# Need Help on Detecting Keyloggers !



## kd32 (Aug 4, 2010)

Hi Everybody, I think my laptop is infected with a keylogger. ALL that I key in using my keyboard (word files saved on the hard disk, passwords for emails, websites visited etc ),all the programs that run or have run on my system and all the folders accessed become known to "others" -possible those who share my wireless network, when I am online. Please don't ask why I feel so, but I think its true !!

It could also be a network security (IP/packet sniffing) issue, but I would first like to make sure that there is no keylogger running on the system . Given below is a log generated by winpatrol for my system (similar to Hijack This). Will really appreciate you assessment for anything thats obviously wrong and any other suggestions you may have on network security as well.

Just before posting this, I discovered "AVRedirector.exe" process and read that it could be harmful and so disabled that, plz have a look at other details and let me know.

Thanks, kd

Log created by WinPatrol [FREE Edition] version 18.1.2010.0:18.1.2010.0
Scan saved at 12:04:39 AM, on 8/04/2010
Platform: Windows Vista SP2 Home Edition Service Pack 2 (Build 6002)
MSIE: Internet Explorer (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Windows\RtHDVCpl.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\MOM.exe
C:\PROGRAM FILES\SYNAPTICS\SynTP\SYNTPSTART.EXE
C:\PROGRAM FILES\ltmoh\ltmoh.exe
C:\PROGRAM FILES\Toshiba\POWER SAVER\TPwrMain.exe
C:\PROGRAM FILES\Toshiba\SMOOTHVIEW\SMOOTHVIEW.EXE
C:\PROGRAM FILES\Toshiba\FLASHCARDS\TCrdMain.exe
C:\PROGRAM FILES\Java\jre6\bin\jusched.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\WINDOWS SIDEBAR\sidebar.exe
C:\PROGRAM FILES\SYNAPTICS\SynTP\SynTPEnh.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.exe
C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\msnmsgr.exe
C:\PROGRAM FILES\Skype\Phone\Skype.exe
C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCui.exe
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2009\avp.exe
C:\Windows\System32\wuauclt.exe
C:\PROGRAM FILES\SYNAPTICS\SynTP\SYNTOSHIBA.EXE
C:\PROGRAM FILES\Toshiba\CONFIGFREE\CFSwMgr.exe
C:\PROGRAM FILES\WINDOWS LIVE\Contacts\wlcomm.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE
C:\Windows\System32\Macromed\Flash\FLASHUTIL10D.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender]%ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC]C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl]RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart]C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [LtMoh]C:\Program Files\ltmoh\ltmoh.exe
O4 - HKLM\..\Run: [TPwrMain]%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON]%ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView]%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain]%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Skytel]Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [AVP]C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher]C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM]C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [ISS_SIP]C:\Program Files\Anti Keylogger Elite\AKE.exe
O4 - HKLM\..\Run: [WinPatrol [FREE Edition]]C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [Sidebar]C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD]TOSCDSPD.EXE
O4 - HKCU\..\Run: [msnmsgr]C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background
O4 - HKCU\..\Run: [Skype]C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O11 - Options group: [] - 
O16 - DPF: ppctlcab (http://ppupdates.ca.com/downloads/scanner/ppctlcab) - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} (LogMeIn Rescue Applet Downloader) - https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_17) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Agere Modem Call Progress Audio - Agere Systems - C:\Windows\System32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\System32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus - Kaspersky Lab - C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2009\avp.exe
O23 - Service: AVRedirector - - C:\PROGRAM FILES\INVISIBLE IP MAP\AVREDIRECTOR.EXE
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\PROGRAM FILES\Toshiba\CONFIGFREE\CFSvcs.exe
O23 - Service: McciCMService - - C:\PROGRAM FILES\COMMON FILES\Motive\MCCICMSERVICE.EXE
O23 - Service: NLS Service - Nalpeiron Ltd. - C:\Windows\System32\NLSSRV32.EXE
O23 - Service: TOSHIBA Navi Support Service - TOSHIBA Corporation - C:\PROGRAM FILES\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service - TOSHIBA Corporation - C:\Windows\System32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver - TOSHIBA Corporation - C:\PROGRAM FILES\Toshiba\POWER SAVER\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\PROGRAM FILES\Toshiba\BLUETOOTH TOSHIBA STACK\TosBtSrv.exe
O23 - Service: Ulead Burning Helper - Ulead Systems, Inc. - C:\PROGRAM FILES\COMMON FILES\ULEAD SYSTEMS\DVD\ULCDRSvr.exe
--- Additional WinPatrol Info ---
Default Browser: Windows® Internet Explorer - Internet Explorer version 8.00.6001.18702
MSIE: Internet Explorer (8.00.6001.18702)
138 IE Cookies in Folder: C:\Users\Kedar\AppData\Roaming\Microsoft\Windows\Cookies\low\
WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP02 - HKLM\CCS: Command = C:\Windows\system32\cmd.exe
WP03 - Windows Automatic Update = 4:Automatically download recommended updates for my computer and install them.

WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://
WP31 - Scheduled Tasks: [File Helper.job]C:\Program Files\File Helper\2.2.0.0\FileHelper.exe 07/18/2010 5:01 AM
WP31 - Scheduled Tasks: [Driver Robot.job]C:\Program Files\Driver Robot\1.1.0.3\DriverRobot.exe 07/18/2010 5:01 AM
WP16 - ActiveX: {0D43FE01-F093-11CF-8940-00A0C9054228} [FileSystem Object] C:\Windows\System32\scrrun.dll 5.7.0.6000
WP16 - ActiveX: {12A66224-5E8A-4679-8941-0B9B960BF5EA} [VistaWUWebControl Class] C:\Windows\System32\wuwebv.dll 7.4.7600.226
WP16 - ActiveX: {15F08F29-C341-44BF-9DB2-2A7A23304E14} [McciUACManager Class] C:\PROGRAM FILES\COMMON FILES\Motive\MCCIUACMANAGERX.DLL 
WP16 - ActiveX: {19916E01-B44E-4E31-94A4-4696DF46157B} [InformationCardSigninHelper Class] C:\Windows\System32\icardie.dll 8.00.6001.18702
WP16 - ActiveX: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [Windows Media Player] C:\Windows\System32\wmpdxm.dll 11.0.6002.18065
WP16 - ActiveX: {25336920-03F9-11CF-8FD0-00AA00686F13} [HTML Document] C:\Windows\System32\mshtml.dll 8.00.6001.18702
WP16 - ActiveX: {2933BF90-7B36-11D2-B20E-00C04F983E60} [XML DOM Document] C:\Windows\System32\msxml3.dll 8.100.5002.0
WP16 - ActiveX: {2933BF94-7B36-11D2-B20E-00C04F983E60} [XSL Template] C:\Windows\System32\msxml3.dll 8.100.5002.0
WP16 - ActiveX: {2C1A5446-45E1-412F-BF68-EBFBB8405A1B} [McciLog Class] C:\PROGRAM FILES\COMMON FILES\Motive\McciLogX.dll 
WP16 - ActiveX: {2FC9A21E-2069-4E47-8235-36318989DB13} [PPSDKActiveXScanner.MainScreen] C:\Windows\DOWNLOADED PROGRAM FILES\PPSDKACTIVEXSCANNER.OCX 1.05.0005
WP16 - ActiveX: {3050F819-98B5-11CF-BB82-00AA00BDCE0B} [HtmlDlgSafeHelper Class] C:\Windows\System32\mshtmled.dll 8.00.6001.18702
WP16 - ActiveX: {38481807-CA0E-42D2-BF39-B33AF135CC4D} [IETag Factory] C:\Program Files\Common Files\microsoft shared\Smart Tag\IETAG.DLL 12.0.6425.1000
WP16 - ActiveX: {48123BC4-99D9-11D1-A6B3-00C04FD91555} [XML Document] C:\Windows\System32\msxml3.dll 8.100.5002.0
WP16 - ActiveX: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} [McciUtilsSpecialFolder Class] C:\PROGRAM FILES\COMMON FILES\Motive\MCCIUTILSX.DLL 
WP16 - ActiveX: {55136805-B2DE-11D1-B9F2-00A0C98BC547} [Shell Name Space] C:\Windows\System32\ieframe.dll 8.00.6001.18702
WP16 - ActiveX: {5852F5ED-8BF4-11D4-A245-0080C6F74284} [isInstalled Class] C:\PROGRAM FILES\Java\jre6\bin\wsdetect.dll 6.0.170.4
WP16 - ActiveX: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} [CScanner Object] C:\Windows\DOWNLOADED PROGRAM FILES\ppctl.dll 5.6.4.4
WP16 - ActiveX: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} [LogMeIn Rescue Applet Downloader] C:\Windows\DOWNLOADED PROGRAM FILES\RESCUEDOWNLOADER.DLL 1.0.14
WP16 - ActiveX: {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Windows Media Player] C:\Windows\System32\wmp.dll 11.0.6002.18111
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\Windows\System32\ieframe.dll 8.00.6001.18702
WP16 - ActiveX: {88D969C0-F192-11D4-A65F-0040963251E5} [XML DOM Document 4.0] C:\Windows\System32\msxml4.dll 4.20.9876.0
WP16 - ActiveX: {88D969C1-F192-11D4-A65F-0040963251E5} [Free Threaded XML DOM Document 4.0] C:\Windows\System32\msxml4.dll 4.20.9876.0
WP16 - ActiveX: {88D969C3-F192-11D4-A65F-0040963251E5} [XSL Template 4.0] C:\Windows\System32\msxml4.dll 4.20.9876.0
WP16 - ActiveX: {88D969C5-F192-11D4-A65F-0040963251E5} [XML HTTP 4.0] C:\Windows\System32\msxml4.dll 4.20.9876.0
WP16 - ActiveX: {88D969E5-F192-11D4-A65F-0040963251E5} [XML DOM Document 5.0] C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE11\msxml5.dll 5.20.1087.0
WP16 - ActiveX: {88D969E6-F192-11D4-A65F-0040963251E5} [Free Threaded XML DOM Document 5.0] C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE11\msxml5.dll 5.20.1087.0
WP16 - ActiveX: {88D969E8-F192-11D4-A65F-0040963251E5} [XSL Template 5.0] C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE11\msxml5.dll 5.20.1087.0
WP16 - ActiveX: {88D969EA-F192-11D4-A65F-0040963251E5} [XML HTTP 5.0] C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE11\msxml5.dll 5.20.1087.0
WP16 - ActiveX: {88D96A05-F192-11D4-A65F-0040963251E5} [XML DOM Document 6.0] C:\Windows\System32\msxml6.dll 6.20.5002.0
WP16 - ActiveX: {88D96A06-F192-11D4-A65F-0040963251E5} [Free Threaded XML DOM Document 6.0] C:\Windows\System32\msxml6.dll 6.20.5002.0
WP16 - ActiveX: {88D96A08-F192-11D4-A65F-0040963251E5} [XSL Template 6.0] C:\Windows\System32\msxml6.dll 6.20.5002.0
WP16 - ActiveX: {88D96A0A-F192-11D4-A65F-0040963251E5} [XML HTTP 6.0] C:\Windows\System32\msxml6.dll 6.20.5002.0
WP16 - ActiveX: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Java Plug-in 1.6.0_17] C:\PROGRAM FILES\Java\jre6\bin\jp2iexp.dll 
WP16 - ActiveX: {8FD68625-2346-418A-8899-67CB36B1917F} [McciSM Class] C:\PROGRAM FILES\COMMON FILES\Motive\McciSMX.dll 
WP16 - ActiveX: {A6FF3C3C-F33A-4269-9300-2682DB3B3441} [McciUtilsRegistry Class] C:\PROGRAM FILES\COMMON FILES\Motive\MCCIUTILSX.DLL 
WP16 - ActiveX: {BB3B91F7-1070-4BFD-AA42-6C523B9162B9} [McciHTTPClient Class] C:\PROGRAM FILES\COMMON FILES\Motive\MCCIHTTPX.DLL 
WP16 - ActiveX: {BD96C556-65A3-11D0-983A-00C04FC29E36} [RDS.DataSpace] C:\PROGRAM FILES\COMMON FILES\System\msadc\msadco.dll 6.0.6001.18000
WP16 - ActiveX: {C9712B19-838B-45A5-ABF2-9A315DDDED50} [Microsoft Office 12 Authorization Control] C:\Program Files\Microsoft Office\Office12\AUTHZAX.DLL 12.0.6413.1000
WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe PDF Reader] C:\PROGRAM FILES\COMMON FILES\Adobe\Acrobat\ActiveX\AcroPDF.dll 
WP16 - ActiveX: {CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} [Deployment Toolkit] C:\Windows\System32\deploytk.dll 6.0.170.4
WP16 - ActiveX: {CD3AFA76-B84F-48F0-9393-7EDC34128127} [AUDIO__MP3 Moniker Class] C:\Windows\System32\wmp.dll 11.0.6002.18111
WP16 - ActiveX: {CD3AFA89-B84F-48F0-9393-7EDC34128127} [VIDEO__MPEG Moniker Class] C:\Windows\System32\wmp.dll 11.0.6002.18111
WP16 - ActiveX: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} [Microsoft Url Search Hook] C:\Windows\System32\ieframe.dll 8.00.6001.18702
WP16 - ActiveX: {D2517915-48CE-4286-970F-921E881B8C5C} [Windows Live Sign-in Control] C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WINDOWSLIVELOGIN.DLL 5.000.818.5
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\Windows\System32\Macromed\Flash\Flash10d.ocx 10,0,42,34
WP16 - ActiveX: {DEF05203-B9AE-491A-B5D6-8E41D9D02FC7} [McciSysProcess Class] C:\PROGRAM FILES\COMMON FILES\Motive\McciSysX.dll 
WP16 - ActiveX: {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [msgsc.14.0.8089.0726] C:\Program Files\Windows Live\Messenger\msgsc.14.0.8089.0726.dll 14.0.8089.0726
WP16 - ActiveX: {E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05} [NameCtrl Class] C:\PROGRAM FILES\MICROSOFT OFFICE\Office12\NAME.DLL 12.0.6423.1000
WP16 - ActiveX: {E69CAF33-4F0C-4F2B-A2E5-0D4F458EC22F} [McciUtilsGlobalDataStore Class] C:\PROGRAM FILES\COMMON FILES\Motive\MCCIUTILSX.DLL 
WP16 - ActiveX: {ED8C108E-4349-11D2-91A4-00C04F7969E8} [XML HTTP Request] C:\Windows\System32\msxml3.dll 8.100.5002.0
WP16 - ActiveX: {F5078F32-C551-11D3-89B9-0000F81FE221} [XML DOM Document 3.0] C:\Windows\System32\msxml3.dll 8.100.5002.0
WP16 - ActiveX: {F5078F40-C551-11D3-89B9-0000F81FE221} [XML Document 3.0] C:\Windows\System32\msxml3.dll 8.100.5002.0
WP16 - ActiveX: {F6D90F11-9C73-11D3-B32E-00C04F990BB4} [XML DOM Document] C:\Windows\System32\msxml3.dll 8.100.5002.0
WP16 - ActiveX: {F6D90F16-9C73-11D3-B32E-00C04F990BB4} [XML HTTP] C:\Windows\System32\msxml3.dll 8.100.5002.0
WP16 - ActiveX: {00024522-0000-0000-C000-000000000046} [RefEdit.Ctrl] C:\Program Files\Microsoft Office\Office12\REFEDIT.DLL 12.0.6413.1000
WP16 - ActiveX: {0002E569-0000-0000-C000-000000000046} [Microsoft Office Spreadsheet 11.0] C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL 11.0.8304
WP16 - ActiveX: {0002E56B-0000-0000-C000-000000000046} [Microsoft Office Data Source Control 11.0] C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL 11.0.8304
WP16 - ActiveX: {261B8CA9-3BAF-4BD0-B0C2-BF04286785C6} [Microsoft Office Outlook View Control] C:\Program Files\Microsoft Office\Office12\OUTLCTL.DLL 
WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] C:\Windows\System32\wmpdxm.dll 11.0.6002.18065
WP16 - ActiveX: {0713E8A2-850A-101B-AFC0-4210102A8DA7} [Microsoft TreeView Control, version 5.0 (SP2)] C:\Windows\System32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {0713E8D2-850A-101B-AFC0-4210102A8DA7} [Microsoft ProgressBar Control, version 5.0 (SP2)] C:\Windows\System32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {F8CF7A98-2C45-4c8d-9151-2D716989DDAB} [Microsoft Visio Document] C:\Program Files\Microsoft Office\Office12\VVIEWER.DLL 12.0.6513.5000
WP16 - ActiveX: {52A2AAAE-085D-4187-97EA-8C30DB990436} [HHCtrl Object] C:\Windows\System32\hhctrl.ocx 6.0.6000.16386
WP16 - ActiveX: {54CE37E0-9834-41ae-9896-4DAB69DC022B} [Microsoft Terminal Services Client Control (redist)] C:\Windows\System32\mstscax.dll 6.0.6001.18000
WP16 - ActiveX: {7466A304-ABF5-4998-88AE-F78D6F134E00} [ImexGridCtrl.2 Object] C:\Program Files\Microsoft Office\Office12\ACCWIZ.DLL 12.0.6535.5005
WP16 - ActiveX: {444D2D27-02E8-486B-9018-3644958EF8A9} [FieldListCtrl.2 Object] C:\Program Files\Microsoft Office\Office12\ACCWIZ.DLL 12.0.6535.5005
WP16 - ActiveX: {58DA8D8A-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ListView Control, version 5.0 (SP2)] C:\Windows\System32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {58DA8D8F-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ImageList Control, version 5.0 (SP2)] C:\Windows\System32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {6B7E638F-850A-101B-AFC0-4210102A8DA7} [Microsoft StatusBar Control, version 5.0 (SP2)] C:\Windows\System32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {6A6F4B83-45C5-4ca9-BDD9-0D81C12295E4} [Microsoft Terminal Services Client Control (redist)] C:\Windows\System32\mstscax.dll 6.0.6001.18000
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\Windows\System32\ieframe.dll 8.00.6001.18702
WP16 - ActiveX: {8BD21D50-EC42-11CE-9E0D-00AA006002F3} [Microsoft Forms 2.0 OptionButton] C:\Windows\System32\FM20.DLL 12.0.6514.5000
WP16 - ActiveX: {971127BB-259F-48c2-BD75-5F97A3331551} [Microsoft Terminal Services Client Control (redist)] C:\Windows\System32\mstscax.dll 6.0.6001.18000
WP16 - ActiveX: {1989C694-3CF9-4a56-B1CC-2E3CB1D753D7} [HtmlInput Class] C:\Windows\ehome\ehkeyctl.dll 6.0.6000.16386
WP16 - ActiveX: {AE24FDAE-03C6-11D1-8B76-0080C744F389} [Microsoft Scriptlet Component] C:\Windows\System32\mshtml.dll 8.00.6001.18702
WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe PDF Reader] C:\PROGRAM FILES\COMMON FILES\Adobe\Acrobat\ActiveX\AcroPDF.dll 
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\Windows\System32\Macromed\Flash\Flash10d.ocx 10,0,42,34
WP32 - Hidden File: C:\arp.bat
WP32 - Hidden File: C:\bootmgr
WP32 - Hidden File: C:\hiberfil.sys
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\Windows\WindowsShell.Manifest
WP32 - Hidden File: C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
WP32 - Hidden File: C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
WP32 - Hidden File: C:\Windows\System32\config\BCD-Template.LOG
WP32 - Hidden File: C:\Windows\System32\config\BCD-Template.LOG1
WP32 - Hidden File: C:\Windows\System32\config\BCD-Template.LOG2
WP32 - Hidden File: C:\Windows\System32\config\COMPONENTS.LOG
WP32 - Hidden File: C:\Windows\System32\config\COMPONENTS.LOG1
WP32 - Hidden File: C:\Windows\System32\config\COMPONENTS.LOG2
WP32 - Hidden File: C:\Windows\System32\config\DEFAULT.LOG
WP32 - Hidden File: C:\Windows\System32\config\DEFAULT.LOG1
WP32 - Hidden File: C:\Windows\System32\config\DEFAULT.LOG2
WP32 - Hidden File: C:\Windows\System32\config\SAM.LOG
WP32 - Hidden File: C:\Windows\System32\config\SAM.LOG1
WP32 - Hidden File: C:\Windows\System32\config\SAM.LOG2
WP32 - Hidden File: C:\Windows\System32\config\SECURITY.LOG
WP32 - Hidden File: C:\Windows\System32\config\SECURITY.LOG1
WP32 - Hidden File: C:\Windows\System32\config\SECURITY.LOG2
WP32 - Hidden File: C:\Windows\System32\config\SOFTWARE.LOG
WP32 - Hidden File: C:\Windows\System32\config\SOFTWARE.LOG1
WP32 - Hidden File: C:\Windows\System32\config\SOFTWARE.LOG2
WP32 - Hidden File: C:\Windows\System32\config\SYSTEM.LOG
WP32 - Hidden File: C:\Windows\System32\config\SYSTEM.LOG1
WP32 - Hidden File: C:\Windows\System32\config\SYSTEM.LOG2
WP32 - Hidden File: C:\Windows\System32\desktop.ini
WP32 - Hidden File: C:\Windows\System32\drivers\1179_TOSHIBA_Satellite A210_S3A6456D002_PSAFGC-MS408C.MRK
WP32 - Hidden File: C:\Windows\System32\drivers\fidbox.dat
WP32 - Hidden File: C:\Windows\System32\drivers\fidbox.idx
WP32 - Hidden File: C:\Windows\System32\drivers\fidbox2.dat
WP32 - Hidden File: C:\Windows\System32\drivers\fidbox2.idx
WP32 - Hidden File: C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
WP32 - Hidden File: C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
WP32 - Hidden File: C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
WP33 - File Type .AVI: [AVI Video File]C:\Program Files\K-Lite Codec Pack\Media player Classic\mplayerc.exe %1
WP33 - File Type .BAT: [Windows Batch File]%1 %*
WP33 - File Type .CAT: [Security Catalog]C:\Windows\system32\rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\Windows\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows Command Script]%1 %*
WP33 - File Type .DOC: [Microsoft Office Word 97 - 2003 Document]C:\Program Files\Microsoft Office\Office12\WINWORD.EXE /n /dde
WP33 - File Type .EML: [Internet E-Mail Message]C:\Program Files\Windows Mail\WinMail.exe /eml:%1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\Windows\system32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript Script File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]C:\Windows\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\Windows\System32\msiexec.exe /i %1 %*
WP33 - File Type .MSG: [Outlook Item]C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE /f %1
WP33 - File Type .MID: [MIDI Sequence]C:\Program Files\Windows Media Player\wmplayer.exe /Open %L
WP33 - File Type .MP3: [MP3 Format Sound]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .RAM: [RealMedia File]C:\Program Files\K-Lite Codec Pack\Media player Classic\mplayerc.exe %1
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Format]C:\Program Files\Microsoft Office\Office12\WINWORD.EXE /n /dde
WP33 - File Type .SCR: [Screen Saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\Windows\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Windows host process (Rundll32)]C:\Windows\System32\rundll32.exe C:\Windows\System32\ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .XLS: [Microsoft Office Excel 97-2003 Worksheet]C:\Program Files\Microsoft Office\Office12\EXCEL.EXE /e
Memory currently in use: 52%
Physical Memory Free: 932,748 KB
Paging File Free: 2,904,456 KB
Virtual Memory Free: 1,977,096 KB

--
End of file


----------

