 19:20:10 -- 31/10/2008 19:20:11 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB957095$

31/10/2008 19:19:48 -- 31/10/2008 19:19:49 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB956841$

31/10/2008 19:19:27 -- 31/10/2008 19:19:28 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB956803$

31/10/2008 19:19:02 -- 31/10/2008 19:19:03 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB954211$

31/10/2008 19:18:41 -- 31/10/2008 19:18:42 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB952954$

31/10/2008 19:18:21 -- 31/10/2008 19:18:22 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB952287$

31/10/2008 19:18:00 -- 31/10/2008 19:18:02 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB951748$

31/10/2008 19:17:40 -- 31/10/2008 19:17:41 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB951698$

31/10/2008 19:17:20 -- 31/10/2008 19:17:21 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB951376-v2$

31/10/2008 19:16:58 -- 31/10/2008 19:16:59 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB951066$

31/10/2008 19:16:38 -- 31/10/2008 19:16:39 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB950974$

31/10/2008 19:16:19 -- 31/10/2008 19:16:20 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB950762$

31/10/2008 19:15:54 -- 31/10/2008 19:15:54 (DIR) H--- 12 days old -- C:\WINDOWS\$NtUninstallKB938464$

09/08/2008 20:17:31 -- 31/10/2008 19:15:37 (DIR) ---- 12 days old -- C:\WINDOWS\security

09/08/2008 20:17:31 -- 31/10/2008 19:12:54 (DIR) ---- 12 days old -- C:\WINDOWS\Network Diagnostic

09/08/2008 20:17:31 -- 31/10/2008 19:12:53 (DIR) ---- 12 days old -- C:\WINDOWS\Help

31/10/2008 19:12:41 -- 31/10/2008 19:12:41 (DIR) ---- 12 days old -- C:\WINDOWS\l2schemas

09/08/2008 20:17:31 -- 31/10/2008 19:12:40 (DIR) ---- 12 days old -- C:\WINDOWS\PeerNet

31/10/2008 19:10:19 -- 31/10/2008 19:10:19 (DIR) ---- 12 days old -- C:\WINDOWS\ServicePackFiles

09/08/2008 20:17:31 -- 31/10/2008 19:10:07 (DIR) ---- 12 days old -- C:\WINDOWS\msagent

09/08/2008 18:52:01 -- 31/10/2008 19:10:05 (DIR) ---- 12 days old -- C:\WINDOWS\srchasst

09/08/2008 20:17:31 -- 31/10/2008 19:09:43 (DIR) ---- 12 days old -- C:\WINDOWS\system

31/10/2008 19:04:56 -- 31/10/2008 19:07:20 (DIR) H--- 12 days old -- C:\WINDOWS\$NtServicePackUninstall$

09/08/2008 20:17:31 -- 31/10/2008 19:04:55 (DIR) ---- 12 days old -- C:\WINDOWS\ehome

24/10/2008 13:16:51 -- 24/10/2008 13:16:51 (DIR) H--- 20 days old -- C:\WINDOWS\$NtUninstallKB958644_0$

23/10/2008 20:00:09 -- 23/10/2008 20:00:09 (DIR) H--- 20 days old -- C:\WINDOWS\PIF

15/10/2008 05:48:39 -- 15/10/2008 05:48:39 (DIR) H--- 29 days old -- C:\WINDOWS\$NtUninstallKB956803_0$

15/10/2008 05:48:32 -- 15/10/2008 05:48:32 (DIR) H--- 29 days old -- C:\WINDOWS\$NtUninstallKB956391$

15/10/2008 05:48:26 -- 15/10/2008 05:48:26 (DIR) H--- 29 days old -- C:\WINDOWS\$NtUninstallKB957095_0$

15/10/2008 05:47:55 -- 15/10/2008 05:47:55 (DIR) H--- 29 days old -- C:\WINDOWS\$NtUninstallKB954211_0$

15/10/2008 05:47:42 -- 15/10/2008 05:47:43 (DIR) H--- 29 days old -- C:\WINDOWS\$NtUninstallKB956841_0$

09/08/2008 18:52:50 -- 13/11/2008 17:38:15 1063676 ---A 0 days old -- C:\WINDOWS\WindowsUpdate.log

09/08/2008 20:32:16 -- 13/11/2008 16:31:33 1425462 ---A 0 days old -- C:\WINDOWS\MedCtrOC.log

09/08/2008 19:14:40 -- 13/11/2008 16:30:58 0 ---A 0 days old -- C:\WINDOWS\0.log

09/08/2008 18:57:27 -- 13/11/2008 16:30:04 2048 -S-A 0 days old -- C:\WINDOWS\bootstat.dat

09/08/2008 18:58:35 -- 13/11/2008 15:47:02 32590 ---A 0 days old -- C:\WINDOWS\SchedLgU.Txt

09/08/2008 19:17:16 -- 13/11/2008 15:46:51 4958588 ---A 0 days old -- C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-20061102}.BAK

09/08/2008 19:16:18 -- 13/11/2008 15:46:51 4958588 ---A 0 days old -- C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-20061102}.CDF

10/08/2008 22:58:49 -- 12/11/2008 22:36:57 353696 ---A 0 days old -- C:\WINDOWS\ntbtlog.txt

28/09/2001 21:00:00 -- 12/11/2008 21:04:20 264 ---A 0 days old -- C:\WINDOWS\system.ini

12/11/2008 06:45:57 -- 12/11/2008 20:50:01 250 ---A 0 days old -- C:\WINDOWS\gmer.ini

09/08/2008 20:32:13 -- 12/11/2008 19:28:22 345272 ---A 0 days old -- C:\WINDOWS\FaxSetup.log

09/08/2008 20:32:14 -- 12/11/2008 19:28:21 114962 ---A 0 days old -- C:\WINDOWS\comsetup.log

09/08/2008 20:32:14 -- 12/11/2008 19:28:21 178382 ---A 0 days old -- C:\WINDOWS\tsoc.log

09/08/2008 20:32:16 -- 12/11/2008 19:28:21 20223 ---A 0 days old -- C:\WINDOWS\tabletoc.log

12/11/2008 19:28:17 -- 12/11/2008 19:28:21 7334 ---A 0 days old -- C:\WINDOWS\KB957097.log

09/08/2008 20:32:14 -- 12/11/2008 19:28:21 19120 ---A 0 days old -- C:\WINDOWS\msgsocm.log

09/08/2008 20:32:13 -- 12/11/2008 19:28:21 208306 ---A 0 days old -- C:\WINDOWS\ocgen.log

09/08/2008 20:32:14 -- 12/11/2008 19:28:21 71400 ---A 0 days old -- C:\WINDOWS\ntdtcsetup.log

09/08/2008 20:32:13 -- 12/11/2008 19:28:21 387404 ---A 0 days old -- C:\WINDOWS\iis6.log

09/08/2008 20:32:14 -- 12/11/2008 19:28:21 593 ---A 0 days old -- C:\WINDOWS\imsins.log

09/08/2008 20:32:14 -- 12/11/2008 19:28:21 136072 ---A 0 days old -- C:\WINDOWS\msmqinst.log

12/11/2008 11:15:33 -- 12/11/2008 19:28:15 11291 ---A 0 days old -- C:\WINDOWS\KB954459.log

09/08/2008 20:32:14 -- 12/11/2008 19:28:15 593 ---A 0 days old -- C:\WINDOWS\imsins.BAK

12/11/2008 19:27:54 -- 12/11/2008 19:28:08 7668 ---A 0 days old -- C:\WINDOWS\KB955069.log

09/08/2008 20:49:59 -- 12/11/2008 19:28:04 122752 ---A 0 days old -- C:\WINDOWS\updspapi.log

12/11/2008 19:27:46 -- 12/11/2008 19:27:52 308112 ---A 0 days old -- C:\WINDOWS\msxml4-KB954430-enu.LOG

12/11/2008 06:45:54 -- 17/04/2008 21:13:02 811008 ---A 1 days old -- C:\WINDOWS\gmer.exe

12/11/2008 06:45:54 -- 12/11/2008 06:45:54 80 ---A 1 days old -- C:\WINDOWS\gmer_uninstall.cmd

12/11/2008 06:45:54 -- 12/11/2008 06:45:54 884736 ---A 1 days old -- C:\WINDOWS\gmer.dll

09/08/2008 20:30:00 -- 10/11/2008 22:15:10 212829 ---A 2 days old -- C:\WINDOWS\setupact.log

10/11/2008 19:35:50 -- 31/08/2000 08:00:00 28672 ---A 2 days old -- C:\WINDOWS\NIRCMD.exe

10/11/2008 19:11:53 -- 31/08/2000 08:00:00 89504 ---A 2 days old -- C:\WINDOWS\fdsv.exe

10/11/2008 19:11:53 -- 31/08/2000 08:00:00 80412 ---A 2 days old -- C:\WINDOWS\grep.exe

10/11/2008 19:11:53 -- 31/08/2000 08:00:00 68096 ---A 2 days old -- C:\WINDOWS\zip.exe

10/11/2008 19:11:53 -- 31/08/2000 08:00:00 136704 ---A 2 days old -- C:\WINDOWS\SWSC.exe

10/11/2008 19:11:53 -- 31/08/2000 08:00:00 161792 ---A 2 days old -- C:\WINDOWS\SWREG.exe

10/11/2008 19:11:53 -- 31/08/2000 08:00:00 98816 ---A 2 days old -- C:\WINDOWS\sed.exe

10/11/2008 19:11:53 -- 31/08/2000 08:00:00 49152 ---A 2 days old -- C:\WINDOWS\VFIND.exe

10/11/2008 19:11:53 -- 31/08/2000 08:00:00 212480 ---A 2 days old -- C:\WINDOWS\SWXCACLS.exe

09/08/2008 20:37:22 -- 09/11/2008 19:08:41 215 ---A 3 days old -- C:\WINDOWS\wiadebug.log

09/08/2008 20:37:22 -- 09/11/2008 19:08:41 50 ---A 3 days old -- C:\WINDOWS\wiaservc.log

10/08/2008 23:37:12 -- 09/11/2008 16:53:35 69 ---A 4 days old -- C:\WINDOWS\NeroDigital.ini

09/08/2008 21:06:56 -- 07/11/2008 14:50:34 306299 ---A 6 days old -- C:\WINDOWS\setupapi.log

01/11/2008 16:09:46 -- 01/11/2008 16:09:49 6664 ---A 12 days old -- C:\WINDOWS\KB946648.log

01/11/2008 12:23:50 -- 01/11/2008 16:09:44 12260 ---A 12 days old -- C:\WINDOWS\KB951978.log

10/08/2008 18:43:13 -- 31/10/2008 19:27:05 11644 ---A 12 days old -- C:\WINDOWS\DPINST.LOG

09/08/2008 18:53:55 -- 31/10/2008 19:23:16 1172 ---A 12 days old -- C:\WINDOWS\OEWABLog.txt

09/08/2008 20:29:58 -- 31/10/2008 19:22:49 918587 ---A 12 days old -- C:\WINDOWS\setuplog.txt

09/08/2008 20:32:16 -- 31/10/2008 19:20:48 18177 ---A 12 days old -- C:\WINDOWS\ocmsn.log

19/08/2008 09:59:01 -- 31/10/2008 19:20:48 604969 ---A 12 days old -- C:\WINDOWS\svcpack.log

24/10/2008 13:16:42 -- 31/10/2008 19:20:47 198566 ---A 12 days old -- C:\WINDOWS\KB958644.log

15/10/2008 05:48:24 -- 31/10/2008 19:20:22 203013 ---A 12 days old -- C:\WINDOWS\KB957095.log

15/10/2008 05:47:35 -- 31/10/2008 19:19:59 201519 ---A 12 days old -- C:\WINDOWS\KB956841.log

15/10/2008 05:48:38 -- 31/10/2008 19:19:38 203274 ---A 12 days old -- C:\WINDOWS\KB956803.log

15/10/2008 05:47:54 -- 31/10/2008 19:19:13 197805 ---A 12 days old -- C:\WINDOWS\KB954211.log

14/08/2008 08:47:59 -- 31/10/2008 19:18:51 210135 ---A 12 days old -- C:\WINDOWS\KB952954.log

14/08/2008 09:58:25 -- 31/10/2008 19:18:31 201815 ---A 12 days old -- C:\WINDOWS\KB952287.log

09/08/2008 20:39:16 -- 31/10/2008 19:18:12 215575 ---A 12 days old -- C:\WINDOWS\KB951748.log

09/08/2008 20:41:23 -- 31/10/2008 19:17:50 207932 ---A 12 days old -- C:\WINDOWS\KB951698.log

09/08/2008 20:52:09 -- 31/10/2008 19:17:31 205583 ---A 12 days old -- C:\WINDOWS\KB951376-v2.log

14/08/2008 08:46:48 -- 31/10/2008 19:17:11 33009 ---A 12 days old -- C:\WINDOWS\KB951072-v2.log

14/08/2008 09:57:45 -- 31/10/2008 19:17:09 198033 ---A 12 days old -- C:\WINDOWS\KB951066.log

14/08/2008 08:47:24 -- 31/10/2008 19:16:48 211314 ---A 12 days old -- C:\WINDOWS\KB950974.log

09/08/2008 20:50:30 -- 31/10/2008 19:16:29 200048 ---A 12 days old -- C:\WINDOWS\KB950762.log

09/08/2008 20:51:17 -- 31/10/2008 19:16:05 23113 ---A 12 days old -- C:\WINDOWS\KB942763.log

10/09/2008 11:35:49 -- 31/10/2008 19:16:03 195036 ---A 12 days old -- C:\WINDOWS\KB938464.log

09/08/2008 18:49:07 -- 31/10/2008 19:13:46 373 ---A 12 days old -- C:\WINDOWS\cmsetacl.log

09/08/2008 20:02:03 -- 31/10/2008 19:13:42 141041 ---A 12 days old -- C:\WINDOWS\spupdsvc.log

09/08/2008 18:51:26 -- 31/10/2008 19:13:34 1334 ---A 12 days old -- C:\WINDOWS\sessmgr.setup.log

09/08/2008 20:32:16 -- 31/10/2008 19:07:32 52604 ---A 12 days old -- C:\WINDOWS\netfxocm.log

31/10/2008 12:43:28 -- 14/04/2008 17:05:20 32866 ---- 13 days old -- C:\WINDOWS\slrundll.exe

31/10/2008 12:42:12 -- 28/12/2006 20:01:31 19569 ---A 13 days old -- C:\WINDOWS\002899_.tmp

09/08/2008 18:50:45 -- 25/10/2008 11:30:44 50450 ---A 19 days old -- C:\WINDOWS\wmsetup.log

10/08/2008 23:12:47 -- 21/10/2008 19:52:40 1424 ---A 22 days old -- C:\WINDOWS\mozver.dat

21/10/2008 19:52:24 -- 21/10/2008 19:52:25 21983 ---A 22 days old -- C:\WINDOWS\iid.ini

15/10/2008 05:48:32 -- 15/10/2008 05:48:35 11811 ---A 29 days old -- C:\WINDOWS\KB956391.log

15/10/2008 05:39:30 -- 15/10/2008 05:48:22 29786 ---A 29 days old -- C:\WINDOWS\KB956390-IE7.log

11/08/2008 11:36:31 -- 14/10/2008 06:03:23 10647 ---A 30 days old -- C:\WINDOWS\KB892130.log

---- recent files in C:\WINDOWS\system

---- recent files in C:\WINDOWS\system3209/08/2008 20:17:31 -- 13/11/2008 17:38:12 (DIR) ---- 0 days old -- C:\WINDOWS\system32\drivers

09/08/2008 20:30:27 -- 13/11/2008 17:36:42 (DIR) ---- 0 days old -- C:\WINDOWS\system32\CatRoot2

09/08/2008 18:53:50 -- 12/11/2008 22:36:41 (DIR) ---- 0 days old -- C:\WINDOWS\system32\dllcache

09/08/2008 20:17:31 -- 07/11/2008 16:25:27 (DIR) ---- 6 days old -- C:\WINDOWS\system32\config

09/08/2008 20:17:31 -- 31/10/2008 19:22:55 (DIR) ---- 12 days old -- C:\WINDOWS\system32\wbem

31/10/2008 19:22:54 -- 31/10/2008 19:22:54 (DIR) ---- 12 days old -- C:\WINDOWS\system32\xircom

09/08/2008 20:17:31 -- 31/10/2008 19:22:09 (DIR) ---- 12 days old -- C:\WINDOWS\system32\Setup

09/08/2008 20:30:27 -- 31/10/2008 19:20:35 (DIR) ---- 12 days old -- C:\WINDOWS\system32\CatRoot

09/08/2008 20:17:31 -- 31/10/2008 19:12:54 (DIR) ---- 12 days old -- C:\WINDOWS\system32\inetsrv

09/08/2008 20:17:31 -- 31/10/2008 19:12:42 (DIR) ---- 12 days old -- C:\WINDOWS\system32\usmt

09/08/2008 20:17:31 -- 31/10/2008 19:12:42 (DIR) ---- 12 days old -- C:\WINDOWS\system32\sv-se

31/10/2008 19:12:40 -- 31/10/2008 19:12:41 (DIR) ---- 12 days old -- C:\WINDOWS\system32\sv

31/10/2008 19:12:40 -- 31/10/2008 19:12:40 (DIR) ---- 12 days old -- C:\WINDOWS\system32\bits

09/08/2008 18:51:46 -- 31/10/2008 19:10:08 (DIR) ---- 12 days old -- C:\WINDOWS\system32\Restore

09/08/2008 20:17:31 -- 31/10/2008 19:10:08 (DIR) ---- 12 days old -- C:\WINDOWS\system32\npp

09/08/2008 18:49:37 -- 31/10/2008 19:10:03 (DIR) ---- 12 days old -- C:\WINDOWS\system32\Com

09/08/2008 20:17:31 -- 31/10/2008 19:09:45 (DIR) ---- 12 days old -- C:\WINDOWS\system32\oobe

09/08/2008 19:17:26 -- 13/11/2008 15:47:22 1080 ---A 0 days old -- C:\WINDOWS\system32\settingsbkup.sfm

09/08/2008 19:17:26 -- 13/11/2008 15:47:22 1080 ---A 0 days old -- C:\WINDOWS\system32\settings.sfm

09/08/2008 19:16:02 -- 13/11/2008 15:47:22 30888 ---A 0 days old -- C:\WINDOWS\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx

09/08/2008 19:16:02 -- 13/11/2008 15:47:22 30528 ---A 0 days old -- C:\WINDOWS\system32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx

09/08/2008 19:16:02 -- 13/11/2008 15:47:22 11564 ---A 0 days old -- C:\WINDOWS\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx

09/08/2008 19:16:02 -- 13/11/2008 15:47:22 30528 ---A 0 days old -- C:\WINDOWS\system32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx

09/08/2008 19:16:02 -- 13/11/2008 15:47:22 30888 ---A 0 days old -- C:\WINDOWS\system32\BMXState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx

12/11/2008 22:41:45 -- 12/11/2008 22:41:45 14848 ---A 0 days old -- C:\WINDOWS\system32\xmlpsovi.dll

10/11/2008 19:06:19 -- 10/11/2008 22:13:04 0 ---A 2 days old -- C:\WINDOWS\system32\tmp.txt

10/11/2008 19:06:19 -- 10/11/2008 22:13:04 3512 ---A 2 days old -- C:\WINDOWS\system32\tmp.reg

10/11/2008 19:05:43 -- 05/09/2007 23:22:23 289144 ---A 2 days old -- C:\WINDOWS\system32\VCCLSID.exe

10/11/2008 19:05:43 -- 01/10/2008 14:51:40 87552 ---A 2 days old -- C:\WINDOWS\system32\VACFix.exe

10/11/2008 19:05:43 -- 03/10/2007 23:36:46 25600 ---A 2 days old -- C:\WINDOWS\system32\WS2Fix.exe

10/11/2008 19:05:43 -- 18/05/2008 20:40:35 82944 ---A 2 days old -- C:\WINDOWS\system32\IEDFix.exe

10/11/2008 19:05:43 -- 10/10/2008 07:58:08 82944 ---A 2 days old -- C:\WINDOWS\system32\o4Patch.exe

10/11/2008 19:05:43 -- 18/08/2008 11:19:03 82432 ---A 2 days old -- C:\WINDOWS\system32\404Fix.exe

10/11/2008 19:05:43 -- 10/10/2008 07:58:08 82944 ---A 2 days old -- C:\WINDOWS\system32\IEDFix.C.exe

10/11/2008 19:05:42 -- 31/07/2004 17:50:36 51200 ---A 2 days old -- C:\WINDOWS\system32\dumphive.exe

10/11/2008 19:05:42 -- 27/04/2006 16:49:30 288417 ---A 2 days old -- C:\WINDOWS\system32\SrchSTS.exe

10/11/2008 19:05:42 -- 05/06/2003 20:13:00 53248 ---A 2 days old -- C:\WINDOWS\system32\Process.exe

28/09/2001 21:00:00 -- 09/11/2008 18:40:45 73728 ---A 3 days old -- C:\WINDOWS\system32\perfc01D.dat

09/08/2008 20:32:12 -- 09/11/2008 18:40:45 953580 ---A 3 days old -- C:\WINDOWS\system32\PerfStringBackup.INI

28/09/2001 21:00:00 -- 09/11/2008 18:40:45 401064 ---A 3 days old -- C:\WINDOWS\system32\perfh009.dat

28/09/2001 21:00:00 -- 09/11/2008 18:40:45 62344 ---A 3 days old -- C:\WINDOWS\system32\perfc009.dat

28/09/2001 21:00:00 -- 09/11/2008 18:40:45 404004 ---A 3 days old -- C:\WINDOWS\system32\perfh01D.dat

09/08/2008 20:23:24 -- 05/11/2008 23:07:23 292480 ---A 7 days old -- C:\WINDOWS\system32\FNTCACHE.DAT

05/11/2008 23:02:43 -- 10/06/2008 01:21:01 135168 ---A 7 days old -- C:\WINDOWS\system32\java.exe

05/11/2008 23:02:43 -- 10/06/2008 02:32:34 139264 ---A 7 days old -- C:\WINDOWS\system32\javaws.exe

05/11/2008 23:02:28 -- 05/11/2008 23:02:43 6736 ---A 7 days old -- C:\WINDOWS\system32\jupdate-1.6.0_07-b06.log

05/11/2008 23:02:43 -- 10/06/2008 01:21:04 135168 ---A 7 days old -- C:\WINDOWS\system32\javaw.exe

12/08/2008 19:26:11 -- 04/11/2008 01:10:25 17318336 ---A 9 days old -- C:\WINDOWS\system32\MRT.exe

28/09/2001 21:00:00 -- 31/10/2008 19:22:51 2206 ---A 12 days old -- C:\WINDOWS\system32\wpa.dbl

31/10/2008 19:15:40 -- 31/10/2008 19:20:47 2979 ---A 12 days old -- C:\WINDOWS\system32\spupdsvc.inf

31/10/2008 12:44:04 -- 14/04/2008 17:04:54 276992 ---- 13 days old -- C:\WINDOWS\system32\wmphoto.dll

31/10/2008 12:44:01 -- 14/04/2008 17:04:54 69120 ---- 13 days old -- C:\WINDOWS\system32\wlanapi.dll

31/10/2008 12:43:59 -- 14/04/2008 17:04:54 712704 ---- 13 days old -- C:\WINDOWS\system32\windowscodecs.dll

31/10/2008 12:43:59 -- 14/04/2008 17:04:54 346112 ---- 13 days old -- C:\WINDOWS\system32\windowscodecsext.dll

31/10/2008 12:43:54 -- 14/04/2008 17:05:25 28672 ---- 13 days old -- C:\WINDOWS\system32\vidcap.ax

31/10/2008 12:43:46 -- 14/04/2008 17:04:53 50688 ---- 13 days old -- C:\WINDOWS\system32\tspkg.dll

31/10/2008 12:43:33 -- 14/04/2008 17:05:20 20992 ---- 13 days old -- C:\WINDOWS\system32\spupdwxp.exe

31/10/2008 12:43:31 -- 14/04/2008 17:05:20 7680 ---A 13 days old -- C:\WINDOWS\system32\spdwnwxp.exe

31/10/2008 12:43:28 -- 14/04/2008 17:05:20 73796 ---- 13 days old -- C:\WINDOWS\system32\slserv.exe

31/10/2008 12:43:28 -- 14/04/2008 17:05:20 32866 ---- 13 days old -- C:\WINDOWS\system32\slrundll.exe

31/10/2008 12:43:28 -- 14/04/2008 17:04:48 188508 ---- 13 days old -- C:\WINDOWS\system32\slgen.dll

31/10/2008 12:43:28 -- 14/04/2008 17:04:48 286792 ---- 13 days old -- C:\WINDOWS\system32\slextspk.dll

31/10/2008 12:43:28 -- 14/04/2008 17:04:48 73832 ---- 13 days old -- C:\WINDOWS\system32\slcoinst.dll

31/10/2008 12:43:25 -- 14/04/2008 17:05:19 32768 ---- 13 days old -- C:\WINDOWS\system32\setupn.exe

31/10/2008 12:43:20 -- 14/04/2008 17:04:47 397056 ---- 13 days old -- C:\WINDOWS\system32\s3gnb.dll

31/10/2008 12:43:14 -- 14/04/2008 17:04:47 61952 ---- 13 days old -- C:\WINDOWS\system32\rasqec.dll

31/10/2008 12:43:14 -- 14/04/2008 17:04:47 76800 ---- 13 days old -- C:\WINDOWS\system32\qutil.dll

31/10/2008 12:43:13 -- 14/04/2008 17:04:47 150528 ---- 13 days old -- C:\WINDOWS\system32\qagent.dll

31/10/2008 12:43:13 -- 14/04/2008 17:04:47 291328 ---- 13 days old -- C:\WINDOWS\system32\qagentrt.dll

31/10/2008 12:43:13 -- 14/04/2008 17:04:47 62464 ---- 13 days old -- C:\WINDOWS\system32\qcliprov.dll

31/10/2008 12:43:11 -- 14/04/2008 17:04:47 412160 ---- 13 days old -- C:\WINDOWS\system32\photometadatahandler.dll

31/10/2008 12:43:08 -- 14/04/2008 17:04:47 144384 ---- 13 days old -- C:\WINDOWS\system32\onex.dll

31/10/2008 12:43:06 -- 14/04/2008 17:04:45 4274816 ---- 13 days old -- C:\WINDOWS\system32\nv4_disp.dll

31/10/2008 12:42:59 -- 14/04/2008 17:05:14 176128 ---- 13 days old -- C:\WINDOWS\system32\napstat.exe

31/10/2008 12:42:59 -- 14/04/2008 17:04:44 194048 ---- 13 days old -- C:\WINDOWS\system32\napmontr.dll

31/10/2008 12:42:59 -- 14/04/2008 17:04:44 1737856 ---- 13 days old -- C:\WINDOWS\system32\mtxparhd.dll

31/10/2008 12:42:59 -- 14/04/2008 17:04:44 30208 ---- 13 days old -- C:\WINDOWS\system32\napipsec.dll

31/10/2008 12:42:58 -- 10/09/2008 02:16:22 1307648 ---- 13 days old -- C:\WINDOWS\system32\msxml6.dll

31/10/2008 12:42:58 -- 14/04/2008 16:41:48 79872 ---- 13 days old -- C:\WINDOWS\system32\msxml6r.dll

31/10/2008 12:42:56 -- 14/04/2008 16:41:04 77312 ---- 13 days old -- C:\WINDOWS\system32\msshavmsg.dll

31/10/2008 12:42:56 -- 14/04/2008 17:04:44 155136 ---- 13 days old -- C:\WINDOWS\system32\mssha.dll

31/10/2008 12:42:45 -- 14/04/2008 17:05:11 33792 ---- 13 days old -- C:\WINDOWS\system32\mmcperf.exe

31/10/2008 12:42:44 -- 14/04/2008 17:04:41 106496 ---- 13 days old -- C:\WINDOWS\system32\mmcfxcommon.dll

31/10/2008 12:42:44 -- 14/04/2008 17:04:41 397312 ---- 13 days old -- C:\WINDOWS\system32\mmcex.dll

31/10/2008 12:42:44 -- 14/04/2008 17:04:41 184320 ---- 13 days old -- C:\WINDOWS\system32\microsoft.managementconsole.dll

31/10/2008 12:42:42 -- 14/04/2008 17:04:41 86016 ---- 13 days old -- C:\WINDOWS\system32\mdmxsdk.dll

31/10/2008 12:42:33 -- 14/04/2008 17:04:40 61440 ---- 13 days old -- C:\WINDOWS\system32\kmsvc.dll

31/10/2008 12:42:33 -- 14/04/2008 17:04:40 37376 ---- 13 days old -- C:\WINDOWS\system32\l2gpstore.dll

31/10/2008 12:42:26 -- 14/04/2008 17:04:47 9728 ---- 13 days old -- C:\WINDOWS\system32\rwnh.dll

31/10/2008 12:42:26 -- 14/04/2008 16:46:22 1950 ---- 13 days old -- C:\WINDOWS\system32\pid.inf

31/10/2008 12:42:26 -- 14/04/2008 17:04:48 10752 ---- 13 days old -- C:\WINDOWS\system32\smtpapi.dll

31/10/2008 12:42:23 -- 13/04/2008 19:43:32 9728 ---- 13 days old -- C:\WINDOWS\system32\comsdupd.exe

31/10/2008 12:42:19 -- 14/04/2008 17:04:38 32285 ---- 13 days old -- C:\WINDOWS\system32\hsfcisp2.dll

31/10/2008 12:42:12 -- 14/04/2008 17:05:06 20992 ---- 13 days old -- C:\WINDOWS\system32\faxpatch.exe

31/10/2008 12:42:10 -- 14/04/2008 17:04:37 33280 ---- 13 days old -- C:\WINDOWS\system32\eapsvc.dll

31/10/2008 12:42:10 -- 14/04/2008 17:04:37 126976 ---- 13 days old -- C:\WINDOWS\system32\eappcfg.dll

31/10/2008 12:42:10 -- 14/04/2008 17:04:37 30720 ---- 13 days old -- C:\WINDOWS\system32\eapolqec.dll

31/10/2008 12:42:10 -- 14/04/2008 17:04:37 180224 ---- 13 days old -- C:\WINDOWS\system32\eapphost.dll

31/10/2008 12:42:10 -- 14/04/2008 17:04:37 58880 ---- 13 days old -- C:\WINDOWS\system32\eapqec.dll

31/10/2008 12:42:10 -- 14/04/2008 17:04:37 184832 ---- 13 days old -- C:\WINDOWS\system32\eapp3hst.dll

31/10/2008 12:42:10 -- 14/04/2008 17:04:37 40960 ---- 13 days old -- C:\WINDOWS\system32\eappprxy.dll

31/10/2008 12:42:10 -- 14/04/2008 17:04:37 94208 ---- 13 days old -- C:\WINDOWS\system32\eappgnui.dll

31/10/2008 12:42:08 -- 14/04/2008 17:04:36 56320 ---- 13 days old -- C:\WINDOWS\system32\dot3msm.dll

31/10/2008 12:42:08 -- 14/04/2008 17:04:36 9216 ---- 13 days old -- C:\WINDOWS\system32\dot3dlg.dll

31/10/2008 12:42:08 -- 14/04/2008 17:04:36 132608 ---- 13 days old -- C:\WINDOWS\system32\dot3svc.dll

31/10/2008 12:42:08 -- 14/04/2008 17:04:36 26112 ---- 13 days old -- C:\WINDOWS\system32\dot3api.dll

31/10/2008 12:42:08 -- 14/04/2008 17:04:36 651264 ---- 13 days old -- C:\WINDOWS\system32\dot3ui.dll

31/10/2008 12:42:08 -- 14/04/2008 17:04:36 59392 ---- 13 days old -- C:\WINDOWS\system32\dot3cfg.dll

31/10/2008 12:42:08 -- 14/04/2008 17:04:36 39936 ---- 13 days old -- C:\WINDOWS\system32\dot3gpclnt.dll

31/10/2008 12:42:06 -- 14/04/2008 17:04:36 48640 ---- 13 days old -- C:\WINDOWS\system32\dhcpqec.dll

31/10/2008 12:42:06 -- 14/04/2008 17:04:36 19456 ---- 13 days old -- C:\WINDOWS\system32\dimsntfy.dll

31/10/2008 12:42:06 -- 14/04/2008 17:04:36 39936 ---- 13 days old -- C:\WINDOWS\system32\dimsroam.dll

31/10/2008 12:42:04 -- 14/04/2008 17:04:35 12800 ---- 13 days old -- C:\WINDOWS\system32\credssp.dll

31/10/2008 12:42:01 -- 14/04/2008 17:04:35 7168 ---- 13 days old -- C:\WINDOWS\system32\bitsprx4.dll

31/10/2008 12:42:00 -- 14/04/2008 17:04:35 233472 ---- 13 days old -- C:\WINDOWS\system32\azroles.dll

31/10/2008 12:41:59 -- 14/04/2008 17:05:25 23040 ---- 13 days old -- C:\WINDOWS\system32\ativmvxx.ax

31/10/2008 12:41:59 -- 14/04/2008 17:05:25 9728 ---- 13 days old -- C:\WINDOWS\system32\ativdaxx.ax

31/10/2008 12:41:59 -- 14/04/2008 17:04:35 32768 ---- 13 days old -- C:\WINDOWS\system32\ativtmxx.dll

31/10/2008 12:41:58 -- 14/04/2008 17:04:35 377984 ---- 13 days old -- C:\WINDOWS\system32\ati2dvaa.dll

31/10/2008 12:41:58 -- 14/04/2008 17:04:35 870784 ---- 13 days old -- C:\WINDOWS\system32\ati3d1ag.dll

21/10/2008 19:52:25 -- 26/02/2008 10:04:10 114054 ---A 22 days old -- C:\WINDOWS\system32\iidxpos.bmp

21/10/2008 19:52:25 -- 26/02/2008 10:04:08 114054 ---A 22 days old -- C:\WINDOWS\system32\iidxts.bmp

21/10/2008 19:52:25 -- 22/02/2008 15:52:06 151856 ---A 22 days old -- C:\WINDOWS\system32\iidxcard.bmp

21/10/2008 19:52:25 -- 22/02/2008 15:52:06 114056 ---A 22 days old -- C:\WINDOWS\system32\iidxtel.bmp

21/10/2008 19:52:25 -- 26/02/2008 10:04:10 114054 ---A 22 days old -- C:\WINDOWS\system32\iidxsith.bmp

21/10/2008 19:52:25 -- 22/02/2008 15:52:06 54512 ---A 22 days old -- C:\WINDOWS\system32\iidxcmt.exe

21/10/2008 19:52:24 -- 22/02/2008 15:52:06 107760 ---A 22 days old -- C:\WINDOWS\system32\iidplg.dll

21/10/2008 19:52:24 -- 22/02/2008 15:52:06 147456 ---A 22 days old -- C:\WINDOWS\system32\iidcsp.dll

21/10/2008 19:52:24 -- 22/02/2008 15:52:06 509168 ---A 22 days old -- C:\WINDOWS\system32\iidxadm.exe

21/10/2008 19:52:24 -- 22/02/2008 15:52:06 487424 ---A 22 days old -- C:\WINDOWS\system32\iidp11.dll

21/10/2008 19:52:24 -- 22/02/2008 15:52:06 74992 ---A 22 days old -- C:\WINDOWS\system32\iid.exe

21/10/2008 19:52:24 -- 22/02/2008 15:52:06 724992 ---A 22 days old -- C:\WINDOWS\system32\iid.dll

27/05/2007 17:02:29 -- 15/10/2008 17:38:27 337408 ---A 29 days old -- C:\WINDOWS\system32\netapi32.dll

---- recent files in C:\WINDOWS\system32\drivers09/08/2008 20:17:31 -- 12/11/2008 22:37:33 (DIR) ---- 0 days old -- C:\WINDOWS\system32\drivers\etc

12/11/2008 06:45:54 -- 12/11/2008 06:45:54 85969 ---A 1 days old -- C:\WINDOWS\system32\drivers\gmer.sys

09/11/2008 20:11:13 -- 22/10/2008 16:10:22 15504 ---A 3 days old -- C:\WINDOWS\system32\drivers\mbam.sys

09/11/2008 20:11:10 -- 22/10/2008 16:10:38 38496 ---A 3 days old -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

31/10/2008 12:43:56 -- 03/08/2004 22:29:42 11935 ---- 13 days old -- C:\WINDOWS\system32\drivers\wadv11nt.sys

31/10/2008 12:43:56 -- 13/04/2008 19:43:55 14208 ---- 13 days old -- C:\WINDOWS\system32\drivers\wacompen.sys

31/10/2008 12:43:56 -- 03/08/2004 22:29:46 22271 ---- 13 days old -- C:\WINDOWS\system32\drivers\watv06nt.sys

31/10/2008 12:43:56 -- 03/08/2004 22:29:42 11871 ---- 13 days old -- C:\WINDOWS\system32\drivers\wadv09nt.sys

31/10/2008 12:43:56 -- 03/08/2004 22:29:40 11295 ---- 13 days old -- C:\WINDOWS\system32\drivers\wadv08nt.sys

31/10/2008 12:43:56 -- 03/08/2004 22:29:40 11807 ---- 13 days old -- C:\WINDOWS\system32\drivers\wadv07nt.sys

31/10/2008 12:43:56 -- 03/08/2004 22:29:46 25471 ---- 13 days old -- C:\WINDOWS\system32\drivers\watv10nt.sys

31/10/2008 12:43:54 -- 13/04/2008 19:36:40 42240 ---- 13 days old -- C:\WINDOWS\system32\drivers\viaagp.sys

31/10/2008 12:43:53 -- 14/04/2008 17:04:53 11325 ---- 13 days old -- C:\WINDOWS\system32\drivers\vchnt5.dll

31/10/2008 12:43:51 -- 13/04/2008 19:46:20 121984 ---- 13 days old -- C:\WINDOWS\system32\drivers\usbvideo.sys

31/10/2008 12:43:50 -- 13/04/2008 19:56:49 12800 ---- 13 days old -- C:\WINDOWS\system32\drivers\usb8023x.sys

31/10/2008 12:43:47 -- 13/04/2008 19:36:40 44672 ---- 13 days old -- C:\WINDOWS\system32\drivers\uagp35.sys

31/10/2008 12:43:29 -- 13/04/2008 19:36:34 5888 ---- 13 days old -- C:\WINDOWS\system32\drivers\smbali.sys

31/10/2008 12:43:28 -- 03/08/2004 22:41:46 13240 ---- 13 days old -- C:\WINDOWS\system32\drivers\slwdmsup.sys

31/10/2008 12:43:28 -- 03/08/2004 22:41:44 404990 ---- 13 days old -- C:\WINDOWS\system32\drivers\slntamr.sys

31/10/2008 12:43:28 -- 03/08/2004 22:41:42 129535 ---- 13 days old -- C:\WINDOWS\system32\drivers\slnt7554.sys

31/10/2008 12:43:28 -- 03/08/2004 22:41:46 95424 ---- 13 days old -- C:\WINDOWS\system32\drivers\slnthal.sys

31/10/2008 12:43:27 -- 13/04/2008 19:36:39 40960 ---- 13 days old -- C:\WINDOWS\system32\drivers\sisagp.sys

31/10/2008 12:43:27 -- 14/04/2008 17:04:48 3901 ---- 13 days old -- C:\WINDOWS\system32\drivers\siint5.dll

31/10/2008 12:43:25 -- 13/04/2008 19:40:48 10240 ---- 13 days old -- C:\WINDOWS\system32\drivers\sffp_mmc.sys

31/10/2008 12:43:20 -- 03/08/2004 22:29:52 166912 ---- 13 days old -- C:\WINDOWS\system32\drivers\s3gnbm.sys

31/10/2008 12:43:17 -- 13/04/2008 19:46:32 59136 ---- 13 days old -- C:\WINDOWS\system32\drivers\rfcomm.sys

31/10/2008 12:43:17 -- 13/04/2008 19:56:49 30592 ---- 13 days old -- C:\WINDOWS\system32\drivers\rndismpx.sys

31/10/2008 12:43:15 -- 03/08/2004 22:41:40 13776 ---- 13 days old -- C:\WINDOWS\system32\drivers\recagent.sys

31/10/2008 12:43:06 -- 03/08/2004 22:29:56 1897408 ---- 13 days old -- C:\WINDOWS\system32\drivers\nv4_mini.sys

31/10/2008 12:43:05 -- 03/08/2004 22:41:40 180360 ---- 13 days old -- C:\WINDOWS\system32\drivers\ntmtlfax.sys

31/10/2008 12:43:02 -- 17/07/2004 11:35:00 67866 ---- 13 days old -- C:\WINDOWS\system32\drivers\netwlan5.img

31/10/2008 12:42:59 -- 03/08/2004 22:29:38 452736 ---- 13 days old -- C:\WINDOWS\system32\drivers\mtxparhm.sys

31/10/2008 12:42:59 -- 13/04/2008 19:43:55 12672 ---- 13 days old -- C:\WINDOWS\system32\drivers\mutohpen.sys

31/10/2008 12:42:58 -- 03/08/2004 22:41:40 126686 ---- 13 days old -- C:\WINDOWS\system32\drivers\mtlmnt5.sys

31/10/2008 12:42:58 -- 03/08/2004 22:41:38 1309184 ---- 13 days old -- C:\WINDOWS\system32\drivers\mtlstrm.sys

31/10/2008 12:42:42 -- 03/08/2004 22:41:56 11868 ---- 13 days old -- C:\WINDOWS\system32\drivers\mdmxsdk.sys

31/10/2008 12:42:24 -- 13/04/2008 19:45:34 46592 ---- 13 days old -- C:\WINDOWS\system32\drivers\irbus.sys

31/10/2008 12:42:19 -- 03/08/2004 22:41:56 1041536 ---- 13 days old -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys

31/10/2008 12:42:19 -- 03/08/2004 22:41:48 220032 ---- 13 days old -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys

31/10/2008 12:42:19 -- 03/08/2004 22:41:50 685056 ---- 13 days old -- C:\WINDOWS\system32\drivers\hsfcxts2.sys

31/10/2008 12:42:18 -- 14/04/2008 16:38:04 25600 ---- 13 days old -- C:\WINDOWS\system32\drivers\hidbth.sys

31/10/2008 12:42:18 -- 13/04/2008 19:45:26 19200 ---- 13 days old -- C:\WINDOWS\system32\drivers\hidir.sys

31/10/2008 12:42:16 -- 13/04/2008 19:36:40 46464 ---- 13 days old -- C:\WINDOWS\system32\drivers\gagp30kx.sys

31/10/2008 12:42:05 -- 17/07/2004 22:55:24 129045 ---- 13 days old -- C:\WINDOWS\system32\drivers\cxthsfs2.cty

31/10/2008 12:42:02 -- 14/04/2008 17:04:35 15423 ---- 13 days old -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll

31/10/2008 12:42:01 -- 13/04/2008 19:46:33 17024 ---- 13 days old -- C:\WINDOWS\system32\drivers\bthenum.sys

31/10/2008 12:42:01 -- 13/04/2008 19:51:34 101120 ---- 13 days old -- C:\WINDOWS\system32\drivers\bthpan.sys

31/10/2008 12:42:01 -- 13/04/2008 19:46:29 18944 ---- 13 days old -- C:\WINDOWS\system32\drivers\bthusb.sys

31/10/2008 12:42:01 -- 13/04/2008 19:46:31 36480 ---- 13 days old -- C:\WINDOWS\system32\drivers\bthprint.sys

31/10/2008 12:42:01 -- 13/04/2008 19:46:33 37888 ---- 13 days old -- C:\WINDOWS\system32\drivers\bthmodem.sys

31/10/2008 12:41:59 -- 14/04/2008 17:04:35 21183 ---- 13 days old -- C:\WINDOWS\system32\drivers\atv01nt5.dll

31/10/2008 12:41:59 -- 03/08/2004 22:29:32 31744 ---- 13 days old -- C:\WINDOWS\system32\drivers\atinxbxx.sys

31/10/2008 12:41:59 -- 17/07/2004 11:36:24 64352 ---- 13 days old -- C:\WINDOWS\system32\drivers\ativmc20.cod

31/10/2008 12:41:59 -- 03/08/2004 22:29:32 63488 ---- 13 days old -- C:\WINDOWS\system32\drivers\atinxsxx.sys

31/10/2008 12:41:59 -- 14/04/2008 17:04:35 17279 ---- 13 days old -- C:\WINDOWS\system32\drivers\atv10nt5.dll

31/10/2008 12:41:59 -- 14/04/2008 17:04:35 11359 ---- 13 days old -- C:\WINDOWS\system32\drivers\atv02nt5.dll

31/10/2008 12:41:59 -- 14/04/2008 17:04:35 25471 ---- 13 days old -- C:\WINDOWS\system32\drivers\atv04nt5.dll

31/10/2008 12:41:59 -- 14/04/2008 17:04:35 14143 ---- 13 days old -- C:\WINDOWS\system32\drivers\atv06nt5.dll

31/10/2008 12:41:58 -- 03/08/2004 22:29:30 14336 ---- 13 days old -- C:\WINDOWS\system32\drivers\atinpdxx.sys

31/10/2008 12:41:58 -- 03/08/2004 22:29:30 52224 ---- 13 days old -- C:\WINDOWS\system32\drivers\atinraxx.sys

31/10/2008 12:41:58 -- 04/08/2004 01:07:44 327040 ---- 13 days old -- C:\WINDOWS\system32\drivers\ati2mtaa.sys

31/10/2008 12:41:58 -- 03/08/2004 22:29:32 104960 ---- 13 days old -- C:\WINDOWS\system32\drivers\atinrvxx.sys

31/10/2008 12:41:58 -- 03/08/2004 22:29:30 13824 ---- 13 days old -- C:\WINDOWS\system32\drivers\atinmdxx.sys

31/10/2008 12:41:58 -- 03/08/2004 22:29:32 73216 ---- 13 days old -- C:\WINDOWS\system32\drivers\atintuxx.sys

31/10/2008 12:41:58 -- 03/08/2004 22:29:32 28672 ---- 13 days old -- C:\WINDOWS\system32\drivers\atinsnxx.sys

31/10/2008 12:41:58 -- 03/08/2004 22:29:32 13824 ---- 13 days old -- C:\WINDOWS\system32\drivers\atinttxx.sys

31/10/2008 12:41:58 -- 03/08/2004 22:29:28 57856 ---- 13 days old -- C:\WINDOWS\system32\drivers\atinbtxx.sys

31/10/2008 12:41:57 -- 03/08/2004 22:29:32 63663 ---- 13 days old -- C:\WINDOWS\system32\drivers\ati1rvxx.sys

31/10/2008 12:41:57 -- 03/08/2004 22:29:32 30671 ---- 13 days old -- C:\WINDOWS\system32\drivers\ati1raxx.sys

31/10/2008 12:41:57 -- 03/08/2004 22:29:30 11615 ---- 13 days old -- C:\WINDOWS\system32\drivers\ati1mdxx.sys

31/10/2008 12:41:57 -- 03/08/2004 22:29:32 26367 ---- 13 days old -- C:\WINDOWS\system32\drivers\ati1snxx.sys

31/10/2008 12:41:57 -- 03/08/2004 22:29:30 12047 ---- 13 days old -- C:\WINDOWS\system32\drivers\ati1pdxx.sys

31/10/2008 12:41:57 -- 03/08/2004 22:29:32 34735 ---- 13 days old -- C:\WINDOWS\system32\drivers\ati1xsxx.sys

31/10/2008 12:41:57 -- 03/08/2004 22:29:32 29455 ---- 13 days old -- C:\WINDOWS\system32\drivers\ati1xbxx.sys

31/10/2008 12:41:57 -- 03/08/2004 22:29:32 21343 ---- 13 days old -- C:\WINDOWS\system32\drivers\ati1ttxx.sys

31/10/2008 12:41:57 -- 03/08/2004 22:29:32 36463 ---- 13 days old -- C:\WINDOWS\system32\drivers\ati1tuxx.sys

31/10/2008 12:41:57 -- 03/08/2004 22:29:30 56623 ---- 13 days old -- C:\WINDOWS\system32\drivers\ati1btxx.sys

31/10/2008 12:41:54 -- 13/04/2008 19:36:38 42752 ---- 13 days old -- C:\WINDOWS\system32\drivers\alim1541.sys

31/10/2008 12:41:54 -- 13/04/2008 19:36:39 43008 ---- 13 days old -- C:\WINDOWS\system32\drivers\amdagp.sys

31/10/2008 12:41:52 -- 13/04/2008 19:36:39 44928 ---- 13 days old -- C:\WINDOWS\system32\drivers\agpcpq.sys

31/10/2008 12:41:52 -- 13/04/2008 19:36:38 42368 ---- 13 days old -- C:\WINDOWS\system32\drivers\agp440.sys

31/10/2008 12:41:52 -- 14/04/2008 17:04:35 3775 ---- 13 days old -- C:\WINDOWS\system32\drivers\adv11nt5.dll

31/10/2008 12:41:51 -- 14/04/2008 17:04:35 3615 ---- 13 days old -- C:\WINDOWS\system32\drivers\adv05nt5.dll

31/10/2008 12:41:51 -- 14/04/2008 17:04:35 3647 ---- 13 days old -- C:\WINDOWS\system32\drivers\adv07nt5.dll

31/10/2008 12:41:51 -- 14/04/2008 17:04:35 3967 ---- 13 days old -- C:\WINDOWS\system32\drivers\adv02nt5.dll

31/10/2008 12:41:51 -- 14/04/2008 17:04:35 3711 ---- 13 days old -- C:\WINDOWS\system32\drivers\adv09nt5.dll

31/10/2008 12:41:51 -- 14/04/2008 17:04:35 3135 ---- 13 days old -- C:\WINDOWS\system32\drivers\adv08nt5.dll

31/10/2008 12:41:51 -- 14/04/2008 17:04:35 4255 ---- 13 days old -- C:\WINDOWS\system32\drivers\adv01nt5.dll

27/05/2007 17:04:54 -- 24/10/2008 12:21:09 455296 ---A 20 days old -- C:\WINDOWS\system32\drivers\mrxsmb.sys

---- recent files in C:\WINDOWS\temp12/11/2008 22:40:36 -- 13/11/2008 16:30:08 255 ---A 0 days old -- C:\WINDOWS\temp\WGAErrLog.txt

---- recent files in C:\Program11/08/2008 21:46:52 -- 13/11/2008 16:30:52 (DIR) ---- 0 days old -- C:\Program\Steam

20/08/2008 11:55:58 -- 13/11/2008 13:16:57 (DIR) ---- 0 days old -- C:\Program\World of Warcraft

09/08/2008 19:47:18 -- 12/11/2008 23:15:11 (DIR) ---- 0 days old -- C:\Program\Mozilla Firefox

09/08/2008 20:32:07 -- 12/11/2008 21:03:56 (DIR) ---- 0 days old -- C:\Program\Delade filer

10/08/2008 17:50:27 -- 10/11/2008 22:24:54 (DIR) ---- 2 days old -- C:\Program\Google

09/11/2008 20:11:09 -- 09/11/2008 20:11:14 (DIR) ---- 3 days old -- C:\Program\Malwarebytes' Anti-Malware

09/11/2008 18:24:57 -- 09/11/2008 18:24:57 (DIR) ---- 3 days old -- C:\Program\Lavasoft

05/11/2008 23:02:59 -- 05/11/2008 23:02:59 (DIR) ---- 7 days old -- C:\Program\JRE

05/11/2008 23:02:55 -- 05/11/2008 23:02:56 (DIR) ---- 7 days old -- C:\Program\OpenOffice.org 3

09/08/2008 19:57:22 -- 05/11/2008 23:02:43 (DIR) ---- 7 days old -- C:\Program\Java

03/11/2008 19:58:47 -- 03/11/2008 21:44:44 (DIR) ---- 9 days old -- C:\Program\Fighters

03/11/2008 19:42:00 -- 03/11/2008 19:42:00 (DIR) ---- 9 days old -- C:\Program\Trend Micro

09/08/2008 18:54:55 -- 01/11/2008 16:09:48 (DIR) ---- 12 days old -- C:\Program\Messenger

01/11/2008 14:28:42 -- 01/11/2008 14:32:25 (DIR) ---- 12 days old -- C:\Program\PPLive

31/10/2008 19:22:55 -- 31/10/2008 19:22:55 (DIR) ---- 12 days old -- C:\Program\xerox

31/10/2008 19:22:53 -- 31/10/2008 19:22:53 (DIR) ---- 12 days old -- C:\Program\msn gaming zone

31/10/2008 19:22:50 -- 31/10/2008 19:22:50 (DIR) ---- 12 days old -- C:\Program\microsoft frontpage

09/08/2008 18:51:53 -- 31/10/2008 19:12:40 (DIR) ---- 12 days old -- C:\Program\Movie Maker

09/08/2008 18:51:43 -- 31/10/2008 19:10:05 (DIR) ---- 12 days old -- C:\Program\NetMeeting

09/08/2008 18:50:45 -- 31/10/2008 19:10:01 (DIR) ---- 12 days old -- C:\Program\Windows Media Player

09/08/2008 18:49:41 -- 31/10/2008 19:10:01 (DIR) ---- 12 days old -- C:\Program\Windows NT

09/08/2008 18:51:40 -- 31/10/2008 19:10:00 (DIR) ---- 12 days old -- C:\Program\Outlook Express

20/10/2008 21:21:00 -- 20/10/2008 21:21:00 (DIR) ---- 23 days old -- C:\Program\DirectVobSub

09/08/2008 18:51:31 -- 15/10/2008 05:48:15 (DIR) ---- 29 days old -- C:\Program\Internet Explorer

30/09/2008 17:56:36 -- 14/10/2008 15:33:35 (DIR) ---- 30 days old -- C:\Program\Warcraft III

---- recent files in C:\Program\Delade filer10/08/2008 20:01:28 -- 09/11/2008 18:24:37 (DIR) ---- 3 days old -- C:\Program\Delade filer\Wise Installation Wizard

09/08/2008 18:51:35 -- 31/10/2008 19:09:57 (DIR) ---- 12 days old -- C:\Program\Delade filer\System

---- recent files in C:\Documents and Settings\Stefan\Application Data10/08/2008 19:21:49 -- 12/11/2008 23:06:37 (DIR) ---- 0 days old -- C:\Documents and Settings\Stefan\Application Data\uTorrent

10/08/2008 20:57:55 -- 10/11/2008 21:17:17 (DIR) ---- 2 days old -- C:\Documents and Settings\Stefan\Application Data\HLSW

09/11/2008 20:11:16 -- 09/11/2008 20:11:16 (DIR) ---- 3 days old -- C:\Documents and Settings\Stefan\Application Data\Malwarebytes

05/11/2008 23:04:16 -- 05/11/2008 23:04:16 (DIR) ---- 7 days old -- C:\Documents and Settings\Stefan\Application Data\OpenOffice.org

12/08/2008 13:51:30 -- 04/11/2008 16:50:09 (DIR) ---- 9 days old -- C:\Documents and Settings\Stefan\Application Data\Skype

12/08/2008 13:52:32 -- 04/11/2008 16:48:55 (DIR) ---- 9 days old -- C:\Documents and Settings\Stefan\Application Data\skypePM

10/09/2008 18:18:26 -- 03/11/2008 20:44:53 (DIR) ---- 9 days old -- C:\Documents and Settings\Stefan\Application Data\dvdcss

30/09/2008 19:31:10 -- 21/10/2008 19:43:14 (DIR) ---- 22 days old -- C:\Documents and Settings\Stefan\Application Data\iid

03/11/2008 19:57:56 -- 03/11/2008 20:00:42 2668368 ---A 9 days old -- C:\Documents and Settings\Stefan\Application Data\install.txt

---- recent files in C:\Documents and Settings\Stefan\Lokala inställningar\Application Data10/08/2008 17:50:54 -- 10/11/2008 22:25:06 (DIR) ---- 2 days old -- C:\Documents and Settings\Stefan\Lokala inställningar\Application Data\Google

09/08/2008 19:14:37 -- 10/11/2008 22:18:06 (DIR) -S-- 2 days old -- C:\Documents and Settings\Stefan\Lokala inställningar\Application Data\Microsoft

20/08/2008 22:34:39 -- 12/11/2008 23:39:29 18944 ---A 0 days old -- C:\Documents and Settings\Stefan\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

09/08/2008 20:48:24 -- 05/11/2008 23:08:37 74696 ---A 7 days old -- C:\Documents and Settings\Stefan\Lokala inställningar\Application Data\GDIPFONTCACHEV1.DAT

09/08/2008 19:21:06 -- 14/10/2008 22:03:03 2109404 H--A 29 days old -- C:\Documents and Settings\Stefan\Lokala inställningar\Application Data\IconCache.db[/log]

13 november, 2008

[log]===================== REGISTRY SCAN =====================

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[run]

"CTHelper"="CTHELPER.EXE"

"CTxfiHlp"="CTXFIHLP.EXE"

"Logitech Utility"="Logi_MwX.Exe"

"VistaDrive"="C:\WINDOWS\VistaDrive\VistaDrive.exe"

"ehTray"="C:\WINDOWS\ehome\ehtray.exe"

"Adobe Reader Speed Launcher"="\"C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe\""

"NeroFilterCheck"="C:\Program\Delade filer\Nero\Lib\NeroCheck.exe"

"cctray"="\"C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe\""

"CAVRID"="\"C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe\""

"DeathAdder"="C:\Program\Razer\DeathAdder\razerhid.exe"

"StartCCC"="\"C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe\" MSRun"

"SoundMAXPnP"="C:\Program\Analog Devices\Core\smax4pnp.exe"

"QuickTime Task"="\"C:\Program\Multimedia\QuickTime Alternative\QTTask.exe\" -atboottime"

"AppleSyncNotifier"="C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"

"iTunesHelper"="\"C:\Program\iTunes\iTunesHelper.exe\""

"OM_Monitor"="C:\Program\OLYMPUS\OLYMPUS Master\FirstStart.exe"

"Net iD"="C:\WINDOWS\system32\iid.exe"

"SunJavaUpdateSched"="\"C:\Program\Java\jre1.6.0_07\bin\jusched.exe\""

[run\OptionalComponents]

@=""

[run\OptionalComponents\IMAIL]

"Installed"="1"

@=""

[run\OptionalComponents\MAPI]

"NoChange"="1"

"Installed"="1"

@=""

[run\OptionalComponents\MSFS]

"Installed"="1"

@=""

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe\""

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

"swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"MsnMsgr"="\"C:\Program\Windows Live\Messenger\MsnMsgr.Exe\" /background"

"Steam"="\"c:\program\steam\steam.exe\" -silent"

"OM_Monitor"="C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart"

"MSMSGS"="\"C:\Program\Messenger\msmsgs.exe\" /background"

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]

"AppInit_DLLs"=""

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[shellServiceObjectDelayLoad]

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @=expand:"%systemroot%\system32\stobject.dll"

"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[shellExecuteHooks]

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]

"Shell"="Explorer.exe"

"System"=""

"Userinit"="C:\WINDOWS\system32\userinit.exe,"

"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""

"UIHost"=expand:"logonui.exe"

"LogonType"=dword:00000001

"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]

"@="Wireless"

"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]

"@="Folder Redirection"

"DllName"=expand:"fdeploy.dll"

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]

"@="Microsoft Diskkvot"

"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]

"@="QoS Packet Scheduler"

"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]

"@="Skript"

"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]

"@="Internet Explorer Zonemapping"

"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]

"DllName"=expand:"scecli.dll"

"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]

"@="Internet Explorer Branding"

"DllName"="iedkcs32.dll"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]

"DllName"=expand:"scecli.dll"

"@="EFS recovery"

[Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]

"@="802.3 Group Policy"

"DllName"=expand:"dot3gpclnt.dll"

[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]

"@="Microsoft Offline Files"

"DllName"=expand:"%SystemRoot%\System32\cscui.dll"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]

"@="Programvaruinstallation"

"DllName"=expand:"appmgmts.dll"

[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]

"@="IP-säkerhet"

"DllName"=expand:"gptext.dll"

[Winlogon\Notify]

[Winlogon\Notify\AtiExtEvent]

"DLLName"="Ati2evxx.dll"

[Winlogon\Notify\crypt32chain]

"DllName"=expand:"crypt32.dll"

[Winlogon\Notify\cryptnet]

"DllName"=expand:"cryptnet.dll"

[Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

[Winlogon\Notify\dimsntfy]

"DllName"=expand:"%SystemRoot%\System32\dimsntfy.dll"

[Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

[Winlogon\Notify\Schedule]

"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\sclgntfy]

"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

[Winlogon\Notify\termsrv]

"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\WgaLogon]

"DllName"=expand:"WgaLogon.dll"

[Winlogon\Notify\WgaLogon\Settings]

[Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]

"Hjälpassistent"=dword:00000000

"TsInternetUser"=dword:00000000

"SQLAgentCmdExec"=dword:00000000

"NetShowServices"=dword:00000000

"HelpAssistant"=dword:00000000

"IWAM_"=dword:00010000

"IUSR_"=dword:00010000

"VUSR_"=dword:00010000

"ASPNET"=dword:00000000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]

"ParseAutoexec"="1"

"ExcludeProfileDirs"="Lokala inställningar;Temporary Internet Files;Tidigare;Temp"

"BuildNumber"=dword:00000a28

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[image File Execution Options\Your Image File Name Here without a path]

"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[session Manager]

"BootExecute"=multi:"autocheck autochk *\00lsdelete\00\00"

[session Manager\SubSystems]

"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]

"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"

"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

[runonceex]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

[RunServicesOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

[RunServicesOnce]

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[sharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[browser Helper Objects]

[browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

@=""

[browser Helper Objects\{509E4961-BFFC-4F89-AF48-E1844791564D}]

#### HKCR\CLSID\{509E4961-BFFC-4F89-AF48-E1844791564D}\InprocServer32 @="C:\WINDOWS\system32\xmlpsovi.dll"

[browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program\Java\jre1.6.0_07\bin\ssv.dll"

"NoExplorer"=dword:00000001

[browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"

[browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

#### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="C:\Program\Google\Google Toolbar\GoogleToolbar.dll"

[browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

#### HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32 @="C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll"

[browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

#### HKCR\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\InprocServer32 @="C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll"

@="Google Dictionary Compression sdch"

"NoExplorer"=dword:00000001

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[urlSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""

#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----

-----HKCU\Control Panel\Desktop\-----

[Desktop]

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]

@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]

@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]

@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]

@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]

@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]

@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[url\DefaultPrefix]

@="http://"'>http://"'>http://"'>http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]

[Lsa\AccessProviders]

[Lsa\AccessProviders\Windows NT Access Provider]

"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]

[Lsa\SSO]

[Lsa\SSO\Passport1.4]

"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]

[Lsa\SspiCache\digest.dll]

"Name"="Digest"

"Comment"="Digest SSPI Authentication Package"

[Lsa\SspiCache\msapsspc.dll]

"Name"="DPA"

"Comment"="DPA Security Package"

[Lsa\SspiCache\msnsspc.dll]

"Name"="MSN"

"Comment"="MSN Security Package"

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[sharedAccess]

"DependOnGroup"=multi:"\00"

"DependOnService"=multi:"Netman\00WinMgmt\00\00"

"Description"="Erbjuder översättningar av nätverksadresser, adressering, namnmatchningstjänster och/eller intrångsskyddtjänster för ett hemnätverk eller mindre kontorsnätverk."

"DisplayName"="Windows Firewall/Internet Connection Sharing (ICS)"

"ErrorControl"=dword:00000001

"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"

"ObjectName"="LocalSystem"

"Start"=dword:00000002

"Type"=dword:00000020

[sharedAccess\Epoch]

"Epoch"=dword:00002cf3

[sharedAccess\Parameters]

"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[sharedAccess\Parameters\FirewallPolicy]

[sharedAccess\Parameters\FirewallPolicy\DomainProfile]

[sharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[sharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"

"C:\Program\Windows Live\Messenger\msnmsgr.exe"="C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program\Windows Live\Messenger\livecall.exe"="C:\Program\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[sharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]

[sharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP"="139:TCP:*:Enaxxxxx@xxxxxres.dll,-22004"

"445:TCP"="445:TCP:*:Enaxxxxx@xxxxxres.dll,-22005"

"137:UDP"="137:UDP:*:Enaxxxxx@xxxxxres.dll,-22001"

"138:UDP"="138:UDP:*:Enaxxxxx@xxxxxres.dll,-22002"

[sharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=dword:00000001

"DoNotAllowExceptions"=dword:00000000

"DisableNotifications"=dword:00000000

[sharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[sharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"

"C:\Program\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Program\uTorrent\uTorrent.exe"="C:\Program\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\Program\Steam\steamapps\stefan.lindxxxxx@xxxxxll.se\counter-strike\hl.exe"="C:\Program\Steam\steamapps\stefan.lindqvist@ahlsell.se\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"

"C:\Program\HLSW\hlsw.exe"="C:\Program\HLSW\hlsw.exe:*:Enabled:HLSW Application"

"C:\Program\Steam\steamapps\stefan.lindxxxxx@xxxxxll.se\counter-strike source\hl2.exe"="C:\Program\Steam\steamapps\stefan.lindqvist@ahlsell.se\counter-strike source\hl2.exe:*:Enabled:hl2"

"C:\Program\SopCast\SopCast.exe"="C:\Program\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"

"C:\Program\SopCast\adv\SopAdver.exe"="C:\Program\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"

"C:\Program\Bonjour\mDNSResponder.exe"="C:\Program\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program\iTunes\iTunes.exe"="C:\Program\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Documents and Settings\Stefan\Lokala inställningar\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe"="C:\Documents and Settings\Stefan\Lokala inställningar\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"

"C:\Program\World of Warcraft\BackgroundDownloader.exe"="C:\Program\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"

"C:\Program\Steam\Steam.exe"="C:\Program\Steam\Steam.exe:*:Enabled:Steam"

"C:\Documents and Settings\Stefan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\Stefan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"

"C:\Program\Windows Live\Messenger\msnmsgr.exe"="C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program\Windows Live\Messenger\livecall.exe"="C:\Program\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Program\PPLive\PPLive.exe"="C:\Program\PPLive\PPLive.exe:*:Enabled:PPLive"

"C:\Program\Skype\Phone\Skype.exe"="C:\Program\Skype\Phone\Skype.exe:*:Enabled:Skype"

[sharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[sharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP"="1900:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22007"

"2869:TCP"="2869:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22008"

"139:TCP"="139:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22004"

"445:TCP"="445:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22005"

"137:UDP"="137:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22001"

"138:UDP"="138:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22002"

"3724:TCP"="3724:TCP:*:Enabled:Blizzard Downloader: 3724"

[sharedAccess\Setup]

"ServiceUpgrade"=dword:00000001

[sharedAccess\Setup\InterfacesUnfirewalledAtUpdate]

"{B86605A7-3F41-4E2D-AEBB-0FCDF865F064}"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]

"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00, "MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00, "MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00, "EnableDCOM"="Y"

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]

"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"

"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"

"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"

"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[Ole\NONREDIST]

"System.EnterpriseServices.Thunk.dll"=""

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[security Center]

"FirstRunDisabled"=dword:00000001

"AntiVirusDisableNotify"=dword:00000000

"FirewallDisableNotify"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

"AntiVirusOverride"=dword:00000000

"FirewallOverride"=dword:00000000

[security Center\Monitoring]

[security Center\Monitoring\AhnlabAntiVirus]

[security Center\Monitoring\ComputerAssociatesAntiVirus]

"DisableMonitoring"=dword:00000001

[security Center\Monitoring\KasperskyAntiVirus]

[security Center\Monitoring\McAfeeAntiVirus]

[security Center\Monitoring\McAfeeFirewall]

[security Center\Monitoring\PandaAntiVirus]

[security Center\Monitoring\PandaFirewall]

[security Center\Monitoring\SophosAntiVirus]

[security Center\Monitoring\SymantecAntiVirus]

[security Center\Monitoring\SymantecFirewall]

[security Center\Monitoring\TinyFirewall]

[security Center\Monitoring\TrendAntiVirus]

[security Center\Monitoring\TrendFirewall]

[security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[systemRestore]

"DisableSR"=dword:00000000

"CreateFirstRunRp"=dword:00000001

"DSMin"=dword:000000c8

"DSMax"=dword:00000190

"RPSessionInterval"=dword:00000000

"RPGlobalInterval"=dword:00015180

"RPLifeInterval"=dword:0076a700

"CompressionBurst"=dword:0000003c

"TimerInterval"=dword:00000078

"DiskPercent"=dword:0000000c

"ThawInterval"=dword:00000384

"RestoreDiskSpaceError"=dword:00000000

[systemRestore\Cfg]

"DiskPercent"=dword:0000000c

"MachineGuid"="{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}"

[systemRestore\SnapshotCallbacks]

@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

[AdvancedOptions\TABS]

"Text"="Tabbed Browsing"

[AdvancedOptions\TABS\ENABLE]

"Text"="Enable Tabbed Browsing*"

[AdvancedOptions\TABS\FOREGROUND]

"Text"="Always switch to new tabs when they are created"

[AdvancedOptions\TABS\POPUPS]

"Text"="Always open pop-ups in a new window"

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[installed Components]

[installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]

"@="IE7 Uninstall Stub"

"ComponentID"="IEUDINIT"

"StubPath"="C:\WINDOWS\system32\ieudinit.exe"

[installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"

"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"

"@="Microsoft Windows Media Player"

"ComponentID"="WMPACCESS"

[installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]

"@="Internet Explorer"

"ComponentID"="IEACCESS"

"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE"

[installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]

"@="Anpassningar av webbläsaren"

"ComponentID"="BRANDING.CAB"

"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]

"@="Outlook Express"

"ComponentID"="OEACCESS"

"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[installed Components\Microsoft Base Smart Card Crypto Provider Package]

[installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]

"@="Java (Sun)"

"ComponentID"="JAVAVM"

"KeyFileName"="C:\Program\Java\jre1.6.0_07\bin\regutils.dll"

[installed Components\{0E92DD42-76F5-4EF2-B381-F9C1D72BE23D}]

"@="Security Update for Microsoft .NET Framework 2.0 (KB922770)"

"ComponentID"="KB922770"

[installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]

"@="Rendering av vektorgrafik"

"ComponentID"="MSVML"

[installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}]

#### HKCR\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\SwDir.dll"

"@="Macromedia Shockwave Director 10.1"

"ComponentID"="Director"

[installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]

#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"

"ComponentID"="NetShow"

"StubPath"=""

[installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"

"ComponentID"="Microsoft Windows Media Player"

"StubPath"=""

"@="Microsoft Windows Media Player 6.4"

[installed Components\{233C1507-6A77-46A4-9443-F871F945D258}]

#### HKCR\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll"

"@="Macromedia Shockwave Director 10.1.3"

"ComponentID"="Director"

[installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]

#### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\system32\danim.dll"

"@="DirectAnimation"

"ComponentID"="DirectAnimation"

[installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]

"@="Macromedia Shockwave Director 10.1"

"ComponentID"="Director"

[installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]

"@="Themes Setup"

"ComponentID"="Theme Component"

"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]

"@="Databindning för dynamisk HTML för Java"

"ComponentID"="TridataJava"

[installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]

"@="Offline Browsing Pack"

"ComponentID"="MobilePk"

[installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]

"@="Uniscribe"

"ComponentID"="USP10"

[installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]

"ComponentID"="S867460"

"@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"

[installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]

"@="Avancerad redigering"

"ComponentID"="AdvAuth"

[installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

"@="Microsoft Outlook Express 6"

"ComponentID"="MailNews"

"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]

"@="NetMeeting 3.01"

"ComponentID"="NetMeeting"

"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]

"@="DirectShow"

"ComponentID"="activemovie"

[installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]

"@="DirectDrawEx"

"ComponentID"="DirectDrawEx"

[installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]

"@="Internet Explorer Help"

"ComponentID"="HelpCont"

[installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]

"@="Javaklasser för DirectAnimation"

"ComponentID"="DAJava"

[installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]

"@="Microsoft Windows Script 5.7"

"ComponentID"="MSVBScript"

[installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]

"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"

"KeyFileName"="C:\Program\Messenger\msmsgs.exe"

"@="Windows Messenger 4.7"

"ComponentID"="Messenger"

[installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]

"(Default)"="Internet Connection Wizard"

"ComponentID"="ICW"

[installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]

"@="Internet Explorer Setup Tools"

"ComponentID"="GenSetup"

[installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]

"@="Browsing Enhancements"

"ComponentID"="ExtraPack"

"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"

[installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"

"@="Microsoft Windows Media Player"

"ComponentID"="Microsoft Windows Media Player"

"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"

[installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]

"@="MSN Site Access"

"ComponentID"="MSN_Auth"

[installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]

"ComponentID"=".NETFramework"

"@=".NET Framework"

[installed Components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]

"@="Web Folders"

"ComponentID"="WebFolders"

[installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

"@="Adressbok 6"

"ComponentID"="WAB"

"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]

"@="Uppdatering av Windows-skrivbordet"

"ComponentID"="IE4Shell_NT"

"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]

"@="Internet Explorer"

"ComponentID"="BASEIE40_W2K"

"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"

[installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]

"ComponentID"="DOTNETFRAMEWORKS"

"StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"

[installed Components\{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}]

"@="Microsoft .NET Framework 1.1 Hotfix (KB928366)"

"ComponentID"="M928366"

[installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]

"@="Dynamic HTML Data Binding"

"ComponentID"="Tridata"

[installed Components\{967B098A-042D-4367-BAC9-8BC11684174F}]

"@="Security Update for Microsoft .NET Framework 2.0 (KB917283)"

"ComponentID"="KB917283"

[installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]

"@="Internet Explorer Core Fonts"

"ComponentID"="Fontcore"

[installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]

"ComponentID"=".NETFramework"

"@=".NET Framework"

[installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]

"@="Schemaläggaren"

"ComponentID"="MSTASK"

[installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]

"ComponentID"="Windows Movie Maker v2.1"

[installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

"@="Adobe Flash Player"

"ComponentID"="Flash"

[installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]

"@="HTML Help"

"ComponentID"="HTMLHelp"

[installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

"@="Active Directory Service Interface"

"ComponentID"="ADSI"

-----Comparing registry keys CCS1 vs CCS2 -----

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services

Result compared: Identical

-----Comparing registry keys CCS1 vs CCS3 -----

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {CDC10F34-2097-410E-832B-97B4FDE72FA0} REG_BINARY 0F00000000000000070000000000000082991D4952503631347634000600000000000000040000000000000082991D49C0A801010300000000000000040000000000000082991D49C0A801010100000000000000040000000000000082991D49FFFFFF003600000000000000040000000000000082991D49C0A801013500000000000000010000000000000082991D4905000000FC000000000000000000000000000000B5481C493300000000000000040000000000000082991D4900015180

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {CDC10F34-2097-410E-832B-97B4FDE72FA0} REG_BINARY 0F00000000000000070000000000000082991D4952503631347634000600000000000000040000000000000082991D49C0A801010300000000000000040000000000000082991D49C0A801010100000000000000040000000000000082991D49FFFFFF003300000000000000040000000000000082991D49000151803600000000000000040000000000000082991D49C0A801013500000000000000010000000000000082991D4905000000

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\HTTP\Parameters\Synchronize

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data

< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 11507 (0x2CF3)

> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 11505 (0x2CF1)

Result compared: Different[/log]

13 november, 2008

[log]===================== Advanced startup entries analysis =====================

HKLM\SOFTWARE\Microsoft\windows\currentversion\run

CTHelper = CTHELPER.EXE

C:\WINDOWS\CTHELPER.EXE -- 09/08/2008 20:26:06 -- 11/08/2006 14:56:02 -- 17920

MD5: 866346f3d82f0ca2c7d80aff41a6e1d3 SHA1: 57432af73d201de58d63d3be54e81305482091f8

[1] .text [2] .data [3] .rsrc

CTxfiHlp = CTXFIHLP.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE -- 09/08/2008 20:26:06 -- 17/08/2006 11:32:10 -- 18944

MD5: 664f06b3247f164094dacf91d018d0f6 SHA1: 7acc023aed9caabe97c5884c1d9d51c012297d8b

[1] .text [2] .data [3] .rsrc

Logitech Utility = Logi_MwX.Exe

C:\WINDOWS\Logi_MwX.Exe -- 09/08/2008 20:28:17 -- 11/12/2003 09:50:00 -- 20992

MD5: c921a733fa3f1e4c3505d436dbc5ea47 SHA1: 63f0cb1d5045dd8247462b96df74c29349ed3dd9

[1] .text [2] .rdata [3] .data [4] .rsrc

VistaDrive = C:\WINDOWS\VistaDrive\VistaDrive.exe

C:\WINDOWS\VistaDrive\VistaDrive.exe -- 09/08/2008 18:50:12 -- 05/10/2006 19:56:28 -- 280779

MD5: 6e15cac2275e0b0a22e7ee9bac30d7ba SHA1: 73907693e9e3009226aa0f062b0d139d59c445ce

[1] UPX0 [2] UPX1 [3] .rsrc

ehTray = C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\ehome\ehtray.exe -- 09/08/2008 19:22:27 -- 10/08/2004 03:04:42 -- 59392

MD5: f90137a9897071ede961a5aba4ea524f SHA1: 691d35944591ec738c0d1d8af8cb471a3260357b

[1] .text [2] .data [3] .rsrc

Adobe Reader Speed Launcher = "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe -- 11/05/2007 08:06:32 -- 11/05/2007 08:06:32 -- 40048

MD5: 66d4456c920e21bd2188f8cc33680df5 SHA1: 176454fe4c75882566cf7f67016089b5ebe4ab8a

[1] .text [2] .rdata [3] .data [4] .rsrc

NeroFilterCheck = C:\Program\Delade filer\Nero\Lib\NeroCheck.exe

C:\Program\Delade filer\Nero\Lib\NeroCheck.exe -- 01/03/2007 13:57:24 -- 01/03/2007 13:57:24 -- 153136

MD5: 8112d0dacae746290fc87b3a980fa719 SHA1: a4f07b84a46646e23c452b0032dd50705d1eae69

[1] .text [2] .rdata [3] .data [4] .rsrc

cctray = "C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe"

C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe -- 10/08/2008 18:22:47 -- 16/08/2007 21:25:10 -- 177416

MD5: ff38160975536a5e8d1d9e7222373a1b SHA1: 32171d2b5c6c815037729197597be434ce18d413

[1] .text [2] .rdata [3] .data [4] .rsrc

CAVRID = "C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe -- 10/08/2008 18:22:51 -- 20/08/2007 12:42:56 -- 230664

MD5: d4c3701136c0ca7160c7131501a8efdf SHA1: 395d441ea1dd565aa3e1ab662ce52459e22fb671

[1] .text [2] .rdata [3] .data [4] .rsrc

DeathAdder = C:\Program\Razer\DeathAdder\razerhid.exe

C:\Program\Razer\DeathAdder\razerhid.exe -- 10/08/2008 21:14:55 -- 07/09/2007 14:54:54 -- 159744

MD5: ee3d9986f75fb4239050f341348c2ff6 SHA1: 1597ea23a463175ec9a1e1e44ccfc258d4636762

[1] .text [2] .rdata [3] .data [4] .rsrc

StartCCC = "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe -- 21/01/2008 11:17:18 -- 21/01/2008 11:17:18 -- 61440

MD5: e1e71d80d078c576801b6fe2a29fcf85 SHA1: a51c185ad6dc9e396d259c4ddfd270afddaf5a11

[1] .text [2] .rdata [3] .data [4] .rsrc

SoundMAXPnP = C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\Analog Devices\Core\smax4pnp.exe -- 11/08/2008 11:13:56 -- 14/10/2004 13:42:54 -- 1404928

MD5: 10247c15d999cc116c87da36bd0ad64d SHA1: 5b2fdec5a4992df66e311febb1f5e651f7ba25b4

[1] .text [2] .rdata [3] .data [4] .rsrc

QuickTime Task = "C:\Program\Multimedia\QuickTime Alternative\QTTask.exe" -atboottime

C:\Program\Multimedia\QuickTime Alternative\QTTask.exe -- 27/05/2008 09:50:30 -- 27/05/2008 09:50:30 -- 413696

MD5: f34eb5d4f145ed5fe50033ca3a41ed24 SHA1: 747f858f6012944523a8a1dcd813360a536c4efd

[1] .text [2] .rdata [3] .data [4] .rsrc [5] .reloc

AppleSyncNotifier = C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe -- 22/07/2008 19:42:24 -- 22/07/2008 19:42:24 -- 116040

MD5: 0bbc0204478194e404df71b7a3e3fc22 SHA1: a540fc8fe10fad1dcbf8f98b6213cc298e0376c6

[1] .text [2] .rdata [3] .data [4] .rsrc

iTunesHelper = "C:\Program\iTunes\iTunesHelper.exe"

C:\Program\iTunes\iTunesHelper.exe -- 30/07/2008 09:47:56 -- 30/07/2008 09:47:56 -- 289064

MD5: 4ced92963f453eb8dcfe67fd4248d657 SHA1: 488fe52de059d8cf3668e009080d641a05e441a5

[1] .text [2] .rdata [3] .data [4] .rsrc [5] .reloc

OM_Monitor = C:\Program\OLYMPUS\OLYMPUS Master\FirstStart.exe

C:\Program\OLYMPUS\OLYMPUS Master\FirstStart.exe -- 16/05/2006 16:50:00 -- 16/05/2006 16:50:00 -- 40960

MD5: 04d8a71af6939a9fc1a9a1cef661a4d6 SHA1: 8be76d29b099bee001e130f9e695804340816216

[1] .text [2] .rdata [3] .data [4] .rsrc

Net iD = C:\WINDOWS\system32\iid.exe

C:\WINDOWS\system32\iid.exe -- 21/10/2008 19:52:24 -- 22/02/2008 15:52:06 -- 74992

MD5: dc1e3df3f3946ebb87f473ac1317f878 SHA1: afd9ce1e8961c21fdd3b91d6798051ad9372e5f8

[1] .text [2] .rdata [3] .data [4] .rsrc

SunJavaUpdateSched = "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

C:\Program\Java\jre1.6.0_07\bin\jusched.exe -- 05/11/2008 23:02:19 -- 10/06/2008 04:27:04 -- 144784

MD5: 6ab4c021fbd36dc6764924c312428d97 SHA1: 89a5f92cda6b7e72336517de1e67612f85956365

[1] .text [2] .rdata [3] .data [4] .rsrc

HKCU\SOFTWARE\Microsoft\windows\currentversion\run

BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe"

C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe -- 23/10/2007 13:18:46 -- 23/10/2007 13:18:46 -- 202024

MD5: 7bf2d3a10da0149a5b95261bd000c68f SHA1: c0c78b928842bc739976cfb5c397e5874f612dc4

[1] .text [2] .rdata [3] .data [4] .rsrc

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\ctfmon.exe -- 04/08/2004 06:34:16 -- 14/04/2008 17:05:02 -- 15360

MD5: 07f27822a1376c2da7f8c7265015cedc SHA1: fa93d393175b3ee7fcccd4e4690869733f9a3864

[1] .text [2] .data [3] .rsrc

swg = C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -- 29/08/2008 21:33:54 -- 29/08/2008 21:33:54 -- 68856

MD5: e616a6a6e91b0a86f2f6217cde835ffe SHA1: edf35bad552fe80897eb3e9b088f00439503a815

[1] .text [2] .rdata [3] .data [4] .rsrc

MsnMsgr = "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

C:\Program\Windows Live\Messenger\MsnMsgr.Exe -- 18/10/2007 10:35:08 -- 18/10/2007 10:35:08 -- 5724184

MD5: a667d5fdb289500cf25c93ca013e363d SHA1: 41b2438625922851f98461d598b48f0de1596b0c

Error Opening File

Steam = "c:\program\steam\steam.exe" -silent

c:\program\steam\steam.exe -- 12/09/2007 16:15:48 -- 18/10/2008 21:43:07 -- 1410296

MD5: e2f041f209d4adda9882778a11eab922 SHA1: 201785f9d0866594212a779ca3de36d065bd635e

[1] .text [2] .rdata [3] .data [4] .rsrc

MSMSGS = "C:\Program\Messenger\msmsgs.exe" /background

C:\Program\Messenger\msmsgs.exe -- 31/10/2008 12:42:54 -- 14/04/2008 17:05:13 -- 1695232

MD5: 7ebc8d4646d1afa3637c912f35d3a3ba SHA1: b5d026be671c9f7b214290693f19857fd31ecc2d

Error Opening File

OM_Monitor = C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart NOT FOUND

===================== LIST OF ALL SERVICES & DRIVERS =====================

-----HKLM\system\currentcontrolset\services-----

000) "Abiosdsk"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

001) "abp480n5"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

002) "ACPI" - Microsoft ACPI Driver

---> STAT = (RUNNING) Started by operating system loader

---> FILE = system32\DRIVERS\ACPI.sys

---> TYPE = KERNEL_DRIVER

003) "ACPIEC"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

004) "adpu160m"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

005) "aec" - Microsoft Kernel Acoustic Echo Canceller

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\drivers\aec.sys

---> TYPE = KERNEL_DRIVER

006) "AFD" - AFD

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = \SystemRoot\System32\drivers\afd.sys

---> TYPE = KERNEL_DRIVER

007) "Aha154x"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

008) "aic78u2"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

009) "aic78xx"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

010) "AliIde"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

011) "amsint"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

012) "Arp1394" - 1394 ARP-klientprotokoll

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\arp1394.sys

---> TYPE = KERNEL_DRIVER

013) "asc"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

014) "asc3350p"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

015) "asc3550"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

016) "AsyncMac" - RAS Asynchronous Media Driver

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\asyncmac.sys

---> TYPE = KERNEL_DRIVER

017) "atapi" - Standard-IDE/ESDI-hårddiskstyrenhet

---> STAT = (RUNNING) Started by operating system loader

---> FILE = system32\DRIVERS\atapi.sys

---> TYPE = KERNEL_DRIVER

018) "Atdisk"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

019) "ati2mtag"

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\ati2mtag.sys

---> TYPE = KERNEL_DRIVER

020) "Atmarpc" - ATM ARP Client Protocol

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\atmarpc.sys

---> TYPE = KERNEL_DRIVER

021) "audstub" - Ljud-stub-drivrutin

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\audstub.sys

---> TYPE = KERNEL_DRIVER

022) "b57w2k" - Broadcom NetXtreme Gigabit Ethernet

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\b57xp32.sys

---> TYPE = KERNEL_DRIVER

023) "Beep"

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

024) "BLKWGU(Belkin)" - Belkin Wireless G USB Network Adapter(Belkin)

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\BLKWGU.sys

---> TYPE = KERNEL_DRIVER

025) "catchme"

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\DOCUME~1\Stefan\LOKALA~1\Temp\catchme.sys

---> TYPE = KERNEL_DRIVER

026) "cbidf2k"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

027) "cd20xrnt"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

028) "Cdaudio"

---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

029) "Cdfs"

---> STAT = (RUNNING) Disabled

---> TYPE = FILE_SYSTEM_DRIVER

030) "cdrbsdrv"

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

031) "Cdrom" - CD-ROM-drivrutin

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\cdrom.sys

---> TYPE = KERNEL_DRIVER

032) "Changer"

---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

033) "CmdIde"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

034) "Cpqarray"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

035) "ctac32k" - Creative AC3 Software Decoder

---> STAT = (RUNNING) Started manually

---> FILE = system32\drivers\ctac32k.sys

---> TYPE = KERNEL_DRIVER

036) "ctaud2k" - Creative Audio Driver (WDM)

---> STAT = (RUNNING) Started manually

---> FILE = system32\drivers\ctaud2k.sys

---> TYPE = KERNEL_DRIVER

037) "ctdvda2k" - Creative DVD-Audio Device Driver

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\drivers\ctdvda2k.sys

---> TYPE = KERNEL_DRIVER

038) "ctprxy2k" - Creative Proxy Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\drivers\ctprxy2k.sys

---> TYPE = KERNEL_DRIVER

039) "ctsfm2k" - Creative SoundFont Management Device Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\drivers\ctsfm2k.sys

---> TYPE = KERNEL_DRIVER

040) "dac2w2k"

---> STAT = (RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

041) "dac960nt"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

042) "DAdderFltr" - DeathAdder Mouse

---> STAT = (RUNNING) Started manually

---> FILE = system32\drivers\dadder.sys

---> TYPE = KERNEL_DRIVER

043) "Disk" - Diskdrivrutin

---> STAT = (RUNNING) Started by operating system loader

---> FILE = system32\DRIVERS\disk.sys

---> TYPE = KERNEL_DRIVER

044) "dmboot"

---> STAT = (NOT RUNNING) Disabled

---> FILE = System32\drivers\dmboot.sys

---> TYPE = KERNEL_DRIVER

045) "dmio" - Logical Disk Manager Driver

---> STAT = (RUNNING) Started by operating system loader

---> FILE = System32\drivers\dmio.sys

---> TYPE = KERNEL_DRIVER

046) "dmload"

---> STAT = (RUNNING) Started by operating system loader

---> FILE = System32\drivers\dmload.sys

---> TYPE = KERNEL_DRIVER

047) "DMusic" - Microsoft Kernel DLS Syntheiszer

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\drivers\DMusic.sys

---> TYPE = KERNEL_DRIVER

048) "dpti2o"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

049) "drmkaud" - Microsoft Kernel DRM Audio Descrambler

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\drivers\drmkaud.sys

---> TYPE = KERNEL_DRIVER

050) "emupia" - E-mu Plug-in Architecture Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\drivers\emupia2k.sys

---> TYPE = KERNEL_DRIVER

051) "Fastfat"

---> STAT = (RUNNING) Disabled

---> TYPE = FILE_SYSTEM_DRIVER

052) "Fdc" - Drivrutin för diskettstyrenhet

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\fdc.sys

---> TYPE = KERNEL_DRIVER

053) "Fips"

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

054) "Flpydisk" - Diskettdrivrutin

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\flpydisk.sys

---> TYPE = KERNEL_DRIVER

055) "FltMgr" - FltMgr

---> STAT = (RUNNING) Started by operating system loader

---> FILE = system32\drivers\fltmgr.sys

---> TYPE = FILE_SYSTEM_DRIVER

056) "Ftdisk" - Volume Manager Driver

---> STAT = (RUNNING) Started by operating system loader

---> FILE = system32\DRIVERS\ftdisk.sys

---> TYPE = KERNEL_DRIVER

057) "gameenum" - Spelportsuppräknare

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\gameenum.sys

---> TYPE = KERNEL_DRIVER

058) "GEARAspiWDM" - GEARAspiWDM

---> STAT = (RUNNING) Started manually

---> FILE = System32\Drivers\GEARAspiWDM.sys

---> TYPE = KERNEL_DRIVER

059) "gmer"

---> STAT = (NOT RUNNING) Started manually

---> FILE = System32\DRIVERS\gmer.sys

---> TYPE = KERNEL_DRIVER

060) "Gpc" - Generic Packet Classifier

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\msgpc.sys

---> TYPE = KERNEL_DRIVER

061) "ha10kx2k" - Creative Hardware Abstract Layer Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\drivers\ha10kx2k.sys

---> TYPE = KERNEL_DRIVER

062) "hap16v2k" - Creative P16V HAL Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\drivers\hap16v2k.sys

---> TYPE = KERNEL_DRIVER

063) "hap17v2k" - Creative P17V HAL Driver

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\drivers\hap17v2k.sys

---> TYPE = KERNEL_DRIVER

064) "hidusb" - HID Class Driver

---> STAT = (RUNNING) Started automatically

---> FILE = system32\DRIVERS\hidusb.sys

---> TYPE = KERNEL_DRIVER

065) "hpn"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

066) "HTTP" - HTTP

---> STAT = (RUNNING) Started manually

---> FILE = System32\Drivers\HTTP.sys

---> TYPE = KERNEL_DRIVER

067) "i2omgmt"

---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

068) "i2omp"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

069) "i8042prt" - i8042 Keyboard and PS/2 Mouse Port Driver

---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\i8042prt.sys

---> TYPE = KERNEL_DRIVER

070) "Imapi" - CD-Burning Filter Driver

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\imapi.sys

---> TYPE = KERNEL_DRIVER

071) "ini910u"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

072) "IntelIde"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

073) "intelppm" - Intel-processordrivrutin

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\intelppm.sys

---> TYPE = KERNEL_DRIVER

074) "Ip6Fw" - IPv6 Windows Firewall Driver

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\drivers\ip6fw.sys

---> TYPE = KERNEL_DRIVER

075) "IpFilterDriver" - IP Traffic Filter Driver

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\ipfltdrv.sys

---> TYPE = KERNEL_DRIVER

076) "IpInIp" - IP in IP Tunnel Driver

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\ipinip.sys

---> TYPE = KERNEL_DRIVER

077) "IpNat" - IP Network Address Translator

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\ipnat.sys

---> TYPE = KERNEL_DRIVER

078) "IPSec" - IPSEC driver

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\ipsec.sys

---> TYPE = KERNEL_DRIVER

079) "IRENUM" - Tjänst för IR-uppräkning

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\irenum.sys

---> TYPE = KERNEL_DRIVER

080) "isapnp" - PnP ISA/EISA Bus Driver

---> STAT = (RUNNING) Started by operating system loader

---> FILE = system32\DRIVERS\isapnp.sys

---> TYPE = KERNEL_DRIVER

081) "Kbdclass" - Tangentbordsklassdrivrutin

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\kbdclass.sys

---> TYPE = KERNEL_DRIVER

082) "kbdhid" - HID-drivrutin för tangentbord

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\kbdhid.sys

---> TYPE = KERNEL_DRIVER

083) "kmixer" - Microsoft Kernel-wave-ljudMixer

---> STAT = (RUNNING) Started manually

---> FILE = system32\drivers\kmixer.sys

---> TYPE = KERNEL_DRIVER

084) "KSecDD"

---> STAT = (RUNNING) Started by operating system loader

---> TYPE = KERNEL_DRIVER

085) "L8042Kbd" - Logitech SetPoint Keyboard Driver

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\L8042Kbd.sys

---> TYPE = KERNEL_DRIVER

086) "lbrtfdc"

---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

087) "LHidFlt2" - Logitech HID/USB Mouse Filter Driver

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\LHidFlt2.Sys

---> TYPE = KERNEL_DRIVER

088) "LHidUsb" - Logitech USB Receiver device driver

---> STAT = (NOT RUNNING) Started manually

---> FILE = System32\Drivers\LHidUsb.Sys

---> TYPE = KERNEL_DRIVER

089) "LMouFlt2" - Logitech Mouse Class Filter Driver

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\LMouFlt2.Sys

---> TYPE = KERNEL_DRIVER

090) "mnmdd"

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

091) "Modem"

---> STAT = (NOT RUNNING) Started manually

---> TYPE = KERNEL_DRIVER

092) "Mouclass" - Musklassdrivrutin

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\mouclass.sys

---> TYPE = KERNEL_DRIVER

093) "mouhid" - HID-drivrutin för mus

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\mouhid.sys

---> TYPE = KERNEL_DRIVER

094) "MountMgr" - Mount Point Manager

---> STAT = (RUNNING) Started by operating system loader

---> TYPE = KERNEL_DRIVER

095) "mraid35x"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

096) "MRxDAV" - Klientomdirigerare för WebDav

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\mrxdav.sys

---> TYPE = FILE_SYSTEM_DRIVER

097) "MRxSmb" - MRXSMB

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\mrxsmb.sys

---> TYPE = FILE_SYSTEM_DRIVER

098) "Msfs"

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> TYPE = FILE_SYSTEM_DRIVER

099) "MSKSSRV" - Tjänstproxy för Microsoft-direktuppspelning

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\drivers\MSKSSRV.sys

---> TYPE = KERNEL_DRIVER

100) "MSPCLOCK" - Klockproxy för Microsoft-direktuppspelning

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\drivers\MSPCLOCK.sys

---> TYPE = KERNEL_DRIVER

101) "MSPQM" - Kvalitetshanteringsproxy för Microsoft-direktuppspelning

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\drivers\MSPQM.sys

---> TYPE = KERNEL_DRIVER

102) "mssmbios" - Microsoft System Management BIOS Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\mssmbios.sys

---> TYPE = KERNEL_DRIVER

103) "Mup" - Mup

---> STAT = (RUNNING) Started by operating system loader

---> TYPE = FILE_SYSTEM_DRIVER

104) "NDIS" - NDIS System Driver

---> STAT = (RUNNING) Started by operating system loader

---> TYPE = KERNEL_DRIVER

105) "NdisTapi" - Remote Access NDIS TAPI Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\ndistapi.sys

---> TYPE = KERNEL_DRIVER

106) "Ndisuio" - NDIS-protokoll för I/O i användarläge

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\ndisuio.sys

---> TYPE = KERNEL_DRIVER

107) "NdisWan" - Remote Access NDIS WAN Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\ndiswan.sys

---> TYPE = KERNEL_DRIVER

108) "NDProxy" - multi:NDIS Proxy\00\00

---> STAT = (RUNNING) Started manually

---> TYPE = KERNEL_DRIVER

109) "NetBIOS" - NetBIOS-gränssnitt

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\netbios.sys

---> TYPE = FILE_SYSTEM_DRIVER

110) "NetBT" - NetBios over Tcpip

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\netbt.sys

---> TYPE = KERNEL_DRIVER

111) "NIC1394" - 1394 Net Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\nic1394.sys

---> TYPE = KERNEL_DRIVER

112) "Npfs"

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> TYPE = FILE_SYSTEM_DRIVER

113) "Ntfs"

---> STAT = (RUNNING) Disabled

---> TYPE = FILE_SYSTEM_DRIVER

114) "Null"

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

115) "NwlnkFlt" - IPX Traffic Filter Driver

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\nwlnkflt.sys

---> TYPE = KERNEL_DRIVER

116) "NwlnkFwd" - IPX Traffic Forwarder Driver

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\nwlnkfwd.sys

---> TYPE = KERNEL_DRIVER

117) "ohci1394" - OHCI-kompatibel IEEE 1394-värdstyrenhet

---> STAT = (RUNNING) Started by operating system loader

---> FILE = system32\DRIVERS\ohci1394.sys

---> TYPE = KERNEL_DRIVER

118) "OMCI" - OMCI

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS

---> TYPE = KERNEL_DRIVER

119) "ossrv" - Creative OS Services Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\drivers\ctoss2k.sys

---> TYPE = KERNEL_DRIVER

120) "Parport" - Drivrutin för parallellport

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\parport.sys

---> TYPE = KERNEL_DRIVER

121) "PartMgr" - Partition Manager

---> STAT = (RUNNING) Started by operating system loader

---> TYPE = KERNEL_DRIVER

122) "ParVdm"

---> STAT = (RUNNING) Started automatically

---> TYPE = KERNEL_DRIVER

123) "PCI" - PCI Bus Driver

---> STAT = (RUNNING) Started by operating system loader

---> FILE = system32\DRIVERS\pci.sys

---> TYPE = KERNEL_DRIVER

124) "PCIDump"

---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

125) "PCIIde"

---> STAT = (RUNNING) Started by operating system loader

---> FILE = system32\DRIVERS\pciide.sys

---> TYPE = KERNEL_DRIVER

126) "Pcmcia"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

127) "PDCOMP"

---> STAT = (NOT RUNNING) Started manually

---> TYPE = KERNEL_DRIVER

128) "PDFRAME"

---> STAT = (NOT RUNNING) Started manually

---> TYPE = KERNEL_DRIVER

129) "PDRELI"

---> STAT = (NOT RUNNING) Started manually

---> TYPE = KERNEL_DRIVER

130) "PDRFRAME"

---> STAT = (NOT RUNNING) Started manually

---> TYPE = KERNEL_DRIVER

131) "perc2"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

132) "perc2hib"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

133) "PptpMiniport" - WAN Miniport (PPTP)

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\raspptp.sys

---> TYPE = KERNEL_DRIVER

134) "PSched" - QoS Packet Scheduler

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\psched.sys

---> TYPE = KERNEL_DRIVER

135) "Ptilink" - Direct Parallel Link Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\ptilink.sys

---> TYPE = KERNEL_DRIVER

136) "ql1080"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

137) "Ql10wnt"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

138) "ql12160"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

139) "ql1240"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

140) "ql1280"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

141) "RasAcd" - Remote Access Auto Connection Driver

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\rasacd.sys

---> TYPE = KERNEL_DRIVER

142) "Rasl2tp" - WAN Miniport (L2TP)

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\rasl2tp.sys

---> TYPE = KERNEL_DRIVER

143) "RasPppoe" - Remote Access PPPOE Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\raspppoe.sys

---> TYPE = KERNEL_DRIVER

144) "Raspti" - Direkt parallell

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\raspti.sys

---> TYPE = KERNEL_DRIVER

145) "Rdbss" - Rdbss

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\rdbss.sys

---> TYPE = FILE_SYSTEM_DRIVER

146) "RDPCDD"

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = System32\DRIVERS\RDPCDD.sys

---> TYPE = KERNEL_DRIVER

147) "rdpdr" - Terminal Server Device Redirector Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\rdpdr.sys

---> TYPE = KERNEL_DRIVER

148) "RDPWD"

---> STAT = (NOT RUNNING) Started manually

---> TYPE = KERNEL_DRIVER

149) "redbook" - Filterdrivrutin för uppspelning av digitalt CD-ljud

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\redbook.sys

---> TYPE = KERNEL_DRIVER

150) "Secdrv" - Secdrv

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\secdrv.sys

---> TYPE = KERNEL_DRIVER

151) "senfilt"

---> STAT = (RUNNING) Started manually

---> FILE = system32\drivers\senfilt.sys

---> TYPE = KERNEL_DRIVER

152) "serenum" - Serenum-filterdrivrutin

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\serenum.sys

---> TYPE = KERNEL_DRIVER

153) "Serial" - Drivrutin för seriell port

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\serial.sys

---> TYPE = KERNEL_DRIVER

154) "Sfloppy"

---> STAT = (NOT RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

155) "Simbad"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

156) "smwdm"

---> STAT = (RUNNING) Started manually

---> FILE = system32\drivers\smwdm.sys

---> TYPE = KERNEL_DRIVER

157) "Sparrow"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

158) "splitter" - Microsoft Kernel Audio Splitter

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\drivers\splitter.sys

---> TYPE = KERNEL_DRIVER

159) "sr" - Drivrutin för filter för Systemåterställning

---> STAT = (RUNNING) Started by operating system loader

---> FILE = system32\DRIVERS\sr.sys

---> TYPE = FILE_SYSTEM_DRIVER

160) "Srv" - Srv

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\srv.sys

---> TYPE = FILE_SYSTEM_DRIVER

161) "swenum" - Software Bus Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\swenum.sys

---> TYPE = KERNEL_DRIVER

162) "swmidi" - Microsoft Kernel GS Wavetable Synthesizer

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\drivers\swmidi.sys

---> TYPE = KERNEL_DRIVER

163) "symc810"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

164) "symc8xx"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

165) "sym_hi"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

166) "sym_u3"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

167) "sysaudio" - Microsoft Kernelsystemljudenhet

---> STAT = (RUNNING) Started manually

---> FILE = system32\drivers\sysaudio.sys

---> TYPE = KERNEL_DRIVER

168) "Tcpip" - TCP/IP Protocol Driver

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\tcpip.sys

---> TYPE = KERNEL_DRIVER

169) "TDPIPE"

---> STAT = (NOT RUNNING) Started manually

---> TYPE = KERNEL_DRIVER

170) "TDTCP"

---> STAT = (NOT RUNNING) Started manually

---> TYPE = KERNEL_DRIVER

171) "TermDD" - Terminal Device Driver

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = system32\DRIVERS\termdd.sys

---> TYPE = KERNEL_DRIVER

172) "TosIde"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

173) "Udfs"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = FILE_SYSTEM_DRIVER

174) "ultra"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

175) "Update" - Microcode Update Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\update.sys

---> TYPE = KERNEL_DRIVER

176) "usbccgp" - Microsoft USB Generic Parent Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\usbccgp.sys

---> TYPE = KERNEL_DRIVER

177) "usbehci" - Microsoft USB 2.0 Enhanced Host Controller Miniport Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\usbehci.sys

---> TYPE = KERNEL_DRIVER

178) "usbhub" - USB2-aktiverat nav

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\usbhub.sys

---> TYPE = KERNEL_DRIVER

179) "USBSTOR" - Drivrutin för USB-masslagringsenheter

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\USBSTOR.SYS

---> TYPE = KERNEL_DRIVER

180) "usbuhci" - Microsoft USB Universal Host Controller Miniport Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\usbuhci.sys

---> TYPE = KERNEL_DRIVER

181) "VD_FileDisk"

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

182) "VET-FILT" - VET File System Filter

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

183) "VET-REC" - VET File System Recognizer

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

184) "VETEBOOT" - VET Boot Scan Engine

---> STAT = (RUNNING) Started manually

---> TYPE = KERNEL_DRIVER

185) "VETEFILE" - VET File Scan Engine

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

186) "VETFDDNT" - VET Floppy Boot Sector Monitor

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

187) "VETMONNT" - VET File Monitor

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> TYPE = KERNEL_DRIVER

188) "VgaSave" - VGA-bildskärmsstyrenhet.

---> STAT = (RUNNING) Started by "IoInitSystem" function

---> FILE = \SystemRoot\System32\drivers\vga.sys

---> TYPE = KERNEL_DRIVER

189) "ViaIde"

---> STAT = (NOT RUNNING) Disabled

---> TYPE = KERNEL_DRIVER

190) "VolSnap"

---> STAT = (RUNNING) Started by operating system loader

---> TYPE = KERNEL_DRIVER

191) "Wanarp" - Remote Access IP ARP Driver

---> STAT = (RUNNING) Started manually

---> FILE = system32\DRIVERS\wanarp.sys

---> TYPE = KERNEL_DRIVER

192) "WDICA"

---> STAT = (NOT RUNNING) Started manually

---> TYPE = KERNEL_DRIVER

193) "wdmaud" - Drivrutin för Microsoft WINMM WDM-ljudkompatibilitet

---> STAT = (RUNNING) Started manually

---> FILE = system32\drivers\wdmaud.sys

---> TYPE = KERNEL_DRIVER

194) "WpdUsb" - WpdUsb

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\wpdusb.sys

---> TYPE = KERNEL_DRIVER

195) "WudfPf" - Windows Driver Foundation - User-mode Driver Framework Platform Driver

---> STAT = (RUNNING) Started by operating system loader

---> FILE = system32\DRIVERS\WudfPf.sys

---> TYPE = KERNEL_DRIVER

196) "WudfRd" - Windows Driver Foundation - User-mode Driver Framework Reflector

---> STAT = (NOT RUNNING) Started manually

---> FILE = system32\DRIVERS\wudfrd.sys

---> TYPE = KERNEL_DRIVER

-----HKLM\system\currentcontrolset\services-----

000) "aawservice" - Lavasoft Ad-Aware Service

---> STAT = (RUNNING) Started automatically

---> FILE = C:\Program\Lavasoft\Ad-Aware\aawservice.exe

---> TYPE = OWN_SERVICE

001) "Alerter" - Alerter

---> STAT = (NOT RUNNING) Disabled

---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

---> TYPE = SHARE_SERVICE

002) "ALG" - Application Layer Gateway Service

---> STAT = (RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\alg.exe

---> TYPE = OWN_SERVICE

003) "Apple Mobile Device" - Apple Mobile Device

---> STAT = (RUNNING) Started automatically

---> FILE = \C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe---> TYPE = OWN_SERVICE

004) "AppMgmt" - Application Management

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

005) "aspnet_state" - ASP.NET State Service

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

---> TYPE = OWN_SERVICE

006) "Ati HotKey Poller"

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\Ati2evxx.exe

---> TYPE = OWN_SERVICE

007) "ATI Smart" - ATI Smart

---> STAT = (NOT RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\ati2sgag.exe

---> TYPE = OWN_SERVICE

008) "AudioSrv" - Windows Audio

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

009) "bgsvcgen" - B's Recorder GOLD Library General Service

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\bgsvcgen.exe

---> TYPE = OWN_SERVICE

010) "BITS" - Background Intelligent Transfer Service

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

011) "Bonjour Service" - Bonjour-tjänst

---> STAT = (RUNNING) Started automatically

---> FILE = C:\Program\Bonjour\mDNSResponder.exe

---> TYPE = OWN_SERVICE

012) "Browser" - Computer Browser

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

013) "CaCCProvSP" - CaCCProvSP

---> STAT = (RUNNING) Started manually

---> FILE = \C:\Program\CA\CA Internet Security Suite\ccprovsp.exe---> TYPE = OWN_SERVICE

014) "CAISafe" - CAISafe

---> STAT = (RUNNING) Started automatically

---> FILE = C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

---> TYPE = OWN_SERVICE

015) "CiSvc" - Indexing Service

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\cisvc.exe

---> TYPE = SHARE_SERVICE

016) "ClipSrv" - ClipBook

---> STAT = (NOT RUNNING) Disabled

---> FILE = C:\WINDOWS\system32\clipsrv.exe

---> TYPE = OWN_SERVICE

017) "clr_optimization_v2.0.50727_32" - .NET Runtime Optimization Service v2.0.50727_X86

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

---> TYPE = OWN_SERVICE

018) "COMSysApp" - COM+ System Application

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

---> TYPE = OWN_SERVICE

019) "CryptSvc" - Cryptographic Services

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

020) "DcomLaunch" - DCOM Server Process Launcher

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost -k DcomLaunch

---> TYPE = SHARE_SERVICE

021) "Dhcp" - DHCP Client

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

022) "dmadmin" - Logical Disk Manager Administrative Service

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\dmadmin.exe /com

---> TYPE = SHARE_SERVICE

023) "dmserver" - Logical Disk Manager

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

024) "Dnscache" - DNS Client

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k NetworkService

---> TYPE = SHARE_SERVICE

025) "Dot3svc" - Wired AutoConfig

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\svchost.exe -k dot3svc

---> TYPE = SHARE_SERVICE

026) "EapHost" - EAP-tjänsten (Extensible Authentication Protocol)

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\svchost.exe -k eapsvcs

---> TYPE = SHARE_SERVICE

027) "ERSvc" - Error Reporting Service

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

028) "Eventlog" - Event Log

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\services.exe

---> TYPE = SHARE_SERVICE

029) "EventSystem" - COM+ Event System

---> STAT = (RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

030) "FastUserSwitchingCompatibility" - Fast User Switching Compatibility

---> STAT = (RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

031) "gusvc" - Google Updater Service

---> STAT = (NOT RUNNING) Started manually

---> FILE = \C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe---> TYPE = OWN_SERVICE

032) "helpsvc" - Help and Support

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

033) "HidServ" - HID Input Service

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

034) "hkmsvc" - Health Key and Certificate Management Service

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

035) "HTTPFilter" - HTTP SSL

---> STAT = (RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\svchost.exe -k HTTPFilter

---> TYPE = SHARE_SERVICE

036) "IDriverT" - InstallDriver Table Manager

---> STAT = (NOT RUNNING) Started manually

---> FILE = \C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe---> TYPE = OWN_SERVICE

037) "ImapiService" - IMAPI CD-Burning COM Service

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\imapi.exe

---> TYPE = OWN_SERVICE

038) "iPod Service" - iPod Service

---> STAT = (RUNNING) Started manually

---> FILE = C:\Program\iPod\bin\iPodService.exe

---> TYPE = OWN_SERVICE

039) "lanmanserver" - Server

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

040) "lanmanworkstation" - Workstation

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

041) "LmHosts" - TCP/IP NetBIOS Helper

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

---> TYPE = SHARE_SERVICE

042) "MDM" - Machine Debug Manager

---> STAT = (RUNNING) Started automatically

---> FILE = \C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe---> TYPE = OWN_SERVICE

043) "Messenger" - Messenger

---> STAT = (NOT RUNNING) Disabled

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

044) "mnmsrvc" - NetMeeting Remote Desktop Sharing

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\mnmsrvc.exe

---> TYPE = OWN_SERVICE

045) "MSDTC" - Distributed Transaction Coordinator

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\msdtc.exe

---> TYPE = OWN_SERVICE

046) "MSIServer" - Windows Installer

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\msiexec.exe /V

---> TYPE = SHARE_SERVICE

047) "napagent" - Network Access Protection Agent

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

048) "Nero BackItUp Scheduler 3" - Nero BackItUp Scheduler 3

---> STAT = (RUNNING) Started automatically

---> FILE = C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

---> TYPE = OWN_SERVICE

049) "NetDDE" - Network DDE

---> STAT = (NOT RUNNING) Disabled

---> FILE = C:\WINDOWS\system32\netdde.exe

---> TYPE = SHARE_SERVICE

050) "NetDDEdsdm" - Network DDE DSDM

---> STAT = (NOT RUNNING) Disabled

---> FILE = C:\WINDOWS\system32\netdde.exe

---> TYPE = SHARE_SERVICE

051) "Netlogon" - Net Logon

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\lsass.exe

---> TYPE = SHARE_SERVICE

052) "Netman" - Network Connections

---> STAT = (RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

053) "Nla" - Network Location Awareness (NLA)

---> STAT = (RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

054) "NMIndexingService" - NMIndexingService

---> STAT = (RUNNING) Started manually

---> FILE = \C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe---> TYPE = OWN_SERVICE

055) "NtLmSsp" - NT LM Security Support Provider

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\lsass.exe

---> TYPE = SHARE_SERVICE

056) "NtmsSvc" - Removable Storage

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

057) "odserv" - Microsoft Office Diagnostics Service

---> STAT = (NOT RUNNING) Started manually

---> FILE = \C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE---> TYPE = OWN_SERVICE

058) "ose" - Office Source Engine

---> STAT = (NOT RUNNING) Started manually

---> FILE = \C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE---> TYPE = OWN_SERVICE

059) "PlugPlay" - Plug and Play

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\services.exe

---> TYPE = SHARE_SERVICE

060) "PolicyAgent" - IPSEC Services

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\lsass.exe

---> TYPE = SHARE_SERVICE

061) "ProtectedStorage" - Protected Storage

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\lsass.exe

---> TYPE = SHARE_SERVICE

062) "RasAuto" - Remote Access Auto Connection Manager

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

063) "RasMan" - Remote Access Connection Manager

---> STAT = (RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

064) "RDSessMgr" - Remote Desktop Help Session Manager

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\sessmgr.exe

---> TYPE = OWN_SERVICE

065) "RemoteAccess" - Routing and Remote Access

---> STAT = (NOT RUNNING) Disabled

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

066) "RemoteRegistry" - Remote Registry

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

---> TYPE = SHARE_SERVICE

067) "RpcLocator" - Remote Procedure Call (RPC) Locator

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\locator.exe

---> TYPE = OWN_SERVICE

068) "RpcSs" - Remote Procedure Call (RPC)

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost -k rpcss

---> TYPE = SHARE_SERVICE

069) "RSVP" - QoS RSVP

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\rsvp.exe

---> TYPE = OWN_SERVICE

070) "SamSs" - Security Accounts Manager

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\lsass.exe

---> TYPE = SHARE_SERVICE

071) "SCardSvr" - Smart Card

---> STAT = (RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\SCardSvr.exe

---> TYPE = SHARE_SERVICE

072) "Schedule" - Task Scheduler

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

073) "seclogon" - Secondary Logon Service

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

074) "SENS" - System Event Notification

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

075) "SharedAccess" - Windows Firewall/Internet Connection Sharing (ICS)

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

076) "ShellHWDetection" - Shell Hardware Detection

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

077) "Spooler" - Print Spooler

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\spoolsv.exe

---> TYPE = OWN_SERVICE

078) "spupdsvc" - Windows Service Pack Installer update service

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\spupdsvc.exe

---> TYPE = OWN_SERVICE

079) "srservice" - System Restore Service

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

080) "SSDPSRV" - SSDP Discovery Service

---> STAT = (RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

---> TYPE = SHARE_SERVICE

081) "stisvc" - WIA (Windows Image Acquisition)

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\svchost.exe -k imgsvc

---> TYPE = SHARE_SERVICE

082) "SwPrv" - MS Software Shadow Copy Provider

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{75D93B30-5390-4053-878F-134D8BABE868}

---> TYPE = OWN_SERVICE

083) "SysmonLog" - Performance Logs and Alerts

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\smlogsvc.exe

---> TYPE = OWN_SERVICE

084) "TapiSrv" - Telephony

---> STAT = (RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

085) "TermService" - Terminal Services

---> STAT = (RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\svchost -k DComLaunch

---> TYPE = SHARE_SERVICE

086) "Themes" - Themes

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

087) "TlntSvr" - Telnet

---> STAT = (NOT RUNNING) Disabled

---> FILE = C:\WINDOWS\system32\tlntsvr.exe

---> TYPE = OWN_SERVICE

088) "TrkWks" - Distributed Link Tracking Client

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

089) "upnphost" - Universal Plug and Play Device Host

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

---> TYPE = SHARE_SERVICE

090) "UPS" - Uninterruptible Power Supply

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\ups.exe

---> TYPE = OWN_SERVICE

091) "usnjsvc" - Messenger Sharing Folders USN Journal Reader Service

---> STAT = (NOT RUNNING) Started manually

---> FILE = \C:\Program\Windows Live\Messenger\usnsvc.exe---> TYPE = OWN_SERVICE

092) "VETMSGNT" - VET Message Service

---> STAT = (RUNNING) Started automatically

---> FILE = C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

---> TYPE = OWN_SERVICE

093) "VSS" - Volume Shadow Copy

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\vssvc.exe

---> TYPE = OWN_SERVICE

094) "W32Time" - Windows Time

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

095) "WebClient" - WebClient

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

---> TYPE = SHARE_SERVICE

096) "winmgmt" - Windows Management Instrumentation

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

097) "Winsock"

---> STAT = (RUNNING) Started manually

---> TYPE = ADAPTER

098) "WLSetupSvc" - Windows Live Setup Service

---> STAT = (NOT RUNNING) Started manually

---> FILE = \C:\Program\Windows Live\installer\WLSetupSvc.exe---> TYPE = OWN_SERVICE

099) "WmdmPmSN" - Portable Media Serial Number Service

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

100) "Wmi" - Windows Management Instrumentation Driver Extensions

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

101) "WmiApSrv" - WMI Performance Adapter

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\system32\wbem\wmiapsrv.exe

---> TYPE = OWN_SERVICE

102) "WMPNetworkSvc" - Windows Media Player Network Sharing Service

---> STAT = (NOT RUNNING) Started manually

---> FILE = \C:\Program\Windows Media Player\WMPNetwk.exe---> TYPE = OWN_SERVICE

103) "wscsvc" - Security Center

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

104) "wuauserv" - Automatic Updates

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

105) "WudfSvc" - Windows Driver Foundation - User-mode Driver Framework

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

---> TYPE = SHARE_SERVICE

106) "WZCSVC" - Wireless Zero Configuration

---> STAT = (RUNNING) Started automatically

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE

107) "xmlprov" - Network Provisioning Service

---> STAT = (NOT RUNNING) Started manually

---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

---> TYPE = SHARE_SERVICE[/log]

13 november, 2008

[log]===================== LOADED MODULES =====================

*** NOTE *** Process uuoywfrygn.exe belongs to SystemScan

Already known legit dlls are not shown

------------------------------------------------------------------------------

System pid: 4

Command line: <no command line>

------------------------------------------------------------------------------

smss.exe pid: 796

Command line: \SystemRoot\System32\smss.exe

Base Size Version Path

0x48580000 0xf000 \SystemRoot\System32\smss.exe

------------------------------------------------------------------------------

csrss.exe pid: 1116

Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

Base Size Version Path

0x4a680000 0x5000 \??\C:\WINDOWS\system32\csrss.exe

0x75b20000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\CSRSRV.dll

0x75b30000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\basesrv.dll

0x75b40000 0x4b000 5.01.2600.5512 C:\WINDOWS\system32\winsrv.dll

------------------------------------------------------------------------------

winlogon.exe pid: 840

Command line: winlogon.exe

Base Size Version Path

0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe

0x776b0000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

0x751a0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

0x10000000 0x24000 6.14.0010.4177 C:\WINDOWS\system32\Ati2evxx.dll

0x47180000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\dimsntfy.dll

0x01450000 0x32000 1.07.0018.0007 C:\WINDOWS\system32\WgaLogon.dll

------------------------------------------------------------------------------

services.exe pid: 992

Command line: C:\WINDOWS\system32\services.exe

Base Size Version Path

0x01000000 0x1c000 5.01.2600.5512 C:\WINDOWS\system32\services.exe

0x76060000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll

0x77b60000 0x52000 5.01.2600.5512 C:\WINDOWS\system32\SCESRV.dll

0x776b0000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll

0x7dba0000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\umpnpmgr.dll

0x5d070000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll

0x474a0000 0xf000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcAdProc.dll

0x772f0000 0x11000 5.01.2600.5512 C:\WINDOWS\system32\eventlog.dll

------------------------------------------------------------------------------

lsass.exe pid: 1052

Command line: C:\WINDOWS\system32\lsass.exe

Base Size Version Path

0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\lsass.exe

0x75420000 0xb5000 5.01.2600.5512 C:\WINDOWS\system32\LSASRV.dll

0x76790000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll

0x76f10000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll

0x74410000 0x6d000 5.01.2600.5512 C:\WINDOWS\system32\SAMSRV.dll

0x76780000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll

0x5d070000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

0x4d200000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\msprivs.dll

0x71ce0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\kerberos.dll

0x74480000 0x65000 5.01.2600.5512 C:\WINDOWS\system32\netlogon.dll

0x767b0000 0x2c000 5.01.2600.5512 C:\WINDOWS\system32\w32time.dll

0x76060000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll

0x767e0000 0x27000 5.01.2600.5512 C:\WINDOWS\system32\schannel.dll

0x74350000 0xf000 5.01.2600.5512 C:\WINDOWS\system32\wdigest.dll

0x743e0000 0x30000 5.01.2600.5512 C:\WINDOWS\system32\scecli.dll

0x743b0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\ipsecsvc.dll

0x776b0000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll

0x75710000 0xd0000 5.01.2600.5512 C:\WINDOWS\system32\oakley.DLL

0x74340000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\WINIPSEC.DLL

0x74370000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\pstorsvc.dll

0x10000000 0x13000 8.00.0008.0000 C:\WINDOWS\system32\VetRedir.dll

0x74390000 0x1b000 5.01.2600.5512 C:\WINDOWS\system32\psbase.dll

0x71a40000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll

0x698b0000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll

0x00d40000 0x19000 8.00.0008.0000 C:\WINDOWS\system32\ISafeIf.dll

0x71a80000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll

0x68100000 0x26000 5.01.2600.5507 C:\WINDOWS\system32\dssenh.dll

------------------------------------------------------------------------------

ati2evxx.exe pid: 560

Command line: C:\WINDOWS\system32\Ati2evxx.exe

Base Size Version Path

0x00400000 0x8f000 6.14.0010.4201 C:\WINDOWS\system32\Ati2evxx.exe

0x74ab0000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\cfgMgr32.dll

0x751a0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

0x00c80000 0x10000 6.14.0010.2513 C:\WINDOWS\system32\Ati2edxx.dll

0x10000000 0x2f000 6.14.0010.2537 C:\WINDOWS\system32\atipdlxx.dll

------------------------------------------------------------------------------

svchost.exe pid: 596

Command line: C:\WINDOWS\system32\svchost -k DcomLaunch

Base Size Version Path

0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe

0x5d070000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

0x776b0000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll

0x76b10000 0x11000 3.05.2284.0001 c:\windows\system32\ATL.DLL

------------------------------------------------------------------------------

svchost.exe pid: 956

Command line: C:\WINDOWS\system32\svchost -k rpcss

Base Size Version Path

0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe

0x5d070000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

0x71a40000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll

0x10000000 0x13000 8.00.0008.0000 C:\WINDOWS\system32\VetRedir.dll

0x698b0000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll

0x00ac0000 0x19000 8.00.0008.0000 C:\WINDOWS\system32\ISafeIf.dll

0x71a80000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll

0x76f10000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll

0x16080000 0x25000 1.00.0004.0012 C:\Program\Bonjour\mdnsNSP.dll

------------------------------------------------------------------------------

svchost.exe pid: 1532

Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs

Base Size Version Path

0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\svchost.exe

0x5d070000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

0x76f10000 0x27000 5.01.2600.5625 c:\windows\system32\DNSAPI.dll

0x10000000 0x13000 8.00.0008.0000 C:\WINDOWS\system32\VetRedir.dll

0x71a40000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll

0x698b0000 0x58000 5.01.2600.5512 C:\WINDOWS\System32\hnetcfg.dll

0x00be0000 0x19000 8.00.0008.0000 C:\WINDOWS\system32\ISafeIf.dll

0x71a80000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll

0x73a30000 0xb000 5.01.2600.5512 c:\windows\system32\EapolQec.dll

0x76b10000 0x11000 3.05.2284.0001 c:\windows\system32\ATL.DLL

0x72ab0000 0x16000 5.01.2600.5512 c:\windows\system32\QUtil.dll

0x76060000 0x65000 6.02.3104.0000 c:\windows\system32\MSVCP60.dll

0x60120000 0xa000 5.01.2600.5512 c:\windows\system32\dot3api.dll

0x00fb0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll

0x442c0000 0x45000 7.00.6000.16735 C:\WINDOWS\system32\iertutil.dll

0x767e0000 0x27000 5.01.2600.5512 C:\WINDOWS\System32\SCHANNEL.dll

0x76790000 0x13000 5.01.2600.5512 c:\windows\system32\NTDSAPI.dll

0x611c0000 0x6b000 6.07.2600.5512 c:\windows\system32\qmgr.dll

0x76bf0000 0x2e000 5.01.2600.5512 C:\WINDOWS\System32\credui.dll

0x74600000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\dot3dlg.dll

0x5e1c0000 0x28000 5.01.2600.5512 C:\WINDOWS\System32\OneX.DLL

0x716f0000 0x22000 5.01.2600.5512 C:\WINDOWS\System32\eappcfg.dll

0x6fa90000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\eappprxy.dll

0x68e50000 0x9000 5.01.2600.5512 c:\windows\system32\hidserv.dll

0x74f10000 0xc000 5.01.2600.5512 c:\windows\pchealth\helpctr\binaries\pchsvc.dll

0x77700000 0x44000 2001.12.4414.0706 c:\windows\system32\es.dll

0x74f60000 0x9000 2600.5512.0503.0000 c:\windows\system32\dmserver.dll

0x767b0000 0x2c000 5.01.2600.5512 c:\windows\system32\w32time.dll

0x50000000 0x5000 5.04.3790.5512 c:\windows\system32\wuauserv.dll

0x600f0000 0x28000 5.01.2600.5512 c:\windows\system32\wbem\wmisvc.dll

0x50040000 0x1bb000 7.02.6001.0784 C:\WINDOWS\system32\wuaueng.dll

0x75120000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\Cabinet.dll

0x605c0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\mspatcha.dll

0x776b0000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll

0x74950000 0x114000 8.100.1048.0000 C:\WINDOWS\system32\msxml3.dll

0x50e60000 0xc000 7.02.6001.0784 C:\WINDOWS\system32\wups2.dll

0x16080000 0x25000 1.00.0004.0012 C:\Program\Bonjour\mdnsNSP.dll

0x68100000 0x26000 5.01.2600.5507 C:\WINDOWS\System32\dssenh.dll

0x74340000 0xb000 5.01.2600.5512 c:\windows\system32\WINIPSEC.DLL

0x58170000 0x36000 5.01.2600.5512 C:\WINDOWS\System32\unimdm.tsp

0x581f0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\kmddsp.tsp

0x581d0000 0x10000 5.01.2600.5512 C:\WINDOWS\System32\ndptsp.tsp

0x58200000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\ipconf.tsp

0x58220000 0x46000 5.01.2600.5512 C:\WINDOWS\System32\h323.tsp

0x58210000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\hidphone.tsp

0x71ce0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\kerberos.dll

0x76780000 0xc000 5.01.2600.5512 C:\WINDOWS\System32\cryptdll.dll

0x731b0000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\RASQEC.DLL

------------------------------------------------------------------------------

ati2evxx.exe pid: 1704

Command line: Ati2evxx.exe -Client

Base Size Version Path

0x00400000 0x8f000 6.14.0010.4201 C:\WINDOWS\system32\Ati2evxx.exe

0x74ab0000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\cfgMgr32.dll

0x751a0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

0x00cd0000 0x10000 6.14.0010.2513 C:\WINDOWS\system32\Ati2edxx.dll

0x10000000 0x2f000 6.14.0010.2537 C:\WINDOWS\system32\atipdlxx.dll

0x00d00000 0x24000 6.14.0010.4177 C:\WINDOWS\system32\ati2evxx.dll

------------------------------------------------------------------------------

svchost.exe pid: 1892

Command line: C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

Base Size Version Path

0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe

0x5d070000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

0x006c0000 0x10000 6.00.5716.0032 c:\windows\system32\wudfsvc.dll

0x006d0000 0x2c000 6.00.5716.0032 c:\windows\system32\WUDFPlatform.dll

------------------------------------------------------------------------------

explorer.exe pid: 1120

Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path

0x01000000 0xff000 6.00.2900.5512 C:\WINDOWS\Explorer.EXE

0x75f60000 0xfd000 6.00.2900.5512 C:\WINDOWS\system32\BROWSEUI.dll

0x7e1e0000 0x171000 6.00.2900.5512 C:\WINDOWS\system32\SHDOCVW.dll

0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll

0x442c0000 0x45000 7.00.6000.16735 C:\WINDOWS\system32\iertutil.dll

0x5d070000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

0x751a0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

0x60030000 0x72000 6.00.2900.5512 C:\WINDOWS\system32\themeui.dll

0x76360000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll

0x71d30000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\ACTXPRXY.DLL

0x76970000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll

0x76b10000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL

0x44820000 0x5cd000 7.00.6000.16757 C:\WINDOWS\system32\ieframe.dll

0x76bf0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\credui.dll

0x60120000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\dot3api.dll

0x74600000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dot3dlg.dll

0x5e1c0000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\OneX.DLL

0x716f0000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\eappcfg.dll

0x76060000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll

0x6fa90000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\eappprxy.dll

0x75d80000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\MLANG.dll

0x76590000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\stobject.dll

0x74ac0000 0xa000 6.00.2900.5512 C:\WINDOWS\system32\BatMeter.dll

0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll

0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll

0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll

0x746f0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

0x75f40000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\drprov.dll

0x71c00000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\ntlanman.dll

0x71cc0000 0x17000 5.01.2600.5512 C:\WINDOWS\System32\NETUI0.dll

0x71c80000 0x40000 5.01.2600.5512 C:\WINDOWS\System32\NETUI1.dll

0x75f50000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\davclnt.dll

0x00c70000 0x6000 1.00.0000.0012 C:\WINDOWS\system32\ctagent.dll

0x71600000 0x12000 6.00.2900.5512 C:\WINDOWS\system32\browselc.dll

0x6c730000 0x4d000 5.01.2600.5512 C:\WINDOWS\system32\DUSER.dll

0x4eba0000 0x1a6000 5.01.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll

0x71800000 0x8a000 6.00.2900.5512 C:\WINDOWS\system32\shdoclc.dll

0x02820000 0x4c000 8.00.0000.0000 C:\Program\Delade filer\Adobe\Acrobat\ActiveX\PDFShell.SVE

0x699d0000 0x16000 5.01.2600.5512 C:\WINDOWS\system32\Faultrep.dll

0x03e00000 0x488000 1.03.0001.0207 C:\Program\Delade filer\Nero\Shared\NL3\AdvrCntr3.dll

0x78800000 0x15c000 5.20.1087.0000 C:\Program\Delade filer\Microsoft Shared\OFFICE11\msxml5.dll

------------------------------------------------------------------------------

svchost.exe pid: 1516

Command line: C:\WINDOWS\system32\svchost.exe -k NetworkService

Base Size Version Path

0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe

0x5d070000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

0x76f10000 0x27000 5.01.2600.5625 c:\windows\system32\DNSAPI.dll

0x10000000 0x13000 8.00.0008.0000 C:\WINDOWS\system32\VetRedir.dll

0x71a40000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll

0x698b0000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll

0x00950000 0x19000 8.00.0008.0000 C:\WINDOWS\system32\ISafeIf.dll

0x71a80000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll

------------------------------------------------------------------------------

svchost.exe pid: 1832

Command line: C:\WINDOWS\system32\svchost.exe -k LocalService

Base Size Version Path

0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe

0x5d070000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

0x00a20000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll

0x442c0000 0x45000 7.00.6000.16735 C:\WINDOWS\system32\iertutil.dll

0x76ae0000 0x12000 5.01.2600.5512 c:\windows\system32\regsvc.dll

0x698b0000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll

0x10000000 0x13000 8.00.0008.0000 C:\WINDOWS\system32\VetRedir.dll

0x71a40000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll

0x00db0000 0x19000 8.00.0008.0000 C:\WINDOWS\system32\ISafeIf.dll

0x71a80000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll

0x67ae0000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\httpapi.dll

------------------------------------------------------------------------------

aawservice.exe pid: 288

Command line: C:\Program\Lavasoft\Ad-Aware\aawservice.exe

Base Size Version Path

0x00400000 0x97000 7.01.0000.0012 C:\Program\Lavasoft\Ad-Aware\aawservice.exe

0x10000000 0xc5000 7.01.0000.0012 C:\Program\Lavasoft\Ad-Aware\CEAPI.dll

0x003a0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll

0x442c0000 0x45000 7.00.6000.16735 C:\WINDOWS\system32\iertutil.dll

0x004a0000 0x21b000 8.04.1045.0000 C:\Program\Lavasoft\Ad-Aware\PKArchive85u.dll

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

------------------------------------------------------------------------------

spoolsv.exe pid: 1100

Command line: C:\WINDOWS\system32\spoolsv.exe

Base Size Version Path

0x01000000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\spoolsv.exe

0x5d070000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

0x76f10000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll

0x00d60000 0x9000 0.03.4518.1014 C:\WINDOWS\system32\mdimon.dll

0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll

0x00dd0000 0x9000 0.03.4518.1014 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll

0x71a40000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\mswsock.dll

0x16080000 0x25000 1.00.0004.0012 C:\Program\Bonjour\mdnsNSP.dll

0x76790000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll

------------------------------------------------------------------------------

CTHELPER.EXE pid: 1788

Command line: "C:\WINDOWS\CTHELPER.EXE"

Base Size Version Path

0x01000000 0x7000 2.00.0000.0041 C:\WINDOWS\CTHELPER.EXE

0x751a0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

0x02000000 0x23000 5.12.0001.1196 C:\WINDOWS\SYSTEM32\CTDCIFCE.DLL

0x008e0000 0x6000 1.00.0000.0012 C:\WINDOWS\system32\ctagent.dll

0x008f0000 0xa000 1.00.0004.0011 C:\WINDOWS\system32\ctspkhlp.dll

0x73ee0000 0x5c000 5.03.2600.5512 C:\WINDOWS\system32\DSOUND.dll

0x73eb0000 0x4000 5.03.2600.5512 C:\WINDOWS\system32\KsUser.dll

0x00c30000 0x4a000 5.12.0001.1196 C:\WINDOWS\SYSTEM32\CTDC0001.DLL

0x00c80000 0x26000 5.12.0001.1196 C:\WINDOWS\SYSTEM32\ctosuser.dll

0x00af0000 0x15000 5.12.0001.1196 C:\WINDOWS\SYSTEM32\CTDPROXY.DLL

0x00fc0000 0x5000 5.12.0001.1140 C:\WINDOWS\CTDCRES.DLL

0x00e00000 0x15000 5.12.0001.1196 C:\WINDOWS\SYSTEM32\PIAPROXY.DLL

0x746f0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

------------------------------------------------------------------------------

Logi_MwX.Exe pid: 1820

Command line: "C:\WINDOWS\Logi_MwX.Exe"

Base Size Version Path

0x00400000 0x8000 9.80.0013.0000 C:\WINDOWS\Logi_MwX.Exe

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

0x751a0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

0x746f0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------

vistadrive.exe pid: 1848

Command line: "C:\WINDOWS\VistaDrive\VistaDrive.exe"

Base Size Version Path

0x00400000 0xa4000 3.01.0001.0000 C:\WINDOWS\VistaDrive\VistaDrive.exe

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll

0x00a10000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll

0x442c0000 0x45000 7.00.6000.16735 C:\WINDOWS\system32\iertutil.dll

0x751a0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

0x746f0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------

ehtray.exe pid: 200

Command line: "C:\WINDOWS\ehome\ehtray.exe"

Base Size Version Path

0x00400000 0x11000 5.01.2700.2180 C:\WINDOWS\ehome\ehtray.exe

0x76b10000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

0x746f0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

0x751a0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

------------------------------------------------------------------------------

cctray.exe pid: 404

Command line: "C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe"

Base Size Version Path

0x00400000 0x2b000 3.02.0001.0018 C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe

0x10000000 0x46000 3.02.0001.0018 C:\Program\CA\CA Internet Security Suite\ccGUIFrm.dll

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll

0x00920000 0x78000 3.02.0001.0018 C:\Program\CA\CA Internet Security Suite\ccissImg.dll

0x009a0000 0x3000 3.02.0001.0018 C:\Program\CA\CA Internet Security Suite\ccissPrd.dll

0x009b0000 0x11000 3.02.0001.0018 C:\Program\CA\CA Internet Security Suite\ccissRes.dll

0x009d0000 0x24000 3.02.0001.0018 C:\Program\CA\CA Internet Security Suite\ccGUIFrmRes.dll

0x76360000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\Msimg32.dll

0x70e90000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\asycfilt.dll

0x751a0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

0x02000000 0x6000 1.00.0000.0012 C:\WINDOWS\system32\ctagent.dll

0x011d0000 0x2d000 8.04.0000.0028 C:\Program\CA\CA Internet Security Suite\cctray\cctrayavplugin.dll

0x01310000 0x48000 3.02.0001.0018 C:\Program\CA\CA Internet Security Suite\cctray\cctrayissplugin.dll

0x01360000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll

0x442c0000 0x45000 7.00.6000.16735 C:\WINDOWS\system32\iertutil.dll

0x746f0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

0x015e0000 0x19000 8.00.0008.0000 C:\WINDOWS\system32\ISafeIf.dll

0x01710000 0x37000 8.04.0000.0028 C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\driverif.dll

0x01760000 0x1f000 3.02.0001.0018 C:\Program\CA\CA Internet Security Suite\ccpriv.dll

0x01790000 0x3000 8.04.0000.0028 C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\caavProduct.dll

0x017a0000 0x12000 8.04.0000.0028 C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\caavResource.dll

0x017c0000 0x4d000 8.04.0000.0028 C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\caavImages.dll

0x01b80000 0x7000 3.02.0001.0018 C:\Program\CA\CA Internet Security Suite\caissresource.dll

0x01b90000 0x56000 3.02.0001.0018 C:\Program\CA\CA Internet Security Suite\caISSImages.dll

0x01bf0000 0x8000 3.02.0001.0018 C:\Program\CA\CA Internet Security Suite\caISSProduct.dll

0x01f60000 0x1e000 3.02.0001.0018 C:\Program\CA\CA Internet Security Suite\EZAVLIC.DLL

0x00e90000 0x3b000 3.02.0001.0018 C:\Program\CA\CA Internet Security Suite\calic.dll

0x24400000 0x13000 1.00.0000.0000 C:\Program\CA\CA Internet Security Suite\License.dll

0x01f90000 0x13000 8.00.0008.0000 C:\WINDOWS\system32\VetRedir.dll

0x71a40000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll

0x698b0000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll

0x71a80000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll

0x722a0000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sensapi.dll

0x74950000 0x114000 8.100.1048.0000 C:\WINDOWS\system32\msxml3.dll

0x76f10000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll

0x16080000 0x25000 1.00.0004.0012 C:\Program\Bonjour\mdnsNSP.dll

------------------------------------------------------------------------------

cavrid.exe pid: 696

Command line: "C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

Base Size Version Path

0x00400000 0x39000 8.04.0000.0028 C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

0x10000000 0x46000 3.02.0001.0018 C:\Program\CA\CA Internet Security Suite\ccGUIFrm.dll

0x00950000 0x3000 8.04.0000.0028 C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\caavProduct.dll

0x00960000 0x12000 8.04.0000.0028 C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\caavResource.dll

0x00980000 0x4d000 8.04.0000.0028 C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\caavImages.dll

0x009d0000 0x24000 3.02.0001.0018 C:\Program\CA\CA Internet Security Suite\ccGUIFrmRes.dll

0x76360000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\Msimg32.dll

0x70e90000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\asycfilt.dll

0x751a0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

0x02000000 0x6000 1.00.0000.0012 C:\WINDOWS\system32\ctagent.dll

0x746f0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------

razerhid.exe pid: 736

Command line: "C:\Program\Razer\DeathAdder\razerhid.exe"

Base Size Version Path

0x00400000 0x2b000 1.00.0000.0001 C:\Program\Razer\DeathAdder\razerhid.exe

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

0x751a0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

0x442c0000 0x45000 7.00.6000.16735 C:\WINDOWS\system32\iertutil.dll

0x746f0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

------------------------------------------------------------------------------

smax4pnp.exe pid: 1172

Command line: "C:\Program\Analog Devices\Core\smax4pnp.exe"

Base Size Version Path

0x00400000 0x158000 5.02.0000.0005 C:\Program\Analog Devices\Core\smax4pnp.exe

0x10000000 0x56000 5.02.0003.0000 C:\Program\Analog Devices\Core\SMWDMIF.dll

0x00390000 0x50000 1.00.0000.0008 C:\WINDOWS\system32\EDCrypt.DLL

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll

0x73ee0000 0x5c000 5.03.2600.5512 C:\WINDOWS\system32\DSound.dll

0x73eb0000 0x4000 5.03.2600.5512 C:\WINDOWS\system32\KsUser.dll

0x746f0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

0x751a0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

------------------------------------------------------------------------------

MOM.exe pid: 1692

Command line: "C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM"

Base Size Version Path

0x00400000 0xe000 2.00.0000.0000 C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

0x79000000 0x45000 2.00.50727.0253 C:\WINDOWS\system32\mscoree.dll

0x79e70000 0x561000 2.00.50727.0042 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

0x790c0000 0xae8000 2.00.50727.0042 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b2ee74d963294d43af4ce09e54fd649b\mscorlib.ni.dll

0x746f0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

0x79060000 0x53000 2.00.50727.0042 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

0x7a440000 0x7be000 2.00.50727.0042 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\78cd5c9ae85caa4ca9d822a6a39ab9a6\System.ni.dll

0x7ade0000 0x194000 2.00.50727.0042 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\4594059ee996464abc612f0bafc4775a\System.Drawing.ni.dll

0x7afd0000 0xc86000 2.00.50727.0042 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\48ad1ad25ccdf6449e9ed81b937ef04a\System.Windows.Forms.ni.dll

0x61600000 0x1e000 2.00.3106.38785 C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3106.38785__90ba9c70f846762e\MOM.Implementation.dll

0x60c00000 0xc000 2.00.3091.17954 C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3091.17954__90ba9c70f846762e\LOG.Foundation.dll

0x61200000 0xc000 2.00.3091.17965 C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3091.17965__90ba9c70f846762e\LOG.Foundation.Private.dll

0x60e00000 0x12000 2.00.3106.38782 C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3106.38782__90ba9c70f846762e\LOG.Foundation.Implementation.dll

0x61400000 0x8000 2.00.3091.17977 C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3091.17977__90ba9c70f846762e\MOM.Foundation.dll

0x751a0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

0x61000000 0x8000 2.00.3091.17977 C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3091.17977__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll

0x67770000 0xcc000 2.00.50727.0042 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a929f407d857a740acf7feab892573ea\System.Runtime.Remoting.ni.dll

0x442c0000 0x45000 7.00.6000.16735 C:\WINDOWS\system32\iertutil.dll

0x65f20000 0xb52000 2.00.50727.0210 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\c03830c39219d74aa24315efbbe157f9\System.Web.ni.dll

0x51400000 0xa000 2.00.3106.38784 C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3106.38784__90ba9c70f846762e\CCC.Implementation.dll

0x61a00000 0xa000 2.00.3091.17956 C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3091.17956__90ba9c70f846762e\NEWAEM.Foundation.dll

------------------------------------------------------------------------------

iTunesHelper.exe pid: 1764

Command line: "C:\Program\iTunes\iTunesHelper.exe"

Base Size Version Path

0x00400000 0x49000 7.07.0001.0011 C:\Program\iTunes\iTunesHelper.exe

0x00390000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll

0x442c0000 0x45000 7.00.6000.16735 C:\WINDOWS\system32\iertutil.dll

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

0x10000000 0xe000 7.07.0001.0003 C:\Program\iTunes\iTunesHelper.Resources\sv.lproj\iTunesHelperLocalized.DLL

0x00db0000 0xe000 7.07.0001.0011 C:\Program\iTunes\iTunesHelper.Resources\iTunesHelper.DLL

0x751a0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

0x66800000 0x109c000 7.50.0061.0000 C:\Program\Multimedia\QuickTime Alternative\QTSystem\QuickTime.qts

0x4eba0000 0x1a6000 5.01.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll

0x73ee0000 0x5c000 5.03.2600.5512 C:\WINDOWS\system32\DSOUND.dll

0x73730000 0x4b000 5.03.2600.5512 C:\WINDOWS\system32\ddraw.dll

0x73b90000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\DCIMAN32.dll

0x746f0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

0x01ec0000 0x125000 7.08.0176.0000 C:\Program\Delade filer\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll

0x02010000 0x13000 8.00.0008.0000 C:\WINDOWS\system32\VetRedir.dll

0x71a40000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll

0x698b0000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll

0x02060000 0x19000 8.00.0008.0000 C:\WINDOWS\system32\ISafeIf.dll

0x71a80000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll

------------------------------------------------------------------------------

iid.exe pid: 2032

Command line: "C:\WINDOWS\system32\iid.exe"

Base Size Version Path

0x00400000 0x12000 4.08.0000.0009 C:\WINDOWS\system32\iid.exe

0x10000000 0xc0000 4.08.0000.0009 C:\WINDOWS\system32\iid.dll

0x003b0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll

0x442c0000 0x45000 7.00.6000.16735 C:\WINDOWS\system32\iertutil.dll

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll

0x00db0000 0x7e000 4.08.0000.0009 C:\WINDOWS\system32\iidp11.dll

0x746f0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

0x751a0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

------------------------------------------------------------------------------

jusched.exe pid: 300

Command line: "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

Base Size Version Path

0x00400000 0x24000 6.00.0070.0006 C:\Program\Java\jre1.6.0_07\bin\jusched.exe

0x00390000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll

0x442c0000 0x45000 7.00.6000.16735 C:\WINDOWS\system32\iertutil.dll

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

------------------------------------------------------------------------------

NMBgMonitor.exe pid: 332

Command line: "C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe"

Base Size Version Path

0x00400000 0x31000 3.01.0003.0000 C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe

0x7c420000 0x87000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll

0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll

0x10000000 0x488000 1.03.0001.0207 C:\Program\Delade filer\Nero\Shared\NL3\AdvrCntr3.dll

0x01040000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll

0x442c0000 0x45000 7.00.6000.16735 C:\WINDOWS\system32\iertutil.dll

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

0x699d0000 0x16000 5.01.2600.5512 C:\WINDOWS\system32\Faultrep.dll

0x751a0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

0x746f0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

0x012e0000 0x12000 3.01.0003.0000 C:\Program\Delade filer\Nero\Lib\NMIndexingServicePS.dll

0x01310000 0xa000 3.01.0003.0000 C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvrPS.dll

0x015c0000 0x2fd000 3.01.0003.0000 C:\Program\Delade filer\Nero\Lib\NMDataServices.dll

------------------------------------------------------------------------------

ctfmon.exe pid: 1796

Command line: "C:\WINDOWS\system32\ctfmon.exe"

Base Size Version Path

0x00400000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\ctfmon.exe

0x746f0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

0x60130000 0x33000 5.01.2600.5512 C:\WINDOWS\system32\MSUTB.dll

0x5d070000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

0x751a0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

------------------------------------------------------------------------------

GoogleToolbarNotifier.exe pid: 392

Command line: "C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

Base Size Version Path

0x00400000 0x13000 2.00.0301.1654 C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

0x10000000 0x20000 5.00.0926.3450 C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\gtn.dll

0x003b0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll

0x442c0000 0x45000 7.00.6000.16735 C:\WINDOWS\system32\iertutil.dll

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

0x746f0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

0x00c60000 0xa4000 5.00.0926.3450 C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

0x751a0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

0x76b10000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL

------------------------------------------------------------------------------

msnmsgr.exe pid: 792

Command line: "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

Base Size Version Path

0x00400000 0x575000 8.05.1302.1018 C:\Program\Windows Live\Messenger\MsnMsgr.Exe

0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll

0x76360000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll

0x4eba0000 0x1a6000 5.01.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll

0x59100000 0xf9000 8.05.1302.1018 C:\Program\Windows Live\Messenger\MSNCore.dll

0x442c0000 0x45000 7.00.6000.16735 C:\WINDOWS\system32\iertutil.dll

0x002e0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll

0x74c50000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll

0x76060000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll

0x27500000 0xc8000 4.100.0313.0001 C:\Program\Windows Live\Messenger\msidcrl40.dll

0x722a0000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\SensApi.dll

0x5a700000 0x54000 8.05.1302.1018 C:\Program\Windows Live\Messenger\ContactsUX.dll

0x75f20000 0x13000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTNET.dll

0x746f0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

0x75cd0000 0xae000 6.00.2900.5579 C:\WINDOWS\system32\inetcomm.dll

0x76870000 0x22000 6.00.2900.5512 C:\WINDOWS\system32\MSOERT2.dll

0x01610000 0xe000 6.00.2900.5512 C:\WINDOWS\system32\inetres.dll

0x59300000 0x1a4000 8.05.1302.1018 C:\Program\Windows Live\Messenger\msgslang.8.5.1302.1018.dll

0x016e0000 0x25f000 8.05.1302.1018 C:\Program\Windows Live\Messenger\msgsres.dll

0x01640000 0xb000 9.00.3790.2428 C:\Program\Windows Live\Messenger\custsat.dll

0x751a0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

0x77700000 0x44000 2001.12.4414.0706 C:\WINDOWS\system32\es.dll

0x02000000 0x6000 1.00.0000.0012 C:\WINDOWS\system32\ctagent.dll

0x5b500000 0xa5000 8.05.1302.1018 C:\Program\Windows Live\Messenger\MSGSWCAM.dll

0x5a600000 0x13000 8.05.1302.1018 C:\WINDOWS\system32\sirenacm.dll

0x765c0000 0x11000 6.05.2600.5512 C:\WINDOWS\system32\devenum.dll

0x73680000 0x7000 6.05.2600.5512 C:\WINDOWS\system32\msdmo.dll

------------------------------------------------------------------------------

AppleMobileDeviceService.exe pid: 1180

Command line: "C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"

Base Size Version Path

0x00400000 0x1d000 2.01.0029.0000 C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

0x10000000 0x13000 8.00.0008.0000 C:\WINDOWS\system32\VetRedir.dll

0x71a40000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll

0x698b0000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll

0x007a0000 0x19000 8.00.0008.0000 C:\WINDOWS\system32\ISafeIf.dll

0x71a80000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll

------------------------------------------------------------------------------

steam.exe pid: 1376

Command line: "C:\program\steam\steam.exe" -silent

Base Size Version Path

0x00400000 0x15e000 1.00.0000.0000 C:\program\steam\steam.exe

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

0x746f0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

0x751a0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

0x02000000 0x6000 1.00.0000.0012 C:\WINDOWS\system32\ctagent.dll

0x10000000 0x13000 8.00.0008.0000 C:\WINDOWS\system32\VetRedir.dll

0x71a40000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll

0x698b0000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll

0x00ee0000 0x19000 8.00.0008.0000 C:\WINDOWS\system32\ISafeIf.dll

0x71a80000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll

0x30000000 0x2ef000 2.00.0000.0000 C:\program\steam\Steam.dll

0x76f10000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll

0x16080000 0x25000 1.00.0004.0012 C:\Program\Bonjour\mdnsNSP.dll

0x01b10000 0x301000 1.00.0000.0001 C:\program\steam\SteamUI.dll

0x01470000 0x7b000 3.00.0000.0001 C:\program\steam\vstdlib_s.dll

0x01210000 0x3e000 1.00.0000.0001 C:\program\steam\tier0_s.dll

0x01e20000 0x33000 3.00.0000.0001 C:\Program\Steam\bin\FileSystem_Steam.dll

0x01e60000 0x96000 3.00.0000.0001 C:\Program\Steam\bin\vgui2.dll

0x76360000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll

0x0fa10000 0x2b5000 3.00.0000.0001 C:\program\steam\steamclient.dll

0x0fcd0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll

0x442c0000 0x45000 7.00.6000.16735 C:\WINDOWS\system32\iertutil.dll

0x10020000 0x12d000 1.00.0000.0001 C:\program\steam\bin\p2pvoice.dll

0x21100000 0xad000 7.00.0004.0000 C:\program\steam\bin\mss32_s.dll

0x0ff30000 0xb2000 1.00.0000.0001 C:\program\steam\bin\SteamService.dll

0x10250000 0x115000 6.07.0005.0000 C:\program\steam\dbghelp.dll

0x73ee0000 0x5c000 5.03.2600.5512 C:\WINDOWS\system32\dsound.dll

0x74ec0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemprox.dll

0x74ea0000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll

0x76060000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll

0x76790000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll

0x149b0000 0x15e000 3.00.0000.0001 c:\program\steam\bin\friendsui.dll

0x14b10000 0x10b000 1.00.0000.0001 c:\program\steam\bin\serverbrowser.dll

0x44820000 0x5cd000 7.00.6000.16757 C:\WINDOWS\system32\ieframe.dll

0x7e1e0000 0x171000 6.00.2900.5512 C:\WINDOWS\system32\shdocvw.dll

------------------------------------------------------------------------------

msmsgs.exe pid: 1600

Command line: "C:\Program\Messenger\msmsgs.exe" /background

Base Size Version Path

0x01000000 0x1a3000 4.07.0000.3001 C:\Program\Messenger\msmsgs.exe

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll

0x4eba0000 0x1a6000 5.01.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll

0x76360000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll

0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll

0x442c0000 0x45000 7.00.6000.16735 C:\WINDOWS\system32\iertutil.dll

0x76780000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll

0x746f0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

0x10000000 0x63000 5.01.2600.5512 C:\WINDOWS\system32\XPOB2RES.DLL

0x751a0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

0x77700000 0x44000 2001.12.4414.0706 C:\WINDOWS\system32\es.dll

0x76bf0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\credui.dll

0x75140000 0x19000 4.07.0000.3002 C:\Program\Messenger\msgsc.dll

------------------------------------------------------------------------------

bgsvcgen.exe pid: 152

Command line: C:\WINDOWS\system32\bgsvcgen.exe

Base Size Version Path

0x00400000 0x16000 1.00.0000.0001 C:\WINDOWS\system32\bgsvcgen.exe

------------------------------------------------------------------------------

mDNSResponder.exe pid: 1680

Command line: C:\Program\Bonjour\mDNSResponder.exe

Base Size Version Path

0x00400000 0x57000 1.00.0004.0012 C:\Program\Bonjour\mDNSResponder.exe

0x10000000 0x13000 8.00.0008.0000 C:\WINDOWS\system32\VetRedir.dll

0x71a40000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll

0x698b0000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll

0x007e0000 0x19000 8.00.0008.0000 C:\WINDOWS\system32\ISafeIf.dll

0x71a80000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll

0x76b10000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL

------------------------------------------------------------------------------

isafe.exe pid: 408

Command line: "C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe"

Base Size Version Path

0x00400000 0x23000 8.00.0008.0000 C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

0x10000000 0x36000 8.00.0008.0000 C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafServ.dll

0x003e0000 0x12000 8.04.0000.0028 C:\WINDOWS\system32\iSafProd.dll

0x6e400000 0x49000 7.03.0000.0009 C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\Arclib.dll

0x00a30000 0x19000 8.00.0008.0000 C:\WINDOWS\system32\ISafeIf.dll

0x00a70000 0x13000 8.00.0008.0000 C:\WINDOWS\system32\VetRedir.dll

0x71a40000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll

0x698b0000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll

0x71a80000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll

0x60000000 0x164000 31.06.0000.0000 C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafeEngine.dll

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

------------------------------------------------------------------------------

mdm.exe pid: 1608

Command line: "C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe"

Base Size Version Path

0x00400000 0x52000 7.10.3077.0000 C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe

0x51a60000 0x6000 7.10.3077.0000 C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\1053\mdmui.dll

------------------------------------------------------------------------------

NBService.exe pid: 2112

Command line: "C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe"

Base Size Version Path

0x00400000 0xcf000 3.01.0000.0000 C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

0x7c420000 0x87000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll

0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

0x10000000 0xf6000 3.01.0000.0000 C:\Program\Nero\Nero8\Nero BackItUp\NB.dll

0x007c0000 0x22000 8.01.0003.0001 C:\Program\Nero\Nero8\Nero BackItUp\NeroAPIGlueLayerUnicode.dll

0x00800000 0x63000 3.01.0000.0000 C:\Program\Nero\Nero8\Nero BackItUp\LBFC.dll

0x00980000 0x89000 3.01.0000.0000 C:\Program\Nero\Nero8\Nero BackItUp\NBHDMgr.dll

0x758c0000 0x46000 5.01.2600.5512 C:\WINDOWS\system32\mstask.dll

0x76790000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll

0x76f10000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll

------------------------------------------------------------------------------

razertra.exe pid: 2120

Command line: "C:\Program\Razer\DeathAdder\razertra.exe"

Base Size Version Path

0x00400000 0x26000 1.00.0000.0001 C:\Program\Razer\DeathAdder\razertra.exe

0x773c0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

0x746f0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

0x751a0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

0x10000000 0x3d000 4.00.0000.0004 C:\Program\Razer\DeathAdder\razerlan.dll

------------------------------------------------------------------------------

razerofa.exe pid: 2496

Command line: "C:\Program\Razer\DeathAdder\razerofa.exe"

Base Size Version Path

0x00400000 0x2a000 4.00.0000.0004 C:\Program\Razer\DeathAdder\razerofa.exe

0x746f0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll

0x751a0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime

------------------------------------------------------------------------------

spupdsvc.exe pid: 2792

Command line: C:\WINDOWS\system32\spupdsvc.exe

Base Size Version Path

0x01000000 0x7000 6.03.0013.0000 C:\WINDOWS\system32\spupdsvc.exe

0x75120000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\Cabinet.dll

------------------------------------------------------------------------------

vetmsg.exe pid: 3908

Command line: "C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe"

Base Size Version Path

0x00400000 0x3c000 8.04.0000.0028 C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

0x10000000 0x37000 8.04.0000.0028 C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\DriverIf.dll

0x003e0000 0x3000 8.04.0000.0028 C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetNtMsg.dll

0x00b20000 0x19000 8.00.0008.0000 C:\WINDOWS\system32\ISafeIf.dll

0x00b50000 0x13000 8.00.0008.0000 C:\WINDOWS\system32\VetRedir.dll