Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New here, curious activity on my machine


  • This topic is locked This topic is locked
66 replies to this topic

#1 imazephed

imazephed

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 15 September 2009 - 10:43 PM

Hi all, just found this place. I have been experiencing some pop ups on my machine. Never had them before. Seems to be performing a little sluggish as well. I have done all the things I know to do and figure its time for someone who actually knows what is what.

This is a fresh HJT log. I have run many online scanners and they come up with nothing but I know there is something there. I would appreciate any help...Thanks Jason



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:32 PM, on 9/15/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\AOL\1186805682\ee\aolsoftware.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5438
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\hddhealth.exe -wl
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1ca163962adda23) (gupdate1ca163962adda23) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: XBaseMS-Service - Transaction Software, D 81737 Munich - C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\tbmux32.exe

--
End of file - 10454 bytes

Well since I had time I ran a Malwarebytes' Anti-Malware 1.41

Malwarebytes' Anti-Malware 1.41
Database version: 2798
Windows 6.0.6002 Service Pack 2

9/14/2009 10:21:25 PM
mbam-log-2009-09-14 (22-21-25).txt

Scan type: Full Scan (C:\|D:\|K:\|)
Objects scanned: 507617
Time elapsed: 2 hour(s), 3 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


And I did a combo fix too. I know I was supposed to wait but I know there is something on this machine. I get a pop up adds from sites that I never got pop ups from before. Here is the log from combo fix. I am still getting pop ups so it did not fix anything. I followed the directions found here to the letter.

ComboFix 09-09-14.02 - Led Zeppelin 09/15/2009 22:16.13.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1307 [GMT -5:00]
Running from: C:\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-336559941-1480386105-577895080-500
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Installer\edaca.msi

.
((((((((((((((((((((((((( Files Created from 2009-08-16 to 2009-09-16 )))))))))))))))))))))))))))))))
.

2009-09-16 03:23 . 2009-09-16 03:23 -------- d-----w- c:\users\Led Zeppelin\AppData\Local\temp
2009-09-16 03:23 . 2009-09-16 03:23 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2009-09-16 03:23 . 2009-09-16 03:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-16 03:08 . 2009-09-16 03:08 3315456 ----a-r- C:\ComboFix.exe
2009-09-15 04:10 . 2009-09-15 04:10 -------- d-----w- c:\program files\HDD Health
2009-09-09 18:36 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 18:36 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 18:36 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 18:36 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 18:36 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 18:36 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 18:36 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 18:36 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 18:36 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 18:36 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 18:36 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 18:35 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 18:35 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 18:35 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-09 18:35 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 18:35 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 18:35 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-03 16:09 . 2009-09-03 16:10 -------- d-----w- c:\users\Led Zeppelin\AppData\Local\Ahead
2009-09-02 22:38 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-02 22:38 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-02 22:38 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-02 22:38 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-02 22:38 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-02 22:38 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-02 22:38 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-02 22:38 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-02 21:13 . 2009-09-02 21:13 -------- d-----w- c:\users\Led Zeppelin\AppData\Local\Adobe
2009-09-02 19:27 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 19:27 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 08:02 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-22 19:10 . 2009-08-22 19:14 -------- d-----w- c:\users\Led Zeppelin\AppData\Roaming\HpUpdate
2009-08-22 19:10 . 2009-08-22 19:10 -------- d-----w- c:\windows\Hewlett-Packard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-16 03:04 . 2009-06-13 14:57 -------- d-----w- c:\users\Led Zeppelin\AppData\Roaming\uTorrent
2009-09-15 04:21 . 2007-11-05 23:11 -------- d-----w- c:\programdata\Google Updater
2009-09-15 01:09 . 2008-12-10 02:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 19:54 . 2008-12-10 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2008-12-10 02:09 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 05:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-10 05:04 . 2008-05-16 15:29 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-06 14:37 . 2008-01-23 03:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-03 16:19 . 2007-08-12 20:29 -------- d-----w- c:\programdata\DVD Shrink
2009-08-06 02:00 . 2007-02-16 00:18 -------- d-----w- c:\program files\Google
2009-08-06 01:58 . 2007-10-21 03:10 -------- d-----w- c:\program files\DivX
2009-08-06 01:58 . 2009-08-06 01:57 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-05 14:59 . 2007-02-16 00:19 -------- d-----w- c:\program files\Java
2009-07-25 10:23 . 2008-12-09 13:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-31 12:55 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-31 12:55 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-31 12:55 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-31 12:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 13:53 . 2008-10-17 21:14 -------- d-----w- c:\users\Led Zeppelin\AppData\Roaming\SendSpace Wizard
2009-07-17 13:54 . 2009-08-11 22:22 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-11 22:22 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-11 22:22 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-11 22:22 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-11 22:22 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 23:14 . 2008-08-24 13:10 20 ---h--w- c:\programdata\PKP_DLdw.DAT
2009-07-11 23:07 . 2008-08-24 13:35 20 ---h--w- c:\programdata\PKP_DLdu.DAT
2009-04-16 18:10 . 2009-04-16 18:10 9924040 ----a-w- c:\program files\windows-kb890830-v2.9.exe
2009-03-04 02:02 . 2009-03-04 02:02 6198784 ----a-w- c:\program files\s7119ENx.exe
2009-03-04 02:00 . 2008-08-24 20:19 6350160 ----a-w- c:\program files\8400fvst10220a_xpen.exe
2009-03-03 13:49 . 2008-08-24 20:20 6208088 ----a-w- c:\program files\cstbwin4932en.exe
2009-03-03 03:47 . 2009-03-03 03:45 32278088 ----a-w- c:\program files\photostudio_5.5.exe
2009-01-31 14:31 . 2009-01-31 14:28 4566456 ----a-w- c:\program files\Shockwave_Installer_Slim.exe
2009-01-29 05:34 . 2009-01-29 05:32 8346872 ----a-w- c:\program files\MSO.zip
2009-01-29 05:34 . 2009-01-29 05:32 30004 ----a-w- c:\program files\_____padding_file_1_if you see this file, please update to BitComet 0.85 or above____
2009-01-29 05:34 . 2009-01-29 05:32 2764 ----a-w- c:\program files\Read me.txt
2009-01-29 05:34 . 2009-01-29 05:32 8968 ----a-w- c:\program files\_____padding_file_0_if you see this file, please update to BitComet 0.85 or above____
2009-01-29 05:19 . 2009-01-29 05:19 2939392 ----a-w- c:\program files\9928853.exe
2009-01-06 13:11 . 2009-01-06 13:11 358689 ----a-w- c:\program files\hires24504220_54.zip
2009-01-06 02:10 . 2009-01-06 02:10 3165824 ----a-w- c:\program files\ccsetup215.exe
2009-01-06 01:23 . 2009-01-06 01:23 1371632 ----a-w- c:\program files\RegCureSetup_RW.exe
2009-01-04 23:22 . 2009-01-10 12:52 67337 ----a-w- c:\program files\image12.jpg.orig
2008-12-21 02:25 . 2008-12-21 02:25 167773 ----a-w- c:\program files\restoration.zip
2008-12-10 02:08 . 2008-12-10 02:08 2539400 ----a-w- c:\program files\mbam-setup.exe
2008-11-29 12:55 . 2008-11-29 12:55 175648 ----a-w- c:\program files\activescan2_en.exe
2008-10-31 00:52 . 2008-10-31 00:52 1430778 ----a-w- c:\program files\fretpro-setup.exe
2008-10-30 22:16 . 2008-10-30 22:16 8981504 ----a-w- c:\program files\winamp5541_full_emusic-7plus_en-us.exe
2008-09-11 12:21 . 2008-09-11 12:21 124454 ----a-w- c:\program files\Chevrolet-Corvette-GREGG-ALLMANS-2005-CORVETTE-CONVERTIBLE_W0QQcmdZViewItemQQcategoryZ6168QQihZ013QQitemZ230287232174QQrdZ1QQsspagenameZWDVW.htm
2008-09-10 20:38 . 2008-09-10 20:34 1269455 ----a-w- c:\program files\WinRAR_3.71.exe
2008-09-04 20:20 . 2008-09-04 20:19 3679430 ----a-w- c:\program files\dlgsetup11_win.zip
2008-08-24 20:16 . 2008-08-24 20:12 33433936 ----a-w- c:\program files\PM61610Update_EN.exe
2008-08-24 20:12 . 2008-08-24 20:10 33216928 ----a-w- c:\program files\PM61610Update_DN.exe
2008-08-24 15:02 . 2008-08-24 14:57 170995600 ----a-w- c:\program files\AIO_CDB_Full_Non-Network_enu.exe
2008-08-24 13:35 . 2008-08-24 13:34 43145552 ----a-w- c:\program files\S-NkTR__-110WF-NSAEN.exe
2008-08-24 13:09 . 2008-08-24 13:09 46353312 ----a-w- c:\program files\S-VIEWNX-111WF-NSAEN.exe
2008-08-14 02:04 . 2008-08-14 02:04 1654737 ----a-w- c:\program files\dvda-author-08.07.win32.installer.exe
2008-07-23 23:05 . 2008-07-23 23:05 1428679 ----a-w- c:\program files\tralih241160.exe
2008-07-23 22:47 . 2008-07-23 22:42 197306008 ----a-w- c:\program files\Nero-8.3.6.0_eng_trial.exe
2008-05-15 00:29 . 2008-05-15 00:29 3481433 ----a-w- c:\program files\SendSpace Wizard Win32 v1.1.28 beta.exe
2008-04-21 04:07 . 2008-04-21 04:07 8990072 ----a-w- c:\program files\winamp5531_full_emusic-7plus_en-us.exe
2008-04-11 13:49 . 2008-01-29 04:12 7010392 ----a-w- c:\program files\SFTPMSI.exe
2008-03-18 16:15 . 2008-03-18 16:14 3861320 ----a-w- c:\program files\eMule0.48a-Installer2.exe
2008-02-05 03:08 . 2008-02-05 03:08 6381616 ----a-w- c:\program files\AutobahnAcceleratorInstall.exe
2008-02-02 01:14 . 2008-02-02 01:14 14603672 ----a-w- c:\program files\jre-6u3-windows-i586-p-s.exe
2008-01-23 16:11 . 2008-01-23 16:11 812344 ----a-w- c:\program files\HJTInstall.exe
2008-01-22 03:38 . 2008-01-22 03:38 7420224 ----a-w- c:\program files\Free-SpyHunter-Scanner-Install.exe
2008-01-22 02:36 . 2008-01-22 02:36 1491592 ----a-w- c:\program files\install_flash_player.exe
2008-01-18 22:15 . 2008-01-18 22:15 899414 ----a-w- c:\program files\SetupDVDDecrypter_3.5.4.0.exe
2007-10-21 03:09 . 2007-10-21 03:09 23770568 ----a-w- c:\program files\DivXInstaller.exe
2007-10-19 05:06 . 2007-10-19 05:06 1582612 ----a-w- c:\program files\diskdefrag_install.exe
2006-10-27 21:26 . 2009-01-29 06:00 16870712 ------w- c:\program files\MSO.dll
2008-01-31 13:34 . 2008-01-31 13:34 131584 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-01-22 218032]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-06 1994480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-05 68856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-10-15 1410344]
"AOL Fast Start"="c:\program files\AOL 9.0a\AOL.EXE" [2008-01-22 50736]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"HDDHealth"="c:\program files\HDD Health\hddhealth.exe" [2008-06-15 1692672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-01-22 582992]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-22 240640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2006-11-07 547840]
"ShowWnd"="ShowWnd.exe" - c:\windows\ShowWnd.exe [2005-01-27 36864]
"ModPS2"="ModPS2Key.exe" - c:\windows\ModPS2Key.exe [2006-11-07 53248]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2006-11-02 303104]

c:\users\Led Zeppelin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2007-8-10 155715]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-19 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2007-8-10 155715]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-21 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 14:37 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:d3,68,35,46,4f,e5,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-336559941-1480386105-577895080-1001]
"EnableNotificationsRef"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-336559941-1480386105-577895080-500]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{725C93B0-BD06-4D42-933A-9021A845F2FD}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{939EA104-3BA8-486E-8871-3B26D59424CE}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{5531E143-48EE-46A0-BAB2-1ED1206B8DB7}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{AA315D9C-A48B-4464-8C08-7E1D7676208D}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{A296E2DE-2366-443E-B791-3DA51DD27B85}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{6875ED0B-843F-45B3-A771-35AF18488F09}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{BD502291-660D-4BAE-9CAD-76DD53ECD753}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
"{61DF4212-EE58-4EF4-8306-DEA4605B593E}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
"{5B9BC5A0-6DB7-47C3-9AD9-B3FAF359C944}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D1AC9881-CC5A-4023-946D-7B40D23B0E0B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{109652B6-15BB-4281-9CF5-5D3FA81837EE}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{3DEFAC44-A711-4CF1-A78C-2F0602A7ADE1}"= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{8E2823E9-5FE9-4449-BC87-258C116DE04B}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{A45F02E1-2019-4500-9C96-7DC133EC37DF}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{D6EB83DB-54D7-46F4-8704-9664A8FF3EAB}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{B1372527-40B2-43B9-9093-56B275FAB212}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{7393F9D9-5BB3-458E-A4A5-B29074136925}"= UDP:c:\program files\AOL 9.0a\waol.exe:AOL
"{6F67F681-FBCF-479B-B981-35D63460EB87}"= TCP:c:\program files\AOL 9.0a\waol.exe:AOL
"{4D4439C7-9E79-4F06-A177-C093F263A760}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{9B92B59E-983D-4A08-A399-2FEF2287F378}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{364EFA62-0C14-4165-BA02-971E63140A5E}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{D87D021F-2CF1-40FC-B202-2DBA4B1F45EF}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{18E84C89-2FE5-4278-A6C1-A4317F40A384}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{EC327DEB-DC40-442B-9A8A-3AF98F40EF49}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{3E7A5C2A-C5D0-43D0-A464-C857429A3450}"= UDP:c:\program files\BitTornado\btdownloadgui.exe:BitTornado
"{5AF535BE-00CC-479F-B44A-F5834A0EFA20}"= TCP:c:\program files\BitTornado\btdownloadgui.exe:BitTornado
"{ECCDD80C-BEF2-4236-BD12-1750988CE44E}"= UDP:c:\program files\BellSouth\McciBrowser.exe:motivebrowser.exe
"{18371854-F54E-4E76-A451-969843F658CF}"= TCP:c:\program files\BellSouth\McciBrowser.exe:motivebrowser.exe
"{064411B8-61BD-425C-A093-59AE9E43A467}"= UDP:c:\program files\BellSouth\McciBrowser.exe:motivebrowser.exe
"{737181E7-C7D5-4D2D-BF03-94BE746F0ACF}"= TCP:c:\program files\BellSouth\McciBrowser.exe:motivebrowser.exe
"{EE40643F-0948-4B37-B058-0B2F632AF676}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{96D3CDBA-4EAC-494E-A2A0-4A0B2F03A022}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{F70682A1-21E9-4D22-9F65-7A441D3B0611}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{185B7FED-7E1B-472F-99D9-9CBEAD8E6E88}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{926690DB-1A45-467E-8E1B-1E0D5C89C3FC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1552D3CA-0B33-41D9-92C6-3B291C940DFC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{CA2FF8DB-6C14-47C3-A61B-1E286F82C0F2}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{887A68CE-8474-4DAC-8542-1AB6ECF0EEF3}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [11/29/2008 7:56 AM 28544]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 2:53 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 74480]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [10/29/2006 12:03 PM 208896]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\System32\drivers\nmsgopro.sys [9/27/2006 7:37 PM 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\System32\drivers\nmsunidr.sys [10/19/2006 6:49 PM 7424]
R2 XBaseMS-Service;XBaseMS-Service;c:\program files\ProQuestMS\PartsManagerPro\XBaseSrvr\tbmux32.exe [6/26/2008 10:23 AM 167936]
R3 IntelDH;IntelDH Driver;c:\windows\System32\drivers\IntelDH.sys [2/15/2007 7:04 PM 5504]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096]
S2 gupdate1ca163962adda23;Google Update Service (gupdate1ca163962adda23);c:\program files\Google\Update\GoogleUpdate.exe [8/5/2009 8:58 PM 133104]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/22/2008 10:46 AM 240640]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 5:25 AM 2589184]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - MBAMSwissArmy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-10 00:44]

2009-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-06 01:57]

2009-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-06 01:57]

2009-09-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-12 18:32]

2009-08-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-12 18:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5438
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: f-secure.com\support
Trusted Zone: nanoscan.com\www
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUNINST.EXE -fc:\program files\Adobe\Photoshop 7.0\Uninst.isu
AddRemove-{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2} - c:\program files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-15 22:23
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-09-16 22:25
ComboFix-quarantined-files.txt 2009-09-16 03:25

Pre-Run: 26,794,377,216 bytes free
Post-Run: 26,886,696,960 bytes free

306 --- E O F --- 2009-09-10 05:07

I am going to look around to see what if any other threads have some similarity to mine and try a few more things. Again thanks for any help. I know how busy you all must be with my thread going to the 4th page over night.

I also ran a Random's system information tool, here are the results

Logfile of random's system information tool 1.06 (written by random/random)
Run by Led Zeppelin at 2009-09-16 10:30:36
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 26 GB (9%) free of 295 GB
Total RAM: 2037 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:55 AM, on 9/16/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HDD Health\hddhealth.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Led Zeppelin\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Led Zeppelin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5438
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\hddhealth.exe -wl
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1ca163962adda23) (gupdate1ca163962adda23) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: XBaseMS-Service - Transaction Software, D 81737 Munich - C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\tbmux32.exe

--
End of file - 10258 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll [2007-06-25 67136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-07-03 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"CHotkey"=C:\Windows\zHotkey.exe [2006-11-07 547840]
"ShowWnd"=C:\Windows\ShowWnd.exe [2005-01-27 36864]
"ModPS2"=C:\Windows\ModPS2Key.exe [2006-11-07 53248]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-01-22 582992]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-22 240640]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2006-12-12 98304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2006-12-12 106496]
"Persistence"=C:\Windows\system32\igfxpers.exe [2006-12-12 81920]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"SigmatelSysTrayApp"=C:\Windows\sttray.exe [2006-11-01 303104]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2008-01-22 218032]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-09-06 1994480]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-05 68856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2007-10-15 1410344]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"HDDHealth"=C:\Program Files\HDD Health\hddhealth.exe [2008-06-15 1692672]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe

C:\Users\Led Zeppelin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-06 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2006-12-12 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-21 77824]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-09-16 10:30:36 ----D---- C:\rsit
2009-09-15 22:25:52 ----SHD---- C:\$RECYCLE.BIN
2009-09-15 22:25:52 ----A---- C:\ComboFix.txt
2009-09-15 22:15:16 ----A---- C:\Windows\zip.exe
2009-09-15 22:15:16 ----A---- C:\Windows\SWXCACLS.exe
2009-09-15 22:15:16 ----A---- C:\Windows\SWSC.exe
2009-09-15 22:15:16 ----A---- C:\Windows\SWREG.exe
2009-09-15 22:15:16 ----A---- C:\Windows\sed.exe
2009-09-15 22:15:16 ----A---- C:\Windows\PEV.exe
2009-09-15 22:15:16 ----A---- C:\Windows\NIRCMD.exe
2009-09-15 22:15:16 ----A---- C:\Windows\grep.exe
2009-09-15 22:15:09 ----D---- C:\ComboFix
2009-09-15 22:09:16 ----D---- C:\Qoobox
2009-09-15 22:08:57 ----RA---- C:\ComboFix.exe
2009-09-14 23:10:19 ----D---- C:\Program Files\HDD Health
2009-09-09 13:36:44 ----A---- C:\Windows\system32\jscript.dll
2009-09-09 13:36:36 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-09 13:36:33 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-09 13:36:33 ----A---- C:\Windows\system32\ARP.EXE
2009-09-09 13:36:32 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-09 13:36:31 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-09 13:36:31 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-09 13:36:31 ----A---- C:\Windows\system32\finger.exe
2009-09-09 13:36:29 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-09 13:36:26 ----A---- C:\Windows\system32\netevent.dll
2009-09-09 13:35:55 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-09 13:35:54 ----A---- C:\Windows\system32\wlansec.dll
2009-09-09 13:35:54 ----A---- C:\Windows\system32\wlanapi.dll
2009-09-09 13:35:54 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-09 13:35:52 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-09 13:35:49 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-09 13:35:47 ----A---- C:\Windows\system32\mf.dll
2009-09-02 17:38:06 ----A---- C:\Windows\system32\wdigest.dll
2009-09-02 17:38:06 ----A---- C:\Windows\system32\msv1_0.dll
2009-09-02 17:38:06 ----A---- C:\Windows\system32\kerberos.dll
2009-09-02 17:38:05 ----A---- C:\Windows\system32\schannel.dll
2009-09-02 17:38:03 ----A---- C:\Windows\system32\lsasrv.dll
2009-09-02 17:38:01 ----A---- C:\Windows\system32\secur32.dll
2009-09-02 17:38:01 ----A---- C:\Windows\system32\lsass.exe
2009-09-02 14:27:42 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-09-02 14:27:40 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-08-27 03:02:09 ----A---- C:\Windows\system32\tzres.dll
2009-08-22 14:10:21 ----D---- C:\Windows\Hewlett-Packard

======List of files/folders modified in the last 1 months======

2009-09-16 10:30:48 ----D---- C:\Windows\Prefetch
2009-09-16 10:30:06 ----D---- C:\Windows\Temp
2009-09-16 09:25:39 ----D---- C:\Program Files\Mozilla Firefox
2009-09-16 00:22:20 ----D---- C:\Windows\Tasks
2009-09-16 00:22:13 ----D---- C:\ProgramData\Google Updater
2009-09-15 23:48:07 ----SHD---- C:\System Volume Information
2009-09-15 23:06:53 ----HD---- C:\Windows\inf
2009-09-15 23:06:53 ----D---- C:\Windows\System32
2009-09-15 23:06:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-09-15 22:32:58 ----A---- C:\Windows\win.ini
2009-09-15 22:32:34 ----D---- C:\Windows
2009-09-15 22:25:55 ----D---- C:\Windows\system32\en-US
2009-09-15 22:24:23 ----D---- C:\Windows\erdnt
2009-09-15 22:23:48 ----A---- C:\Windows\system.ini
2009-09-15 22:23:01 ----SHD---- C:\Windows\Installer
2009-09-15 22:23:01 ----SD---- C:\Windows\Downloaded Program Files
2009-09-15 22:21:02 ----D---- C:\Windows\system32\drivers
2009-09-15 22:21:02 ----D---- C:\Windows\AppPatch
2009-09-15 22:21:01 ----D---- C:\Program Files\Common Files
2009-09-14 23:10:19 ----RD---- C:\Program Files
2009-09-14 21:49:13 ----D---- C:\Windows\Debug
2009-09-14 20:09:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-12 21:45:50 ----D---- C:\BM
2009-09-12 15:38:52 ----A---- C:\Windows\NeroDigital.ini
2009-09-10 18:44:53 ----D---- C:\Myspace update
2009-09-10 08:59:28 ----D---- C:\Windows\rescache
2009-09-10 08:55:01 ----D---- C:\Windows\winsxs
2009-09-10 00:04:47 ----D---- C:\Windows\system32\catroot
2009-09-10 00:04:44 ----D---- C:\Program Files\Windows Mail
2009-09-10 00:04:35 ----D---- C:\Config.Msi
2009-09-10 00:04:29 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-10 00:03:58 ----D---- C:\Windows\ehome
2009-09-09 21:52:35 ----D---- C:\Shows I taped
2009-09-09 13:35:21 ----D---- C:\Windows\system32\catroot2
2009-09-07 19:21:17 ----D---- C:\TEMP
2009-09-06 09:37:46 ----D---- C:\Program Files\SUPERAntiSpyware
2009-09-04 23:47:22 ----D---- C:\Shn's and torrents
2009-09-03 11:19:01 ----D---- C:\ProgramData\DVD Shrink
2009-08-31 16:40:42 ----D---- C:\Z
2009-08-28 16:38:20 ----A---- C:\Windows\system32\mrt.exe
2009-08-27 03:00:29 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2007-03-02 120360]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-27 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-08-06 74480]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 nmsgopro;GoProto Protocol Driver for NMS; C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672]
R2 nmsunidr;UniDriver for NMS; C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 E100B;Intel® PRO Network Connection Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-10-31 165760]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-08 986624]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2006-11-08 258048]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 1476608]
R3 IntelDH;IntelDH Driver; C:\Windows\System32\Drivers\IntelDH.sys [2007-02-15 5504]
R3 mfeavfk;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk.sys [2007-06-25 71496]
R3 mfebopk;McAfee Inc.; C:\Windows\system32\drivers\mfebopk.sys [2007-06-25 34184]
R3 mfehidk;McAfee Inc.; C:\Windows\system32\drivers\mfehidk.sys [2007-06-25 171240]
R3 mfesmfk;McAfee Inc.; C:\Windows\system32\drivers\mfesmfk.sys [2007-06-25 37480]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2006-11-01 812032]
R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-08 659968]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [2002-04-08 73728]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-02 108032]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 catchme;catchme; \??\C:\Users\LEDZEP~1\AppData\Local\Temp\catchme.sys []
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 1476608]
S3 mferkdk;McAfee Inc.; C:\Windows\system32\drivers\mferkdk.sys [2007-06-25 32008]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-01-19 19712]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-01-19 18304]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista; C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S3 SDDMI2;SDDMI2; \??\C:\Windows\system32\DDMI2.sys []
S3 TSHWMDTCP;TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [2006-11-18 18904]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-11-15 81920]
R2 McAfee HackerWatch Service;McAfee HackerWatch Service; C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe [2007-02-13 540776]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-01-16 362064]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-04-12 353368]
R2 McRedirector;McAfee Redirector Service; c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe [2007-03-08 256096]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-06-25 144960]
R2 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-01-25 643664]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-06-19 841256]
R2 MPS9;McAfee Privacy Service; C:\PROGRA~1\McAfee\MPS\mps.exe [2007-04-18 906792]
R2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-01-17 29264]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2007-02-15 65536]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
R2 XBaseMS-Service;XBaseMS-Service; C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\tbmux32.exe [2002-06-17 167936]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 gupdate1ca163962adda23;Google Update Service (gupdate1ca163962adda23); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-05 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S3 AlertService;Intel® Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-11-18 195032]
S3 Emproxy;McAfee E-mail Proxy; C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe [2007-10-05 341328]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-22 240640]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ISSM;Intel® Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-11-18 81880]
S3 M1 Server;Intel® Viiv™ Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-11-18 32216]
S3 MCLServiceATL;Intel® Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-11-18 174552]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-15 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Remote UI Service;Intel® Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-11-18 550872]

-----------------EOF-----------------

and

info.txt logfile of random's system information tool 1.06 2009-09-16 10:30:58

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\IsUninst.exe -f"C:\Program Files\ARI Network Services\PartSmart\Uninst.isu"
-->C:\Windows\IsUninst.exe -fC:\Windows\system32\UninstIPP.isu
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.6-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AusLogics Disk Defrag-->"C:\Program Files\AusLogics Disk Defrag\unins000.exe"
Autobahn-->C:\Program Files\Autobahn\Uninstall.exe
BigFix-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34FF0741-EC67-4C05-AC2A-6D257123DF2E}\setup.exe" -l0x9 -uninst -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
BitTornado 0.3.17-->C:\Program Files\BitTornado\uninst.exe
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD Wave Editor version 1.96.1-->"C:\Program Files\CD Wave\unins000.exe"
CDRWIN-->C:\PROGRA~1\CDRWIN\UNWISE.EXE C:\PROGRA~1\CDRWIN\INSTALL.LOG
Cool Edit Pro 2.0-->C:\Program Files\coolpro2\cep2unin.exe
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61} /l1033
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
dvda-author (uninstall only)-->"C:\Program Files\dvda-author\uninstall.exe"
eMedia Guitar Method-->"C:\Program Files\eMedia Guitar Method\Uninstall.exe" "C:\Program Files\eMedia Guitar Method\install.log"
ESET Online Scanner-->C:\Windows\system32\OnlineScannerUninstaller.exe
Exact Audio Copy 0.95b4-->C:\Program Files\Exact Audio Copy\uninst.exe
FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
FretPro V.2.00-->"C:\Program Files\FretPro\setup\uninst.exe"
Gateway Game Console-->"C:\Program Files\Gateway Games\Gateway Game Console\Uninstall.exe"
Gateway Recovery Center Installer-->MsiExec.exe /X{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}
Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.43\Installer\setup.exe" --uninstall --system-level
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HDD Health v3.3 Beta-->"C:\Program Files\HDD Health\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{25771101-7948-4591-ABF3-B1ECE7A7F45F}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® Viiv™ Software-->MsiExec.exe /X{26C610BF-761B-4209-BD6A-A0F1B73D6DDE} /qb!
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
iZotope Ozone 3-->"C:\Program Files\iZotope\Ozone 3\unins000.exe"
Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java™ 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky Online Scanner-->C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Digital Image Starter Edition 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=12
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Natural Color-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}\setup.exe"
Nero 8 Essentials-->MsiExec.exe /X{523DF39E-DF7D-488F-8022-783946571033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Panda NanoScan-->C:\Program Files\Panda Security\NanoScan\nanounst.exe
Panda TotalScan-->C:\Program Files\Panda Security\TotalScan\ascuninst.exe
PartsManagerPro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91BA03B3-4EB6-4852-814C-8359236818A2}\setup.exe" -l0x9
PartSmart 8-->"C:\Program Files\InstallShield Installation Information\{83E1916D-0D14-43F2-B3E6-1BCB7E831704}\setup.exe" -runfromtemp -l0x0009 -removeonly
Penguins!-->"C:\Program Files\Gateway Games\Penguins!\Uninstall.exe"
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
Polar Bowler-->"C:\Program Files\Gateway Games\Polar Bowler\Uninstall.exe"
Polar Golfer-->"C:\Program Files\Gateway Games\Polar Golfer\Uninstall.exe"
Power2Go 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
PS2 Multimedia Keyboard Driver-->"C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\setup.exe" -ul
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RTC Client API v1.2-->MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
SCRABBLE-->"C:\Program Files\Gateway Games\SCRABBLE\Uninstall.exe"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Sentinel System Driver-->C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SmartFTP Client 2.5 Setup Files (remove only)-->C:\Program Files\SmartFTP Client 2.5 Setup Files\uninst-sftp.exe
SmartFTP Client 3.0 Setup Files (remove only)-->C:\Program Files\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDBRYCMzK.inf
Steinberg WaveLab 5.01b-->C:\PROGRA~1\STEINB~1\WaveLab\UNWISE.EXE C:\PROGRA~1\STEINB~1\WaveLab\INSTALL.LOG
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TMPGEnc Plus 2.58.44.152-->"C:\Program Files\TMPGEnc Plus\unins000.exe"
Trader's Little Helper 2.4.1-->"C:\Program Files\Trader's Little Helper\Uninstall\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
ViewNX-->MsiExec.exe /X{F007CBCE-D714-4C0B-8CE9-9B0D78116468}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}

=====HijackThis Backups=====

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\wvuus.dll,#1 [2008-02-17]

======Security center information======

AS: Windows Defender (disabled)
AS: SUPERAntiSpyware

======System event log======

Computer Name: LedZeppelin-PC
Event Code: 4374
Message: Windows Servicing identified that package KB958481(Update) is not applicable for this system
Record Number: 164731
Source Name: Microsoft-Windows-Servicing
Time Written: 20090311191016.000000-000
Event Type: Warning
User: LedZeppelin-PC\Led Zeppelin

Computer Name: LedZeppelin-PC
Event Code: 4374
Message: Windows Servicing identified that package KB958481(Update) is not applicable for this system
Record Number: 164730
Source Name: Microsoft-Windows-Servicing
Time Written: 20090311191016.000000-000
Event Type: Warning
User: LedZeppelin-PC\Led Zeppelin

Computer Name: LedZeppelin-PC
Event Code: 4374
Message: Windows Servicing identified that package KB958481(Update) is not applicable for this system
Record Number: 164729
Source Name: Microsoft-Windows-Servicing
Time Written: 20090311191016.000000-000
Event Type: Warning
User: LedZeppelin-PC\Led Zeppelin

Computer Name: LedZeppelin-PC
Event Code: 4374
Message: Windows Servicing identified that package KB958481(Update) is not applicable for this system
Record Number: 164728
Source Name: Microsoft-Windows-Servicing
Time Written: 20090311191016.000000-000
Event Type: Warning
User: LedZeppelin-PC\Led Zeppelin

Computer Name: LedZeppelin-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948609(Update) into Install Requested(Install Requested) state
Record Number: 164679
Source Name: Microsoft-Windows-Servicing
Time Written: 20090311191010.000000-000
Event Type: Warning
User: LedZeppelin-PC\Led Zeppelin

=====Application event log=====

Computer Name: LedZeppelin-PC
Event Code: 10010
Message: Application 'C:\PROGRA~1\McAfee.com\Agent\mcagent.exe' (pid 4164) cannot be restarted - Application SID does not match Conductor SID..
Record Number: 482
Source Name: Microsoft-Windows-RestartManager
Time Written: 20070810195028.877108-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: LedZeppelin-PC
Event Code: 10010
Message: Application 'C:\PROGRA~1\McAfee.com\Agent\mcagent.exe' (pid 4164) cannot be restarted - Application SID does not match Conductor SID..
Record Number: 479
Source Name: Microsoft-Windows-RestartManager
Time Written: 20070810195028.814708-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: LedZeppelin-PC
Event Code: 2
Message:
Record Number: 441
Source Name: MpfService
Time Written: 20070810193327.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: LedZeppelin-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
16 user registry handles leaked from \Registry\User\S-1-5-21-336559941-1480386105-577895080-1001:
Process 4260 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-336559941-1480386105-577895080-1001
Process 4260 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-336559941-1480386105-577895080-1001
Process 4260 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-336559941-1480386105-577895080-1001
Process 4260 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-336559941-1480386105-577895080-1001
Process 516 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-336559941-1480386105-577895080-1001
Process 4260 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-336559941-1480386105-577895080-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 4260 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-336559941-1480386105-577895080-1001\Software\Microsoft\SystemCertificates\My
Process 4260 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-336559941-1480386105-577895080-1001\Software\Microsoft\SystemCertificates\CA
Process 4260 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-336559941-1480386105-577895080-1001\Software\Microsoft\SystemCertificates\Root
Process 4260 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-336559941-1480386105-577895080-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 4260 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-336559941-1480386105-577895080-1001\Software\Policies\Microsoft\SystemCertificates
Process 4260 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-336559941-1480386105-577895080-1001\Software\Policies\Microsoft\SystemCertificates
Process 4260 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-336559941-1480386105-577895080-1001\Software\Policies\Microsoft\SystemCertificates
Process 4260 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-336559941-1480386105-577895080-1001\Software\Policies\Microsoft\SystemCertificates
Process 4260 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-336559941-1480386105-577895080-1001\Software\Microsoft\SystemCertificates\trust
Process 4260 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-336559941-1480386105-577895080-1001\Software\Microsoft\SystemCertificates\SmartCardRoot

Record Number: 435
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20070810193247.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: LedZeppelin-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 384
Source Name: Microsoft-Windows-Search
Time Written: 20070810192121.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: LedZeppelin-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-20
Account Name: NETWORK SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e4

Privileges: SeAuditPrivilege
SeImpersonatePrivilege
SeAssignPrimaryTokenPrivilege
Record Number: 26719
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080724134016.596116-000
Event Type: Audit Success
User:

Computer Name: LedZeppelin-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: LEDZEPPELIN-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-20
Account Name: NETWORK SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e4
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x260
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 26718
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080724134016.596116-000
Event Type: Audit Success
User:

Computer Name: LedZeppelin-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 26717
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080724134016.393314-000
Event Type: Audit Success
User:

Computer Name: LedZeppelin-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: LEDZEPPELIN-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x260
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 26716
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080724134016.393314-000
Event Type: Audit Success
User:

Computer Name: LedZeppelin-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: LEDZEPPELIN-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x260
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 26715
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080724134016.393314-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\iZotope\Runtimes;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\DivX Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f02
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Edited by imazephed, 16 September 2009 - 10:36 AM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:40 AM

Posted 30 September 2009 - 06:22 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 imazephed

imazephed
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 30 September 2009 - 09:53 PM

Thanks so much for the help, I have been getting some pop ups while browsing with firefox. I have run every online scaner I can think of, Trend micro, panda scan, Kaspersky and they all come up clean, I know there is something on the machine as I never had pop ups before and it seems to be running sluggish as well. From what I can tell this has really just affected Firefox, I uninstalled Firefox and reinstalled and no change.

Here is a fresh HJT and DDS



DDS (Ver_09-07-30.01) - NTFSx86
Run by Led Zeppelin at 21:48:15.94 on Wed 09/30/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1021 [GMT -5:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HDD Health\hddhealth.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\AOL\1186805682\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\tbmux32.exe
C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\tbkern32.exe
C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\tbkern32.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Led Zeppelin\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Led Zeppelin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5438
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptcl.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [HDDHealth] c:\program files\hdd health\hddhealth.exe -wl
uRun: [AOL Fast Start] "c:\program files\aol 9.0a\AOL.EXE" -b
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [CHotkey] zHotkey.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [ModPS2] ModPS2Key.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\ledzep~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\natura~1.lnk - c:\program files\sec\natural color\NaturalColorLoad.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\natura~1.lnk - c:\program files\sec\natural color\NaturalColorLoad.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: f-secure.com\support
Trusted Zone: nanoscan.com\www
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\ledzep~1\appdata\roaming\mozilla\firefox\profiles\rp9tpbev.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://home.bellsouth.net/
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\led zeppelin\appdata\roaming\mozilla\firefox\profiles\rp9tpbev.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\panda security\totalscan\npwrapper.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-29 28544]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 74480]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]
R2 XBaseMS-Service;XBaseMS-Service;c:\program files\proquestms\partsmanagerpro\xbasesrvr\tbmux32.exe [2008-6-26 167936]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-2-15 5504]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S2 gupdate1ca163962adda23;Google Update Service (gupdate1ca163962adda23);c:\program files\google\update\GoogleUpdate.exe [2009-8-5 133104]
S3 FNWPMR;FNWPMR;c:\users\ledzep~1\appdata\local\temp\FNWPMR.exe [2009-9-29 363392]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-1-22 240640]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

=============== Created Last 30 ================

2009-09-29 19:16 <DIR> --d----- c:\program files\Sophos
2009-09-29 17:39 <DIR> --d----- c:\users\led zeppelin\Pavark
2009-09-29 17:39 310,641 a------- C:\AntiRootkit.zip
2009-09-29 10:22 231,390 a------- C:\RootkitRevealer.zip
2009-09-18 09:34 219,924,845 a------- c:\windows\MEMORY.DMP
2009-09-15 22:25 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-09-15 22:15 229,888 a------- c:\windows\PEV.exe
2009-09-15 22:15 161,792 a------- c:\windows\SWREG.exe
2009-09-15 22:15 98,816 a------- c:\windows\sed.exe
2009-09-15 22:15 <DIR> --d----- C:\ComboFix
2009-09-15 22:08 3,315,456 a----r-- C:\ComboFix.exe
2009-09-14 23:10 <DIR> --d----- c:\program files\HDD Health
2009-09-09 13:36 904,776 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-09 13:36 105,984 a------- c:\windows\system32\netiohlp.dll
2009-09-09 13:36 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-09 13:36 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-09 13:36 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-09 13:36 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-09 13:36 10,240 a------- c:\windows\system32\finger.exe
2009-09-09 13:36 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-09 13:36 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 13:36 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-09 13:36 17,920 a------- c:\windows\system32\netevent.dll
2009-09-09 13:35 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-09 13:35 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-09 13:35 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-09 13:35 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-09 13:35 65,024 a------- c:\windows\system32\wlanapi.dll
2009-09-09 13:35 513,536 a------- c:\windows\system32\wlansvc.dll
2009-09-09 13:35 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-02 17:38 499,712 a------- c:\windows\system32\kerberos.dll
2009-09-02 17:38 218,624 a------- c:\windows\system32\msv1_0.dll
2009-09-02 17:38 175,104 a------- c:\windows\system32\wdigest.dll
2009-09-02 17:38 270,848 a------- c:\windows\system32\schannel.dll
2009-09-02 17:38 1,259,008 a------- c:\windows\system32\lsasrv.dll
2009-09-02 17:38 439,864 a------- c:\windows\system32\drivers\ksecdd.sys
2009-09-02 17:38 72,704 a------- c:\windows\system32\secur32.dll
2009-09-02 17:38 9,728 a------- c:\windows\system32\lsass.exe
2009-09-02 14:27 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 14:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll

==================== Find3M ====================

2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-08-28 21:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 21:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 21:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 21:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-21 16:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 16:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 16:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 15:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 08:54 71,680 a------- c:\windows\system32\atl.dll
2009-07-15 07:40 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-15 07:39 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-15 07:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-15 07:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-11 18:14 20 ----h--- c:\programdata\PKP_DLdw.DAT
2009-07-11 18:14 20 ----h--- c:\progra~2\PKP_DLdw.DAT
2009-07-11 18:07 20 ----h--- c:\programdata\PKP_DLdu.DAT
2009-07-11 18:07 20 ----h--- c:\progra~2\PKP_DLdu.DAT
2009-06-04 14:58 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-04 14:58 86,016 a------- c:\windows\inf\infstor.dat
2009-06-04 14:58 51,200 a------- c:\windows\inf\infpub.dat
2009-06-04 14:52 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-16 13:10 9,924,040 a------- c:\program files\windows-kb890830-v2.9.exe
2009-03-03 21:02 6,198,784 a------- c:\program files\s7119ENx.exe
2009-03-03 21:00 6,350,160 a------- c:\program files\8400fvst10220a_xpen.exe
2009-03-03 08:49 6,208,088 a------- c:\program files\cstbwin4932en.exe
2009-03-02 22:47 32,278,088 a------- c:\program files\photostudio_5.5.exe
2009-01-31 09:31 4,566,456 a------- c:\program files\Shockwave_Installer_Slim.exe
2009-01-29 00:34 8,346,872 a------- c:\program files\MSO.zip
2009-01-29 00:34 30,004 a------- c:\program files\_____padding_file_1_if you see this file, please update to BitComet 0.85 or above____
2009-01-29 00:34 2,764 a------- c:\program files\Read me.txt
2009-01-29 00:34 8,968 a------- c:\program files\_____padding_file_0_if you see this file, please update to BitComet 0.85 or above____
2009-01-29 00:19 2,939,392 a------- c:\program files\9928853.exe
2009-01-06 08:11 358,689 a------- c:\program files\hires24504220_54.zip
2009-01-05 21:10 3,165,824 a------- c:\program files\ccsetup215.exe
2009-01-05 20:23 1,371,632 a------- c:\program files\RegCureSetup_RW.exe
2009-01-04 18:22 67,337 a------- c:\program files\image12.jpg.orig
2008-12-20 21:25 167,773 a------- c:\program files\restoration.zip
2008-12-09 21:08 2,539,400 a------- c:\program files\mbam-setup.exe
2008-11-29 07:55 175,648 a------- c:\program files\activescan2_en.exe
2008-10-30 19:52 1,430,778 a------- c:\program files\fretpro-setup.exe
2008-10-30 17:16 8,981,504 a------- c:\program files\winamp5541_full_emusic-7plus_en-us.exe
2008-09-17 07:47 174 a--sh--- c:\program files\desktop.ini
2008-09-11 07:21 124,454 a------- c:\program files\Chevrolet-Corvette-GREGG-ALLMANS-2005-CORVETTE-CONVERTIBLE_W0QQcmdZViewItemQQcategoryZ6168QQihZ013QQitemZ230287232174QQrdZ1QQsspagenameZWDVW.htm
2008-09-10 15:38 1,269,455 a------- c:\program files\WinRAR_3.71.exe
2008-09-04 15:20 3,679,430 a------- c:\program files\dlgsetup11_win.zip
2008-08-24 15:16 33,433,936 a------- c:\program files\PM61610Update_EN.exe
2008-08-24 15:12 33,216,928 a------- c:\program files\PM61610Update_DN.exe
2008-08-24 10:02 170,995,600 a------- c:\program files\AIO_CDB_Full_Non-Network_enu.exe
2008-08-24 08:35 43,145,552 a------- c:\program files\S-NkTR__-110WF-NSAEN.exe
2008-08-24 08:09 46,353,312 a------- c:\program files\S-VIEWNX-111WF-NSAEN.exe
2008-08-13 21:04 1,654,737 a------- c:\program files\dvda-author-08.07.win32.installer.exe
2008-07-23 18:05 1,428,679 a------- c:\program files\tralih241160.exe
2008-07-23 17:47 197,306,008 a------- c:\program files\Nero-8.3.6.0_eng_trial.exe
2008-05-14 19:29 3,481,433 a------- c:\program files\SendSpace Wizard Win32 v1.1.28 beta.exe
2008-04-20 23:07 8,990,072 a------- c:\program files\winamp5531_full_emusic-7plus_en-us.exe
2008-04-11 08:49 7,010,392 a------- c:\program files\SFTPMSI.exe
2008-03-18 11:15 3,861,320 a------- c:\program files\eMule0.48a-Installer2.exe
2008-02-04 22:08 6,381,616 a------- c:\program files\AutobahnAcceleratorInstall.exe
2008-02-01 20:14 14,603,672 a------- c:\program files\jre-6u3-windows-i586-p-s.exe
2008-01-23 11:11 812,344 a------- c:\program files\HJTInstall.exe
2008-01-21 22:38 7,420,224 a------- c:\program files\Free-SpyHunter-Scanner-Install.exe
2008-01-21 21:36 1,491,592 a------- c:\program files\install_flash_player.exe
2008-01-18 17:15 899,414 a------- c:\program files\SetupDVDDecrypter_3.5.4.0.exe
2007-10-20 22:09 23,770,568 a------- c:\program files\DivXInstaller.exe
2007-10-19 00:06 1,582,612 a------- c:\program files\diskdefrag_install.exe
2007-10-05 22:27 20,256,064 a------- c:\users\led zeppelin\QuickTimeInstaller.exe
2007-08-12 14:00 42,668,811 a------- c:\users\led zeppelin\Adobe Audition (Cool Edit Pro 2) + 2.1 + Serial + PDF Manuals - USA.zip
2007-08-10 16:24 3,463,151 a------- c:\users\led zeppelin\TMPGEnc Plus Version 2-58-44-152.exe
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2006-10-27 16:26 16,870,712 -------- c:\program files\MSO.dll
2002-10-22 18:27 3,443,184 a------- c:\users\led zeppelin\TMPGEnc Plus 2-58-44-152 setup.exe

============= FINISH: 21:48:34.34 ===============


HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:14 PM, on 9/30/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HDD Health\hddhealth.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\AOL\1186805682\ee\aolsoftware.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5438
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\hddhealth.exe -wl
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0a\AOL.EXE" -b
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FNWPMR - Sysinternals - www.sysinternals.com - C:\Users\LEDZEP~1\AppData\Local\Temp\FNWPMR.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1ca163962adda23) (gupdate1ca163962adda23) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: XBaseMS-Service - Transaction Software, D 81737 Munich - C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\tbmux32.exe

--
End of file - 10562 bytes


Thanks

Edited by imazephed, 01 October 2009 - 10:28 AM.


#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:40 AM

Posted 06 October 2009 - 02:41 AM

Hi imazephed,



Welcome to BleepingComputer HijackThis Logs and Malware Removal, :(
My name is sundavis, I will be helping you to deal with your Malware problems today.


Step1

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Step2

Please download GMER Rootkit Scanner from Here or Here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries



Step3

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In your next reply, please post back:


1.GooredFix log
2.GMER log
3.OTListIt.txt and Extra.txt Thanks

#5 imazephed

imazephed
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 06 October 2009 - 07:39 AM

Thanks for the help Sundavis, here are the reports from the scans you asked me to run

GooredFix by jpshortstuff (24.09.09.1)
Log created at 06:19 on 06/10/2009 (Led Zeppelin)
Firefox version 3.5.3 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [14:58 25/09/2009]
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [14:36 21/02/2008]
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [19:57 09/03/2008]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [13:17 11/07/2008]
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [15:55 05/03/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [13:24 25/03/2009]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [15:00 05/08/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{9E21F5DF-0A73-4f7f-A28B-BDFF2D1C87AB}"="C:\Program Files\Autobahn\Extensions\{9E21F5DF-0A73-4f7f-A28B-BDFF2D1C87AB}" [03:08 05/02/2008]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [19:17 11/03/2009]

---------- Old Logs ----------
GooredFix[11.18.31_06-10-2009].txt

-=E.O.F=-

GMER

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-10-06 07:25:22
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\LEDZEP~1\AppData\Local\Temp\kwlcipog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x8CF210B0]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA9D0074B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA9D00775]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA9D0075F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA9D00737]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----


OTL.txt

OTL logfile created on: 10/6/2009 7:26:55 AM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Users\Led Zeppelin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 44.46% Memory free
4.00 Gb Paging File | 2.93 Gb Available in Paging File | 73.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.38 Gb Total Space | 72.54 Gb Free Space | 25.15% Space Free | Partition Type: NTFS
Drive D: | 9.71 Gb Total Space | 4.34 Gb Free Space | 44.70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 931.51 Gb Total Space | 133.25 Gb Free Space | 14.31% Space Free | Partition Type: NTFS

Computer Name: LEDZEPPELIN-PC
Current User Name: Led Zeppelin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/04/11 01:27:20 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AUDIODG.EXE
PRC - [2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2006/11/07 17:08:40 | 00,547,840 | ---- | M] () -- C:\Windows\zHotkey.exe
PRC - [2006/11/07 17:34:26 | 00,053,248 | ---- | M] (Chicony) -- C:\Windows\ModPS2Key.exe
PRC - [2008/01/22 10:46:07 | 00,582,992 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2006/12/12 10:02:38 | 00,098,304 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2006/12/12 10:03:58 | 00,106,496 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2006/12/12 10:02:28 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2006/12/10 21:52:38 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2006/11/01 23:38:52 | 00,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/01/19 02:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/01/22 10:46:26 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2009/09/18 09:36:54 | 01,998,576 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2007/11/05 18:11:38 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/10/15 09:15:08 | 01,410,344 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/01/19 02:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/06/15 12:14:30 | 01,692,672 | ---- | M] (PANTERASoft) -- C:\Program Files\HDD Health\hddhealth.exe
PRC - [2008/03/25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2002/04/12 14:39:24 | 00,155,715 | ---- | M] () -- C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
PRC - [2008/01/19 02:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008/01/22 10:46:58 | 00,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1186805682\ee\aolsoftware.exe
PRC - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2006/10/29 12:03:30 | 00,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2006/11/15 19:57:58 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2007/02/13 12:09:12 | 00,540,776 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
PRC - [2007/01/16 18:03:36 | 00,362,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe
PRC - [2007/04/12 09:33:42 | 00,353,368 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/03/08 15:42:42 | 00,256,096 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
PRC - [2007/06/25 10:56:42 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/01/25 18:01:58 | 00,643,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/06/19 08:55:24 | 00,841,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2007/04/18 14:08:06 | 00,906,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPS\mps.exe
PRC - [2007/01/17 15:30:34 | 00,029,264 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe
PRC - [2007/09/20 08:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2007/02/15 20:08:02 | 00,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2007/04/18 14:08:10 | 00,304,680 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPS\mpsevh.exe
PRC - [2006/08/04 04:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe
PRC - [2002/06/17 14:26:34 | 00,167,936 | ---- | M] (Transaction Software, D 81737 Munich) -- C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\tbmux32.exe
PRC - [2002/06/17 14:25:26 | 01,118,208 | ---- | M] (Transaction Software, D 81737 Munich) -- C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\tbkern32.exe
PRC - [2002/06/17 14:25:26 | 01,118,208 | ---- | M] (Transaction Software, D 81737 Munich) -- C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\tbkern32.exe
PRC - [2008/01/19 02:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/19 02:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/04/11 01:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2008/03/25 20:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2008/10/16 20:12:28 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\program files\common files\mcafee\mna\mcnasvc.exe
PRC - [2007/07/13 08:14:56 | 00,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2006/10/13 18:18:24 | 00,063,120 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
PRC - [2006/11/10 07:11:58 | 00,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0a\waol.exe
PRC - [2006/11/10 07:12:08 | 00,054,832 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0a\shellmon.exe
PRC - [2009/08/24 15:15:03 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/06 06:15:47 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Users\Led Zeppelin\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/11/18 10:01:26 | 00,195,032 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService [On_Demand | Stopped])
SRV - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2009/03/29 23:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/29 12:03:30 | 00,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService [Auto | Running])
SRV - [2008/01/19 02:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2007/10/05 17:33:26 | 00,341,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe -- (Emproxy [On_Demand | Stopped])
SRV - [2009/04/11 01:28:25 | 01,017,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - File not found -- -- (FNWPMR [On_Demand | Stopped])
SRV - [2009/02/18 13:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/01/22 10:46:17 | 00,240,640 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-093007-112848 [On_Demand | Stopped])
SRV - [2009/08/05 20:57:58 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca163962adda23 [Auto | Stopped])
SRV - [2009/03/25 19:44:28 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/11/19 19:23:16 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2008/03/25 21:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2006/11/15 19:57:58 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/02/18 13:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2006/11/18 09:59:38 | 00,081,880 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM [On_Demand | Stopped])
SRV - [2006/11/18 09:59:02 | 00,032,216 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server [On_Demand | Stopped])
SRV - [2007/02/13 12:09:12 | 00,540,776 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe -- (McAfee HackerWatch Service [Auto | Running])
SRV - [2006/11/18 10:00:06 | 00,174,552 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL [On_Demand | Stopped])
SRV - [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc [Auto | Running])
SRV - [2007/01/16 18:03:36 | 00,362,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [Auto | Running])
SRV - [2007/04/12 09:33:42 | 00,353,368 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2007/03/08 15:42:42 | 00,256,096 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe -- (McRedirector [Auto | Running])
SRV - [2007/06/25 10:56:42 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2007/01/25 18:01:58 | 00,643,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [Auto | Running])
SRV - [2007/06/19 08:55:24 | 00,841,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2007/04/18 14:08:06 | 00,906,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPS\mps.exe -- (MPS9 [Auto | Running])
SRV - [2007/01/17 15:30:34 | 00,029,264 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service [Auto | Running])
SRV - [2007/09/20 08:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
SRV - [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2009/02/18 13:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/10/15 09:15:08 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2007/02/15 20:08:02 | 00,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
SRV - [2006/11/18 10:00:48 | 00,550,872 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service [On_Demand | Stopped])
SRV - [2008/01/19 02:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Stopped])
SRV - [2008/01/19 02:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV - [2006/08/04 04:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])
SRV - [2002/06/17 14:26:34 | 00,167,936 | ---- | M] (Transaction Software, D 81737 Munich) -- C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\tbmux32.exe -- (XBaseMS-Service [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/11/02 02:36:49 | 00,108,032 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Stopped])
DRV - [2006/11/02 04:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 04:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 04:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006/11/02 04:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 04:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 04:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2006/11/02 02:30:53 | 00,045,056 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Stopped])
DRV - [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2006/11/02 04:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006/10/31 01:15:24 | 00,165,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2006/11/02 02:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006/11/02 04:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2006/11/02 04:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006/11/08 02:55:10 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2006/11/08 02:54:02 | 00,258,048 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSXHWBS2.sys -- (HSXHWBS2 [On_Demand | Running])
DRV - [2006/12/12 10:49:56 | 01,476,608 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (ialm [On_Demand | Stopped])
DRV - [2006/10/31 16:46:36 | 00,250,368 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Boot | Running])
DRV - [2006/12/12 10:49:56 | 01,476,608 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (igfx [On_Demand | Running])
DRV - [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2007/02/15 19:04:29 | 00,005,504 | ---- | M] (Intel Corporation) -- C:\Windows\System32\Drivers\IntelDH.sys -- (IntelDH [On_Demand | Running])
DRV - [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2006/11/02 04:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 04:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 04:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2006/06/19 01:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2006/11/02 04:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2007/06/25 14:54:44 | 00,071,496 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2007/06/25 10:57:10 | 00,034,184 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2007/06/25 10:57:20 | 00,171,240 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk [On_Demand | Running])
DRV - [2007/06/25 10:57:24 | 00,032,008 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2007/06/25 10:57:28 | 00,037,480 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2007/03/02 14:17:34 | 00,120,360 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2007/01/19 11:53:42 | 00,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50 [On_Demand | Stopped])
DRV - [2007/01/19 11:53:43 | 00,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50 [On_Demand | Stopped])
DRV - [2006/11/02 02:30:56 | 02,589,184 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\DRIVERS\NETw2v32.sys -- (NETw2v32 [On_Demand | Stopped])
DRV - [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/09/27 19:37:24 | 00,028,672 | --S- | M] (Gteko Ltd.) -- C:\Windows\System32\DRIVERS\nmsgopro.sys -- (nmsgopro [Auto | Running])
DRV - [2006/10/19 18:49:48 | 00,007,424 | --S- | M] (Gteko Ltd.) -- C:\Windows\System32\DRIVERS\nmsunidr.sys -- (nmsunidr [Auto | Running])
DRV - [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2006/11/02 04:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
DRV - [2008/07/31 17:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/11/02 04:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2009/03/27 09:07:46 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2006/02/16 18:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/08/06 20:36:54 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2002/04/08 10:20:00 | 00,073,728 | ---- | M] (Rainbow Technologies, Inc.) -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel [Auto | Stopped])
DRV - [2006/11/02 04:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 04:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2006/11/01 23:39:42 | 00,812,032 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA [On_Demand | Running])
DRV - [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006/11/18 10:01:08 | 00,018,904 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP [On_Demand | Stopped])
DRV - [2006/11/02 04:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 04:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2006/11/02 04:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/11/02 04:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2006/11/01 15:18:15 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\Windows\System32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
DRV - [2006/11/08 02:53:48 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2006/08/04 04:39:10 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.sys -- (XAudio [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5438
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5438
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-336559941-1480386105-577895080-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-336559941-1480386105-577895080-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-336559941-1480386105-577895080-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-336559941-1480386105-577895080-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5438
IE - HKU\S-1-5-21-336559941-1480386105-577895080-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-336559941-1480386105-577895080-1001\S-1-5-21-336559941-1480386105-577895080-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{9E21F5DF-0A73-4f7f-A28B-BDFF2D1C87AB}: C:\Program Files\Autobahn\Extensions\{9E21F5DF-0A73-4f7f-A28B-BDFF2D1C87AB} [2008/02/04 22:08:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/01 00:58:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/25 09:58:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/25 09:58:16 | 00,000,000 | ---D | M]

[2009/10/01 18:06:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/25 09:58:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/02/21 09:36:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2008/03/09 14:57:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/11 08:17:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/05 10:55:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/25 08:24:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/05 10:00:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/08/24 15:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 15:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/01/31 08:34:19 | 00,131,584 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2009/05/01 16:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 13:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 17:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/24 15:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 23:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2007/09/13 09:35:26 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/12/12 21:13:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/12/12 21:13:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/12/12 21:13:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/12/12 21:13:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/12/12 21:13:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/12/12 21:13:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/12/12 21:13:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/09/13 09:35:33 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2007/09/13 09:35:16 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/05/01 16:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/08/24 13:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 13:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 13:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 13:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 13:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 13:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 13:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CHotkey] C:\Windows\zHotkey.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ModPS2] C:\Windows\ModPS2Key.exe (Chicony)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [ShowWnd] C:\Windows\ShowWnd.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-336559941-1480386105-577895080-1001..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0a\AOL.EXE (AOL, LLC.)
O4 - HKU\S-1-5-21-336559941-1480386105-577895080-1001..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-336559941-1480386105-577895080-1001..\Run: [HDDHealth] C:\Program Files\HDD Health\hddhealth.exe (PANTERASoft)
O4 - HKU\S-1-5-21-336559941-1480386105-577895080-1001..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-336559941-1480386105-577895080-1001..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-336559941-1480386105-577895080-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-336559941-1480386105-577895080-1001..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-336559941-1480386105-577895080-1001..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Led Zeppelin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-336559941-1480386105-577895080-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-336559941-1480386105-577895080-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-336559941-1480386105-577895080-1001_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-336559941-1480386105-577895080-1001\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-336559941-1480386105-577895080-1001\..Trusted Domains: f-secure.com ([support] https in Trusted sites)
O15 - HKU\S-1-5-21-336559941-1480386105-577895080-1001\..Trusted Domains: nanoscan.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-336559941-1480386105-577895080-1001\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-336559941-1480386105-577895080-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9871955e-1f77-11dd-9ebf-00038a000015}\Shell\AutoRun\command - "" = M:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\wd_windows_tools\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/09/15 22:25:54 | 00,000,000 | ---D | C] -- C:\Users\Led Zeppelin\AppData\Local\temp
[2009/09/14 23:10:19 | 00,000,000 | ---D | C] -- C:\Program Files\HDD Health
[2009/09/29 19:16:07 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009/10/06 06:18:31 | 00,000,000 | ---D | C] -- C:\Users\Led Zeppelin\Desktop\GooredFix Backups
[2009/10/06 06:15:46 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Users\Led Zeppelin\Desktop\OTL.exe
[2009/10/06 06:14:47 | 00,069,192 | ---- | C] (jpshortstuff) -- C:\Users\Led Zeppelin\Desktop\GooredFix.exe
[2009/09/18 09:34:15 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/09/16 10:30:36 | 00,000,000 | ---D | C] -- C:\rsit
[2009/09/15 22:25:52 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/09/15 22:15:16 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/09/15 22:15:16 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/09/15 22:15:16 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/09/15 22:15:16 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/09/15 22:15:09 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/09/15 22:09:16 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/09 13:36:44 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/09/09 13:36:37 | 00,904,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/09/09 13:36:36 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009/09/09 13:36:33 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2009/09/09 13:36:33 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2009/09/09 13:36:32 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2009/09/09 13:36:31 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2009/09/09 13:36:31 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2009/09/09 13:36:31 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2009/09/09 13:36:30 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys
[2009/09/09 13:36:29 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2009/09/09 13:36:26 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2009/09/09 13:35:55 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/09/09 13:35:54 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009/09/09 13:35:54 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2009/09/09 13:35:54 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2009/09/09 13:35:52 | 00,513,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/09/09 13:35:49 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/09/09 13:35:47 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/04/16 13:10:15 | 09,924,040 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windows-kb890830-v2.9.exe
[2009/03/02 22:45:52 | 32,278,088 | ---- | C] (ArcSoft ) -- C:\Program Files\photostudio_5.5.exe
[2009/01/29 01:00:34 | 16,870,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MSO.dll
[2009/01/05 21:10:44 | 03,165,824 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup215.exe
[2009/01/05 20:23:26 | 01,371,632 | ---- | C] (ParetoLogic Inc.) -- C:\Program Files\RegCureSetup_RW.exe
[2008/12/09 21:08:50 | 02,539,400 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2008/10/30 17:16:35 | 08,981,504 | ---- | C] (Nullsoft, Inc.) -- C:\Program Files\winamp5541_full_emusic-7plus_en-us.exe
[2008/08/24 15:12:51 | 33,433,936 | ---- | C] (Macrovision Corporation) -- C:\Program Files\PM61610Update_EN.exe
[2008/08/24 15:10:00 | 33,216,928 | ---- | C] (Macrovision Corporation) -- C:\Program Files\PM61610Update_DN.exe
[2008/07/23 18:05:56 | 01,428,679 | ---- | C] (Robert Hoffmann ) -- C:\Program Files\tralih241160.exe
[2008/07/23 17:42:34 | 19,730,6008 | ---- | C] (Nero AG) -- C:\Program Files\Nero-8.3.6.0_eng_trial.exe
[2008/04/20 23:07:24 | 08,990,072 | ---- | C] (Nullsoft, Inc.) -- C:\Program Files\winamp5531_full_emusic-7plus_en-us.exe
[2008/01/28 23:12:31 | 07,010,392 | ---- | C] (SmartSoft Ltd) -- C:\Program Files\SFTPMSI.exe
[2008/01/23 11:11:26 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HJTInstall.exe
[2008/01/21 21:36:09 | 01,491,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe
[2007/10/20 22:09:02 | 23,770,568 | ---- | C] (DivX, Inc.) -- C:\Program Files\DivXInstaller.exe
[2007/10/19 00:06:14 | 01,582,612 | ---- | C] (AusLogics, Inc. ) -- C:\Program Files\diskdefrag_install.exe

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/10/06 07:19:00 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/06 06:21:46 | 00,056,529 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/10/06 06:15:47 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Users\Led Zeppelin\Desktop\OTL.exe
[2009/10/06 06:14:48 | 00,069,192 | ---- | M] (jpshortstuff) -- C:\Users\Led Zeppelin\Desktop\GooredFix.exe
[2009/10/06 06:13:36 | 00,000,341 | ---- | M] () -- C:\Windows\win.ini
[2009/10/06 05:46:35 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/06 05:46:35 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/05 21:19:01 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/05 20:44:34 | 00,001,670 | ---- | M] () -- C:\Users\Led Zeppelin\Desktop\CCleaner.lnk
[2009/10/05 18:31:36 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/10/05 17:50:37 | 00,703,448 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/10/05 17:50:37 | 00,603,774 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/10/05 17:50:37 | 00,104,834 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/10/05 17:46:05 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/05 17:46:02 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/04 22:07:20 | 02,687,538 | -H-- | M] () -- C:\Users\Led Zeppelin\AppData\Local\IconCache.db
[2009/10/02 15:57:42 | 00,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT
[2009/10/02 15:56:16 | 00,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/10/02 10:30:02 | 00,017,303 | ---- | M] () -- C:\Users\Led Zeppelin\Documents\STATEMENT.pdf
[2009/09/29 17:39:06 | 00,310,641 | ---- | M] () -- C:\AntiRootkit.zip
[2009/09/29 10:22:20 | 00,231,390 | ---- | M] () -- C:\RootkitRevealer.zip
[2009/09/27 14:16:40 | 00,020,992 | ---- | M] () -- C:\Users\Led Zeppelin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/25 16:53:19 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009/09/25 09:58:19 | 00,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/09/21 15:13:44 | 02,731,520 | ---- | M] () -- C:\Users\Led Zeppelin\Documents\DRUNKS.pps
[2009/09/21 10:09:11 | 05,227,254 | ---- | M] () -- C:\Users\Led Zeppelin\Documents\Football.wmv
[2009/09/19 23:05:39 | 00,495,374 | ---- | M] () -- C:\Users\Led Zeppelin\Documents\Fishstory.pdf
[2009/09/18 22:22:57 | 00,280,419 | ---- | M] () -- C:\Users\Led Zeppelin\Desktop\gmer.zip
[2009/09/18 18:53:01 | 21,992,4845 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/09/15 22:48:06 | 00,000,433 | ---- | M] () -- C:\Users\Led Zeppelin\Desktop\ComboFix - Shortcut.lnk
[2009/09/15 22:23:48 | 00,000,241 | ---- | M] () -- C:\Windows\system.ini
[2009/09/15 22:08:58 | 03,315,456 | R--- | M] () -- C:\ComboFix.exe
[2009/09/15 17:36:08 | 00,288,768 | ---- | M] () -- C:\Users\Led Zeppelin\Desktop\gmer.exe
[2009/09/15 09:53:16 | 00,000,342 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2009/09/14 20:09:42 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\Windows\PEV.exe
[2009/09/12 21:32:54 | 00,000,960 | ---- | M] () -- C:\Users\Led Zeppelin\Desktop\Adobe Photoshop 7.0 (2).lnk
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/09/09 19:40:22 | 00,023,552 | ---- | M] () -- C:\Users\Led Zeppelin\Documents\grandmakatiescucuzza.doc

========== Files - No Company Name ==========
[2009/09/29 17:39:06 | 00,310,641 | ---- | C] () -- C:\AntiRootkit.zip
[2009/09/29 10:22:20 | 00,231,390 | ---- | C] () -- C:\RootkitRevealer.zip
[2009/09/25 09:58:19 | 00,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/09/21 15:13:31 | 02,731,520 | ---- | C] () -- C:\Users\Led Zeppelin\Documents\DRUNKS.pps
[2009/09/21 10:08:46 | 05,227,254 | ---- | C] () -- C:\Users\Led Zeppelin\Documents\Football.wmv
[2009/09/20 00:27:34 | 02,687,538 | -H-- | C] () -- C:\Users\Led Zeppelin\AppData\Local\IconCache.db
[2009/09/19 23:05:35 | 00,495,374 | ---- | C] () -- C:\Users\Led Zeppelin\Documents\Fishstory.pdf
[2009/09/18 22:22:56 | 00,280,419 | ---- | C] () -- C:\Users\Led Zeppelin\Desktop\gmer.zip
[2009/09/18 09:34:11 | 21,992,4845 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/09/15 22:48:06 | 00,000,433 | ---- | C] () -- C:\Users\Led Zeppelin\Desktop\ComboFix - Shortcut.lnk
[2009/09/15 22:15:16 | 00,229,888 | ---- | C] () -- C:\Windows\PEV.exe
[2009/09/15 22:15:16 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/09/15 22:15:16 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/09/15 22:15:16 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/09/15 22:08:57 | 03,315,456 | R--- | C] () -- C:\ComboFix.exe
[2009/09/15 17:36:08 | 00,288,768 | ---- | C] () -- C:\Users\Led Zeppelin\Desktop\gmer.exe
[2009/09/12 21:32:54 | 00,000,960 | ---- | C] () -- C:\Users\Led Zeppelin\Desktop\Adobe Photoshop 7.0 (2).lnk
[2009/09/09 19:40:21 | 00,023,552 | ---- | C] () -- C:\Users\Led Zeppelin\Documents\grandmakatiescucuzza.doc
[2009/09/09 13:35:54 | 02,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/06/26 13:20:16 | 00,000,036 | ---- | C] () -- C:\Users\Led Zeppelin\AppData\Local\housecall.guid.cache
[2009/06/04 14:13:42 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/03 21:02:01 | 06,198,784 | ---- | C] () -- C:\Program Files\s7119ENx.exe
[2009/01/31 09:28:38 | 04,566,456 | ---- | C] () -- C:\Program Files\Shockwave_Installer_Slim.exe
[2009/01/29 00:32:48 | 08,346,872 | ---- | C] () -- C:\Program Files\MSO.zip
[2009/01/29 00:32:48 | 00,030,004 | ---- | C] () -- C:\Program Files\_____padding_file_1_if you see this file, please update to BitComet 0.85 or above____
[2009/01/29 00:32:48 | 00,008,968 | ---- | C] () -- C:\Program Files\_____padding_file_0_if you see this file, please update to BitComet 0.85 or above____
[2009/01/29 00:32:48 | 00,002,764 | ---- | C] () -- C:\Program Files\Read me.txt
[2009/01/29 00:19:25 | 02,939,392 | ---- | C] () -- C:\Program Files\9928853.exe
[2009/01/10 07:52:56 | 00,067,337 | ---- | C] () -- C:\Program Files\image12.jpg.orig
[2009/01/06 08:11:46 | 00,358,689 | ---- | C] () -- C:\Program Files\hires24504220_54.zip
[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/12/20 21:25:26 | 00,167,773 | ---- | C] () -- C:\Program Files\restoration.zip
[2008/11/29 07:55:14 | 00,175,648 | ---- | C] () -- C:\Program Files\activescan2_en.exe
[2008/10/30 19:52:42 | 01,430,778 | ---- | C] () -- C:\Program Files\fretpro-setup.exe
[2008/10/28 10:11:12 | 00,000,006 | -HS- | C] () -- C:\Users\Led Zeppelin\AppData\Local\desktop.ini
[2008/09/11 07:21:03 | 00,124,454 | ---- | C] () -- C:\Program Files\Chevrolet-Corvette-GREGG-ALLMANS-2005-CORVETTE-CONVERTIBLE_W0QQcmdZViewItemQQcategoryZ6168QQihZ013QQitemZ230287232174QQrdZ1QQsspagenameZWDVW.htm
[2008/09/10 15:34:13 | 01,269,455 | ---- | C] () -- C:\Program Files\WinRAR_3.71.exe
[2008/09/04 15:19:59 | 03,679,430 | ---- | C] () -- C:\Program Files\dlgsetup11_win.zip
[2008/08/28 22:58:41 | 00,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/08/24 19:18:22 | 00,000,000 | ---- | C] () -- C:\Windows\ViewNX.INI
[2008/08/24 15:20:50 | 06,208,088 | ---- | C] () -- C:\Program Files\cstbwin4932en.exe
[2008/08/24 15:19:32 | 06,350,160 | ---- | C] () -- C:\Program Files\8400fvst10220a_xpen.exe
[2008/08/24 10:53:21 | 00,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL
[2008/08/24 10:53:16 | 00,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2008/08/24 09:57:33 | 17,099,5600 | ---- | C] () -- C:\Program Files\AIO_CDB_Full_Non-Network_enu.exe
[2008/08/24 09:52:03 | 00,002,896 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/08/24 08:35:57 | 00,000,268 | RH-- | C] () -- C:\ProgramData\Booms
[2008/08/24 08:35:57 | 00,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2008/08/24 08:35:57 | 00,000,012 | RH-- | C] () -- C:\ProgramData\CMMs
[2008/08/24 08:34:47 | 43,145,552 | ---- | C] () -- C:\Program Files\S-NkTR__-110WF-NSAEN.exe
[2008/08/24 08:10:54 | 00,000,268 | RH-- | C] () -- C:\ProgramData\Brother
[2008/08/24 08:10:53 | 00,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2008/08/24 08:10:53 | 00,000,012 | RH-- | C] () -- C:\ProgramData\Channel
[2008/08/24 08:09:00 | 46,353,312 | ---- | C] () -- C:\Program Files\S-VIEWNX-111WF-NSAEN.exe
[2008/08/13 21:04:53 | 01,654,737 | ---- | C] () -- C:\Program Files\dvda-author-08.07.win32.installer.exe
[2008/08/11 14:42:21 | 00,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2008/08/11 14:42:21 | 00,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2008/08/11 14:42:21 | 00,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2008/08/11 14:42:20 | 00,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2008/08/11 14:42:20 | 00,000,336 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2008/07/24 22:04:21 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/07/23 11:50:52 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/05/31 07:18:44 | 00,000,353 | ---- | C] () -- C:\Users\Led Zeppelin\AppData\Local\AutobahnAcceleratorInstall.txt
[2008/05/14 19:29:14 | 03,481,433 | ---- | C] () -- C:\Program Files\SendSpace Wizard Win32 v1.1.28 beta.exe
[2008/03/18 11:14:13 | 03,861,320 | ---- | C] () -- C:\Program Files\eMule0.48a-Installer2.exe
[2008/02/11 09:39:26 | 00,253,952 | ---- | C] () -- C:\Windows\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 00,237,568 | ---- | C] () -- C:\Windows\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 00,110,592 | ---- | C] () -- C:\Windows\System32\OnlineScannerLang.dll
[2008/02/04 22:08:15 | 06,381,616 | ---- | C] () -- C:\Program Files\AutobahnAcceleratorInstall.exe
[2008/02/01 20:14:04 | 14,603,672 | ---- | C] () -- C:\Program Files\jre-6u3-windows-i586-p-s.exe
[2008/01/21 22:38:03 | 07,420,224 | ---- | C] () -- C:\Program Files\Free-SpyHunter-Scanner-Install.exe
[2008/01/18 17:15:42 | 00,899,414 | ---- | C] () -- C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe
[2008/01/02 17:57:36 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:33:40 | 00,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007/10/18 12:49:31 | 00,000,100 | ---- | C] () -- C:\Users\Led Zeppelin\AppData\Local\fusioncache.dat
[2007/08/10 22:33:41 | 00,065,536 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2007/08/10 14:36:50 | 00,020,992 | ---- | C] () -- C:\Users\Led Zeppelin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/10 14:26:14 | 00,070,176 | ---- | C] () -- C:\Users\Led Zeppelin\AppData\Local\GDIPFONTCACHEV1.DAT
[2007/07/27 14:49:02 | 00,225,355 | ---- | C] () -- C:\Windows\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 00,196,683 | ---- | C] () -- C:\Windows\System32\lnod32apiA.dll
[2007/02/15 19:44:38 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2007/02/15 19:07:35 | 00,532,544 | ---- | C] () -- C:\Windows\PIC.dll
[2007/02/15 19:07:35 | 00,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
[2006/12/12 10:02:50 | 00,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/11/22 17:16:18 | 00,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 13:50:06 | 00,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 07:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 05:23:31 | 00,000,341 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 05:23:31 | 00,000,241 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/06/23 12:09:34 | 00,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005/12/05 19:25:22 | 00,139,264 | ---- | C] () -- C:\Windows\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 00,106,496 | ---- | C] () -- C:\Windows\System32\lnod32upd.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 689 bytes -> C:\Users\Led Zeppelin\Documents\SnowDogg.eml:OECustomProperty
@Alternate Data Stream - 64 bytes -> C:\Users\Led Zeppelin\Documents\Y_YOU_SHOULD_NOT_PUT_STUFFED_ANIMALS_IN_YOUR_BACK_WINDOW.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Led Zeppelin\Documents\RomanticSleighRide.mpe:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Led Zeppelin\Documents\DogStory.mpg:TOC.WMV
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >


Extras txt

OTL Extras logfile created on: 10/6/2009 7:26:55 AM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Users\Led Zeppelin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 44.46% Memory free
4.00 Gb Paging File | 2.93 Gb Available in Paging File | 73.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.38 Gb Total Space | 72.54 Gb Free Space | 25.15% Space Free | Partition Type: NTFS
Drive D: | 9.71 Gb Total Space | 4.34 Gb Free Space | 44.70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 931.51 Gb Total Space | 133.25 Gb Free Space | 14.31% Space Free | Partition Type: NTFS

Computer Name: LEDZEPPELIN-PC
Current User Name: Led Zeppelin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-336559941-1480386105-577895080-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [Burn With ImgTool...] -- C:\Program Files\ImgTool Burn\ImgTool.exe -c -d "%l" (Jörg4Anna)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [tralih] -- "C:\Program Files\Trader's Little Helper\tralih.exe" /0 "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-336559941-1480386105-577895080-1001]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-336559941-1480386105-577895080-500]
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{61DF4212-EE58-4EF4-8306-DEA4605B593E}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv™ media server upnp discovery |
"{BD502291-660D-4BAE-9CAD-76DD53ECD753}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv™ media server discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{064411B8-61BD-425C-A093-59AE9E43A467}" = protocol=6 | dir=in | app=c:\program files\bellsouth\mccibrowser.exe |
"{109652B6-15BB-4281-9CF5-5D3FA81837EE}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{1552D3CA-0B33-41D9-92C6-3B291C940DFC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{18371854-F54E-4E76-A451-969843F658CF}" = protocol=17 | dir=in | app=c:\program files\bellsouth\mccibrowser.exe |
"{185B7FED-7E1B-472F-99D9-9CBEAD8E6E88}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{18E84C89-2FE5-4278-A6C1-A4317F40A384}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{364EFA62-0C14-4165-BA02-971E63140A5E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3DEFAC44-A711-4CF1-A78C-2F0602A7ADE1}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{3E7A5C2A-C5D0-43D0-A464-C857429A3450}" = protocol=6 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"{4D4439C7-9E79-4F06-A177-C093F263A760}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{5531E143-48EE-46A0-BAB2-1ED1206B8DB7}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{5AF535BE-00CC-479F-B44A-F5834A0EFA20}" = protocol=17 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"{5B9BC5A0-6DB7-47C3-9AD9-B3FAF359C944}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6875ED0B-843F-45B3-A771-35AF18488F09}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{6F67F681-FBCF-479B-B981-35D63460EB87}" = protocol=17 | dir=in | app=c:\program files\aol 9.0a\waol.exe |
"{725C93B0-BD06-4D42-933A-9021A845F2FD}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{737181E7-C7D5-4D2D-BF03-94BE746F0ACF}" = protocol=17 | dir=in | app=c:\program files\bellsouth\mccibrowser.exe |
"{7393F9D9-5BB3-458E-A4A5-B29074136925}" = protocol=6 | dir=in | app=c:\program files\aol 9.0a\waol.exe |
"{887A68CE-8474-4DAC-8542-1AB6ECF0EEF3}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8E2823E9-5FE9-4449-BC87-258C116DE04B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{926690DB-1A45-467E-8E1B-1E0D5C89C3FC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{939EA104-3BA8-486E-8871-3B26D59424CE}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{96D3CDBA-4EAC-494E-A2A0-4A0B2F03A022}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9B92B59E-983D-4A08-A399-2FEF2287F378}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{A296E2DE-2366-443E-B791-3DA51DD27B85}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{A45F02E1-2019-4500-9C96-7DC133EC37DF}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{AA315D9C-A48B-4464-8C08-7E1D7676208D}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{B1372527-40B2-43B9-9093-56B275FAB212}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{CA2FF8DB-6C14-47C3-A61B-1E286F82C0F2}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D1AC9881-CC5A-4023-946D-7B40D23B0E0B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D6EB83DB-54D7-46F4-8704-9664A8FF3EAB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{D87D021F-2CF1-40FC-B202-2DBA4B1F45EF}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{EC327DEB-DC40-442B-9A8A-3AF98F40EF49}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{ECCDD80C-BEF2-4236-BD12-1750988CE44E}" = protocol=6 | dir=in | app=c:\program files\bellsouth\mccibrowser.exe |
"{EE40643F-0948-4B37-B058-0B2F632AF676}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F70682A1-21E9-4D22-9F65-7A441D3B0611}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{09B7AB90-B6F6-4D33-9E0E-3F8056EE8DF0}" = 4200_Help
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{25771101-7948-4591-ABF3-B1ECE7A7F45F}" = HP Update
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{26C610BF-761B-4209-BD6A-A0F1B73D6DDE}" = Intel® Viiv™ Software
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4CA52274-4043-4CF4-ADC5-0BBC4624EF69}" = PartSmartUpdate
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library
"{523DF39E-DF7D-488F-8022-783946571033}" = Nero 8 Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{6E7958D5-4D85-42EA-B2FC-A3DB5A54998E}" = PartSmart
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{83E1916D-0D14-43F2-B3E6-1BCB7E831704}" = PartSmart 8
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91BA03B3-4EB6-4852-814C-8359236818A2}" = PartsManagerPro
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9B3E9492-87F0-4D08-B054-2596F738AB35}" = 4200Trb
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3B4E8E4-E2A4-11D6-8D31-00105A629F49}" = eMedia Guitar Method
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DE4FBF52-6825-4C31-8C7A-B12FA71A1583}" = 4200
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F28F05BC-3625-440B-89F8-EA5321EB3D34}" = PartSmart
"{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}" = Natural Color
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = PS2 Multimedia Keyboard Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced FretPro" = FretPro V.2.00
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Autobahn" = Autobahn
"BitTornado" = BitTornado 0.3.17
"CCleaner" = CCleaner (remove only)
"CD Wave_is1" = CD Wave Editor version 1.96.1
"CDRWIN" = CDRWIN
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"dvda-author-08.07" = dvda-author (uninstall only)
"EsetOnlineScanner" = ESET Online Scanner
"Exact Audio Copy" = Exact Audio Copy 0.95b4
"FileZilla" = FileZilla (remove only)
"Gateway Game Console" = Gateway Game Console
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HDD Health_is1" = HDD Health v3.3 Beta
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"Intel® Configuration Center" = Intel® Viiv™ Software
"iZotope Ozone 3_is1" = iZotope Ozone 3
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSC" = McAfee SecurityCenter
"NanoScan" = Panda NanoScan
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006
"PROSet" = Intel® PRO Network Connections Drivers
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealPlayer 6.0" = RealPlayer
"SmartFTP Client 2.5 Setup Files" = SmartFTP Client 2.5 Setup Files (remove only)
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Steinberg WaveLab 5.01b" = Steinberg WaveLab 5.01b
"SystemRequirementsLab" = System Requirements Lab
"TMPGEnc Plus 2.58.44.152_is1" = TMPGEnc Plus 2.58.44.152
"TotalScan" = Panda TotalScan
"TradersLittleHelper_is1" = Trader's Little Helper 2.4.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"WT017906" = Penguins!
"WT017926" = Polar Bowler
"WT017936" = Polar Golfer
"WT017976" = SCRABBLE

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-336559941-1480386105-577895080-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/16/2009 8:19:05 AM | Computer Name = LedZeppelin-PC | Source = Google Update | ID = 20
Description =

Error - 9/16/2009 9:19:05 AM | Computer Name = LedZeppelin-PC | Source = Google Update | ID = 20
Description =

Error - 9/16/2009 10:19:05 AM | Computer Name = LedZeppelin-PC | Source = Google Update | ID = 20
Description =

Error - 9/17/2009 12:22:39 PM | Computer Name = LedZeppelin-PC | Source = Perflib | ID = 1010
Description =

Error - 9/18/2009 11:05:03 AM | Computer Name = LedZeppelin-PC | Source = Application Error | ID = 1000
Description = Faulting application tlu5ifvt.exe, version 1.0.15.15087, time stamp
0x4aafb469, faulting module tlu5ifvt.exe, version 1.0.15.15087, time stamp 0x4aafb469,
exception code 0xc0000005, fault offset 0x0000c4b1, process id 0x1444, application
start time 0x01ca38713d8b062f.

Error - 9/18/2009 6:46:19 PM | Computer Name = LedZeppelin-PC | Source = EventSystem | ID = 4609
Description =

Error - 9/18/2009 6:47:45 PM | Computer Name = LedZeppelin-PC | Source = Application Error | ID = 1000
Description = Faulting application tlu5ifvt.exe, version 1.0.15.15087, time stamp
0x4aafb469, faulting module tlu5ifvt.exe, version 1.0.15.15087, time stamp 0x4aafb469,
exception code 0xc0000005, fault offset 0x0000c4b1, process id 0x5dc, application
start time 0x01ca38b1fba39bef.

Error - 9/18/2009 7:12:38 PM | Computer Name = LedZeppelin-PC | Source = Application Error | ID = 1000
Description = Faulting application tlu5ifvt.exe, version 1.0.15.15087, time stamp
0x4aafb469, faulting module tlu5ifvt.exe, version 1.0.15.15087, time stamp 0x4aafb469,
exception code 0xc0000005, fault offset 0x0000c4b1, process id 0xb2c, application
start time 0x01ca38b561ed0af5.

Error - 9/18/2009 11:25:03 PM | Computer Name = LedZeppelin-PC | Source = Perflib | ID = 1010
Description =

Error - 9/21/2009 3:58:33 PM | Computer Name = LedZeppelin-PC | Source = MsiInstaller | ID = 1002
Description =

[ Media Center Events ]
Error - 4/17/2008 2:06:47 PM | Computer Name = LedZeppelin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/22/2008 11:14:35 PM | Computer Name = LedZeppelin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/23/2008 10:23:58 AM | Computer Name = LedZeppelin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/26/2008 4:32:03 PM | Computer Name = LedZeppelin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/1/2008 11:15:12 AM | Computer Name = LedZeppelin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/1/2008 6:00:36 PM | Computer Name = LedZeppelin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/3/2008 10:44:59 AM | Computer Name = LedZeppelin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/28/2008 9:12:58 AM | Computer Name = LedZeppelin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/30/2009 3:53:12 PM | Computer Name = LedZeppelin-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 4/29/2009 11:03:27 PM | Computer Name = LedZeppelin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 10/2/2009 11:07:18 AM | Computer Name = LedZeppelin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/2/2009 11:07:18 AM | Computer Name = LedZeppelin-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 10/3/2009 6:58:32 AM | Computer Name = LedZeppelin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/3/2009 6:58:34 AM | Computer Name = LedZeppelin-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 10/4/2009 9:29:05 AM | Computer Name = LedZeppelin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/4/2009 9:29:10 AM | Computer Name = LedZeppelin-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 10/5/2009 9:27:13 AM | Computer Name = LedZeppelin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/5/2009 9:27:15 AM | Computer Name = LedZeppelin-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 10/5/2009 6:47:48 PM | Computer Name = LedZeppelin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/5/2009 6:47:48 PM | Computer Name = LedZeppelin-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >

#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:40 AM

Posted 06 October 2009 - 08:43 AM

Hi imazephed,




Due to the warning from the developer of combofix, this tool should not run by oneself for being unsupervised. Sometimes, it will result into an unbootable machine. Since you have run it, may I see the log in C:\combofix.txt if it's still available.


Step1

Go to start > control panel > programs and features.
Right click on each following instance and choose uninstall:

Java™ 6 Update 4
Java™ 6 Update 5
Java™ 6 Update 7
Viewpoint Media Player


After that, go back to your Control Panel and click the Java icon (looks like a coffee cup). On update menu, press Update now button.


Step2

Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step3

Please perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
  • You can refer to this animation
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



Please post back the logs in your next reply.

1.Kas Online Scan Report

Tell me the problems you're experiencing now.

#7 imazephed

imazephed
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 06 October 2009 - 11:59 PM

Sundavis I ran the scan you asked and this is the log, The problem I am having is with pop ups in firefox and an overall sluggishness on my computer. I deleted the three java's off my machine and tried to update the remaining one, It told me that it was up to date. I also deleted the viewpoint media player, then ran the atf cleaner then Kaspersky Online Scanner. It found nothing at all but I am sure there is something on this pc. I never had pop ups in firefox before and now do, it has to be some sort of maleware causing them. Thanks for your help.



Tuesday, October 6, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, October 06, 2009 18:52:46
Records in database: 2923212
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
Scan statistics
Objects scanned 353669
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 06:02:23

No threats found. Scanned area is clean.
Selected area has been scanned.

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:40 AM

Posted 07 October 2009 - 01:32 AM

Hi imazephed,



OK! Let's make some maintenance and see if it makes any difference.


Step1
  • Please start OTL on your desktop.
  • Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.
    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    
    :Commands
    [resethosts]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Click Run Fix button on the top.
  • Click OK and let it run unhindered.
  • OTL will ask to reboot the machine. Please OK the prompt.
  • A report will open. Copy and Paste that report in your next reply.
Step2

1. Click the Microsoft Vista Start logo in the bottom left corner of the screen
2. Click All Programs
3. Click Accessories
4. RIGHT-click on Command Prompt
5. Select Run As Administrator
6. In the command window type the following and then hit enter:

ipconfig /flushdns

7. You will see the following confirmation:

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.


Step3

Go to Start>Run>type cmd>A window will come up. In the window, Type chkdsk c: /F

System will have message saying:

Chkdsk cannot run because the volume is in use by another process.Would you like to schedule this volume to be checked the next time the system restarts?(y/n)

Type Y. Reboot the system. It will make repairs when it reboots.


Step4

Then, unplug the internet access, try to Obtain a DNS address automatically , After that, What I'd like you to do is a hard reset with your router if you have one. Leave it on, and there should be a little pinhole in the back of the unit. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). You may also want to ask your ISP for help in case there are custom settings that need to be maintained. When done, get internet access, proceed windows update and tell me how it goes. After that, restart your computer.

Step5

Open IE, select Tools > Internet Options. Select the Connections tab.
  • If you are using LAN, click "LAN Settings" button. If you are using Dial-up or Virtual Private Network connection, select necessary connection and click "Settings" button.
  • In the "Proxy Server" area, uncheck the check mark next to Use a proxy server for ....
  • Click OK.
  • Click Privacy tab and press Sites button, click Remove all button if there are some urls out there.
  • Click Advanced tab and click on Reset button
  • In the Reset Internet Explorer Settings dialog box, click Reset to confirm.
In Firefox, go Tools > Options > Advanced > Network > Settings and tick 'No Proxy', then 'OK' your way out.

Start your FF> Tools menu> Clear Private data , check all boxes and press clear private data now button

Please close all your browsers. Click on Start / Run, Enter the following command:

firefox -safe-mode

Click Continue In Safe Mode. This starts Firefox in its Safe Mode. While you are in Safe Mode, your settings will reverted back to their defaults. Tell me if any popups appear.

If yes, go to next step.

Keep going to firefox in Safe Mode.

In the open window, check the following boxes.

Disable all add-ons
Reset Toolbars and Controls
Reset all your user preferences to FireFox Defaults
Restore Default Search Engines.

Click on "Make the changes and restart" Then, start your FF to test if you run across any popups.

If the problem still persists, you are well advised to remove it completely including add-ons, profile data, directories and install a new one. but you can backup your bookmarks from Here if you don't know how . For more info:

http://kb.mozillazine.org/Uninstalling_Firefox

http://wvistathemes.com/windows/completely...nstall-firefox/

http://www.mozilla.com/en-US/firefox/ie.html


In your next reply, please post back:

1.OTL delete log

Tell me how things are going now.

#9 imazephed

imazephed
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 07 October 2009 - 06:37 PM

Sundavis this is the OLT report you asked to see.

All processes killed
========== OTL ==========
Process explorer.exe killed successfully!
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes

User: Led Zeppelin
->Temp folder emptied: 0 bytes
->Java cache emptied: 88688375 bytes
File delete failed. C:\Users\Led Zeppelin\AppData\Local\Mozilla\Firefox\Profiles\rp9tpbev.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Led Zeppelin\AppData\Local\Mozilla\Firefox\Profiles\rp9tpbev.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Led Zeppelin\AppData\Local\Mozilla\Firefox\Profiles\rp9tpbev.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Led Zeppelin\AppData\Local\Mozilla\Firefox\Profiles\rp9tpbev.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Led Zeppelin\AppData\Local\Mozilla\Firefox\Profiles\rp9tpbev.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
->FireFox cache emptied: 102591440 bytes
->Google Chrome cache emptied: 0 bytes

User: Public

User: ReleaseEngineer.MACROVISION

%systemdrive% .tmp files removed: 0 bytes
C:\Windows\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\mcafee_hsS4BbCQtZyZHKJ scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mcafee_jzNw1cfTKiGHmWd scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mcmsc_4Y9rpN9y7zuxZao scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mcmsc_frYJ7lokAf43ugL scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mcmsc_KqYfOKpa0QWphNu scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mcmsc_KTYS6KcLPgLGdCB scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\sqlite_2w8kfqHBxGAsWjr scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\sqlite_AHmqDXcRbQF2Waw scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\sqlite_kv6XZBrVrDwheog scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\sqlite_YHf5FJUlCpHxfWb scheduled to be deleted on reboot.
Windows Temp folder emptied: 26583 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 182.44 mb


OTL by OldTimer - Version 3.0.18.4 log created on 10072009_155507

Files\Folders moved on Reboot...
C:\Users\Led Zeppelin\AppData\Local\Mozilla\Firefox\Profiles\rp9tpbev.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Led Zeppelin\AppData\Local\Mozilla\Firefox\Profiles\rp9tpbev.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Led Zeppelin\AppData\Local\Mozilla\Firefox\Profiles\rp9tpbev.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Led Zeppelin\AppData\Local\Mozilla\Firefox\Profiles\rp9tpbev.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Led Zeppelin\AppData\Local\Mozilla\Firefox\Profiles\rp9tpbev.default\urlclassifier3.sqlite moved successfully.
File\Folder C:\Windows\temp\mcafee_hsS4BbCQtZyZHKJ not found!
File\Folder C:\Windows\temp\mcafee_jzNw1cfTKiGHmWd not found!
File\Folder C:\Windows\temp\mcmsc_4Y9rpN9y7zuxZao not found!
File\Folder C:\Windows\temp\mcmsc_frYJ7lokAf43ugL not found!
File\Folder C:\Windows\temp\mcmsc_KqYfOKpa0QWphNu not found!
File\Folder C:\Windows\temp\mcmsc_KTYS6KcLPgLGdCB not found!
File move failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be moved on reboot.
C:\Windows\temp\sqlite_2w8kfqHBxGAsWjr moved successfully.
C:\Windows\temp\sqlite_AHmqDXcRbQF2Waw moved successfully.
File\Folder C:\Windows\temp\sqlite_kv6XZBrVrDwheog not found!
File\Folder C:\Windows\temp\sqlite_YHf5FJUlCpHxfWb not found!

Registry entries deleted on Reboot...

When I did the Check Disk it came up fine not one error. I had no problem resetting my dns, Then I did as you asked and started firefox in safe mode and the pop ups were still there, so I did it again this time checking the boxes you instructed me to check and still pop ups, So I did what you said to do next and backed up my favorites and stored passwords then completely removed firefox even going and deleting the left behind registry keys, then rebooted and reinstalled firefox and the pop ups are still there. I must have some sort of new critter on my machine. It does seem to be running smoother since you walked me through clean up/ maintenance. I truly appreciate the help but it looks like if I want to get rid of these pop ups I will need to blow the drive away and do a fresh install and I dont feel like doing that to be honest. I will just deal with this until it gets unbearable. Again thank you for your knowledgeable help. If you have any other ideas feel free to let me know I will try anything.


Thanks you
Jason

#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:40 AM

Posted 07 October 2009 - 07:48 PM

Hi imazephed,



What kind of popups? Can you make a screenshot when it prompts? How is your IE performing? Any popus while surfing with Internet Explorer? Advise me in your next round.

It seemded that you have uninstalled McAfee from your system. Without any protection, it's somewhat suicidal in this digital world nowadays. You're well advised to install a free one.

AntiVir Free Edition


Step1

I notice you have MBAM installed in your system, Please rerun it as instructed in the following. Update your virus definitions before proceeding. If you can't update the program, you can download the virus definitions from Here and install manually.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • You can refer to this tutorial
Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


Step2

Disable the real-time protections of your antivirus and antispyware applications, usually via a right-click on the System Tray icon. Please re-enable them after the scan.
  • Download ToolBarSD and Save it to your Desktop.
  • Double-click ToolBarSD.exe to run it.
  • Type the letter of your chosen language and press Enter
  • Click OK to the prompt.
  • Type 1 and press Enter
  • Please post the log, TB.txt, which it creates at C:\TB.txt in your next reply.
Step3

Please go to Here and Download System Repair Engine by smallfrogs

  • Extract it to Desktop & double click SREng.exe to run it
  • Select 'Smart Scan' & tick "Verify the digital signatures of process modules"
  • Click on the Scan button
  • Before scanning the computer, Close all browsers and other programs except SREng.
  • When finished, click on the Save Reports button & save the log to Desktop
  • You can refer to this thread for your reference.


In your next reply, pleae post back:

1.MBAM log
2.TB.txt
3.SREng log Thanks

#11 imazephed

imazephed
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 07 October 2009 - 10:11 PM

Sundavis I have Mcafee but its out of date I will buy something and install it probably norton 10. I updated mwam and ran a scan here is the log.

Malwarebytes' Anti-Malware 1.41
Database version: 2922
Windows 6.0.6002 Service Pack 2

10/7/2009 9:58:32 PM
mbam-log-2009-10-07 (21-58-32).txt

Scan type: Quick Scan
Objects scanned: 100554
Time elapsed: 4 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



I ran the toolbarsd and this is the log



-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel® Core™2 CPU 4300 @ 1.80GHz )
BIOS : Default System BIOS
USER : Led Zeppelin ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:288 Go (Free:69 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:4 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (Local Disk) - NTFS - Total:931 Go (Free:133 Go)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( Wed 10/07/2009|22:03 )

[ UAC => 0 ]

-----------\\ Searching for Files - Folders ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5438"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="http://go.microsoft.com/fwlink/?LinkID=68928"
"Url"="http://go.microsoft.com/fwlink/?LinkID=68929"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


--------------------\\ Searching for other infections

This is the System Repair Engine by smallfrogs log


2009-10-07,22:12:46

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows Vista Home Premium Edition Service Pack 2 (Build 6002) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
	All Boot Items (Including Registry, Startup Folders, Services and so on)
	Browser Add-ons
	Running Processes (Including process model information)
	File Associations
	Winsock Provider
	Autorun.Inf
	HOSTS File
	Process Privileges Scan
	Scheduled Tasks
	Windows Security Update Check
	API HOOK
	Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
	<ehTray.exe><C:\Windows\ehome\ehTray.exe>  [(Verified)Microsoft Windows]
	<ISUSPM><"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler>  [(Verified)Macrovision Corporation]
	<SUPERAntiSpyware><C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe>  [(Verified)SuperAdBlocker.com]
	<swg><"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe">  [(Verified)Google Inc]
	<IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020>  [File is missing]
	<WMPNSCFG><C:\Program Files\Windows Media Player\WMPNSCFG.exe>  [(Verified)Microsoft Windows]
	<HDDHealth><C:\Program Files\HDD Health\hddhealth.exe -wl>  [PANTERASoft]
	<AOL Fast Start><"C:\Program Files\AOL 9.0a\AOL.EXE" -b>  [(Verified)AOL LLC]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
	<Windows Defender><%ProgramFiles%\Windows Defender\MSASCui.exe -hide>  [(Verified)Microsoft Windows]
	<CHotkey><zHotkey.exe>  []
	<ShowWnd><ShowWnd.exe>  []
	<ModPS2><ModPS2Key.exe>  [Chicony]
	<mcagent_exe><C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey>  [(Verified)"McAfee, Inc."]
	<Google Desktop Search><"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup>  [Google]
	<IgfxTray><C:\Windows\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<HotKeysCmds><C:\Windows\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<Persistence><C:\Windows\system32\igfxpers.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<NBKeyScan><"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe">  [(Verified)Nero AG]
	<HP Software Update><C:\Program Files\HP\HP Software Update\HPWuSchd2.exe>  [Hewlett-Packard Co.]
	<AppleSyncNotifier><C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe>  [(Verified)Apple Inc.]
	<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
	<QuickTime Task><"C:\Program Files\QuickTime\QTTask.exe" -atboottime>  [Apple Inc.]
	<iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe">  [(Verified)Apple Inc.]
	<SigmatelSysTrayApp><sttray.exe>  [SigmaTel, Inc.]
	<SunJavaUpdateSched><"C:\Program Files\Java\jre6\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<shell><Explorer.exe>  [(Verified)Microsoft Windows]
	<Userinit><C:\Windows\system32\userinit.exe,>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<AppInit_DLLs><C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll>  [Google]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
	<{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}><C:\Program Files\SUPERAntiSpyware\SASSEH.DLL>  [SuperAdBlocker.com]
	<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
	<WebCheck><C:\Windows\System32\webcheck.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
	<WinlogonNotify: !SASWinLogon><C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL>  [SUPERAntiSpyware.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
	<WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
	<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{03F5D01C-F7DB-4F1A-9389-BF06ECDE5D44}]
	<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
	<Microsoft Windows Media Player><C:\Windows\system32\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
	<Internet Explorer><C:\Windows\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
	<N/A><"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
	<Microsoft Windows Mail 7><"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
	<Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
	<Internet Explorer><C:\Windows\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
	<N/A><C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install>  [(Verified)Microsoft Windows]

==================================
Startup Folders
[Adobe Gamma Loader]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[HP Digital Imaging Monitor]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]><N>
[NaturalColorLoad]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NaturalColorLoad.lnk --> C:\PROGRA~1\SEC\NATURA~1\NATURA~1.EXE []><N>
[NaturalColorLoad]
  <C:\Users\Led Zeppelin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NaturalColorLoad.lnk --> C:\PROGRA~1\SEC\NATURA~1\NATURA~1.EXE []><N>
[NaturalColorLoad]
  <C:\Users\Led Zeppelin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NaturalColorLoad.lnk --> C:\PROGRA~1\SEC\NATURA~1\NATURA~1.EXE []><N>
[Adobe Gamma Loader]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[HP Digital Imaging Monitor]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]><N>
[NaturalColorLoad]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NaturalColorLoad.lnk --> C:\PROGRA~1\SEC\NATURA~1\NATURA~1.EXE []><N>

==================================
Services
[Intel(R) Alert Service / AlertService][Stopped/Manual Start]
  <"C:\Program Files\Intel\IntelDH\CCU\AlertService.exe"><Intel(R) Corporation>
[AOL Connectivity Service / AOL ACS][Running/Auto Start]
  <"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"><AOL LLC>
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
  <"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple Inc.>
[Bonjour Service / Bonjour Service][Running/Auto Start]
  <"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Inc.>
[DQLWinService / DQLWinService][Running/Auto Start]
  <"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe"><>
[McAfee E-mail Proxy / Emproxy][Stopped/Manual Start]
  <C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe><McAfee, Inc.>
[FNWPMR / FNWPMR][Stopped/Manual Start]
  <C:\Users\LEDZEP~1\AppData\Local\Temp\FNWPMR.exe><(File is missing)>
[Google Desktop Manager 5.5.709.30344 / GoogleDesktopManager-093007-112848][Stopped/Manual Start]
  <"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"><Google>
[Google Update Service (gupdate1ca163962adda23) / gupdate1ca163962adda23][Stopped/Auto Start]
  <"C:\Program Files\Google\Update\GoogleUpdate.exe" /svc><Google Inc.>
[Google Software Updater / gusvc][Stopped/Auto Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[hpqcxs08 / hpqcxs08][Running/Manual Start]
  <C:\Windows\system32\svchost.exe -k hpdevmgmt-->C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll><Hewlett-Packard Co.>
[HP CUE DeviceDiscovery Service / hpqddsvc][Running/Auto Start]
  <C:\Windows\system32\svchost.exe -k hpdevmgmt-->C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll><Hewlett-Packard Co.>
[Intel(R) Matrix Storage Event Monitor / IAANTMON][Running/Auto Start]
  <C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe><Intel Corporation>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPod Service / iPod Service][Running/Manual Start]
  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[Intel(R) Software Services Manager / ISSM][Stopped/Manual Start]
  <"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe"><Intel(R) Corporation>
[Intel(R) Viiv(TM) Media Server / M1 Server][Stopped/Manual Start]
  <C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe><N/A>
[McAfee HackerWatch Service / McAfee HackerWatch Service][Running/Auto Start]
  <"C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"><McAfee, Inc.>
[Intel(R) Application Tracker / MCLServiceATL][Stopped/Manual Start]
  <"C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe"><Intel(R) Corporation>
[McAfee Services / mcmscsvc][Running/Auto Start]
  <C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe><McAfee, Inc.>
[McAfee Network Agent / McNASvc][Running/Auto Start]
  <"c:\program files\common files\mcafee\mna\mcnasvc.exe"><McAfee, Inc.>
[McAfee Scanner / McODS][Running/Auto Start]
  <C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe><McAfee, Inc.>
[McAfee Proxy Service / McProxy][Running/Auto Start]
  <c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe><McAfee, Inc.>
[McAfee Redirector Service / McRedirector][Running/Auto Start]
  <c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe><McAfee, Inc.>
[McAfee Real-time Scanner / McShield][Paused/Auto Start]
  <C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe><McAfee, Inc.>
[McAfee SystemGuards / McSysmon][Stopped/Manual Start]
  <C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe><McAfee, Inc.>
[McAfee Personal Firewall Service / MpfService][Running/Auto Start]
  <"C:\Program Files\McAfee\MPF\MPFSrv.exe"><McAfee, Inc.>
[McAfee Privacy Service / MPS9][Running/Auto Start]
  <C:\PROGRA~1\McAfee\MPS\mps.exe><McAfee, Inc.>
[McAfee SpamKiller Service / MSK80Service][Running/Auto Start]
  <"C:\Program Files\McAfee\MSK\MskSrver.exe"><McAfee Inc.>
[Nero BackItUp Scheduler 3 / Nero BackItUp Scheduler 3][Running/Auto Start]
  <C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe><Nero AG>
[Net Driver HPZ12 / Net Driver HPZ12][Running/Auto Start]
  <C:\Windows\System32\svchost.exe -k HPZ12-->C:\Windows\system32\HPZinw12.dll><Hewlett-Packard>
[NMIndexingService / NMIndexingService][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe"><Nero AG>
[Pml Driver HPZ12 / Pml Driver HPZ12][Running/Auto Start]
  <C:\Windows\System32\svchost.exe -k HPZ12-->C:\Windows\system32\HPZipm12.dll><Hewlett-Packard>
[PrismXL / PrismXL][Running/Auto Start]
  <C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS><New Boundary Technologies, Inc.>
[Intel(R) Remoting Service / Remote UI Service][Stopped/Manual Start]
  <"C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe"><Intel(R) Corporation>
[XAudioService / XAudioService][Running/Auto Start]
  <C:\Windows\system32\DRIVERS\xaudio.exe><Conexant Systems, Inc.>
[XBaseMS-Service / XBaseMS-Service][Running/Auto Start]
  <C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\tbmux32.exe><Transaction Software, D 81737 Munich>

==================================
Drivers
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[adp94xx / adp94xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adp94xx.sys><Adaptec, Inc.>
[adpahci / adpahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpahci.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu160m.sys><Adaptec, Inc.>
[adpu320 / adpu320][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu320.sys><Adaptec, Inc.>
[aic78xx / aic78xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\djsvs.sys><Adaptec, Inc.>
[aliide / aliide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\aliide.sys><Acer Laboratories Inc.>
[arc / arc][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[arcsas / arcsas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arcsas.sys><Adaptec, Inc.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Stopped/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[blbdrive / blbdrive][Stopped/Disabled]
  <\SystemRoot\system32\drivers\blbdrive.sys><N/A>
[Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltlo.sys><Brother Industries, Ltd.>
[Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltup.sys><Brother Industries, Ltd.>
[Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserid.sys><Brother Industries Ltd.>
[Brother WDM Serial driver / BrSerWdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserwdm.sys><Brother Industries Ltd.>
[Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brusbmdm.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brusbser.sys><Brother Industries Ltd.>
[catchme / catchme][Stopped/Manual Start]
  <\??\C:\Users\LEDZEP~1\AppData\Local\Temp\catchme.sys><N/A>
[cmdide / cmdide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\cmdide.sys><CMD Technology, Inc.>
[Intel(R) PRO Network Connection Driver / E100B][Running/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[Intel(R) PRO/1000 NDIS 6 Adapter Driver / E1G60][Stopped/Manual Start]
  <system32\DRIVERS\E1G60I32.sys><Intel Corporation>
[elxstor / elxstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[GEAR ASPI Filter Driver / GEARAspiWDM][Running/Manual Start]
  <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[HpCISSs / HpCISSs][Stopped/Disabled]
  <\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\HSX_DPV.sys><Conexant Systems, Inc.>
[HSXHWBS2 / HSXHWBS2][Running/Manual Start]
  <system32\DRIVERS\HSXHWBS2.sys><Conexant Systems, Inc.>
[ialm / ialm][Stopped/Manual Start]
  <system32\DRIVERS\igdkmd32.sys><Intel Corporation>
[Intel RAID Controller / iaStor][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\iaStor.sys><Intel Corporation>
[Intel RAID Controller Vista / iaStorV][Running/Boot Start]
  <\SystemRoot\system32\drivers\iastorv.sys><Intel Corporation>
[igfx / igfx][Running/Manual Start]
  <system32\DRIVERS\igdkmd32.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[IntelDH Driver / IntelDH][Running/Manual Start]
  <System32\Drivers\IntelDH.sys><Intel Corporation>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <system32\DRIVERS\ipinip.sys><N/A>
[ITEATAPI_Service_Install / iteatapi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteatapi.sys><Integrated Technology Express, Inc.>
[ITERAID_Service_Install / iteraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteraid.sys><Integrated Technology Express, Inc.>
[LSI_FC / LSI_FC][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_fc.sys><LSI Logic>
[LSI_SAS / LSI_SAS][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_sas.sys><LSI Logic>
[LSI_SCSI / LSI_SCSI][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Logic>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[megasas / megasas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[MEMSWEEP2 / MEMSWEEP2][Stopped/Manual Start]
  <\??\C:\Windows\system32\E089.tmp><N/A>
[McAfee Inc. / mfeavfk][Running/Manual Start]
  <system32\drivers\mfeavfk.sys><McAfee, Inc.>
[McAfee Inc. / mfebopk][Running/Manual Start]
  <system32\drivers\mfebopk.sys><McAfee, Inc.>
[McAfee Inc. / mfehidk][Running/Manual Start]
  <system32\drivers\mfehidk.sys><McAfee, Inc.>
[McAfee Inc. / mferkdk][Stopped/Manual Start]
  <system32\drivers\mferkdk.sys><McAfee, Inc.>
[McAfee Inc. / mfesmfk][Stopped/Manual Start]
  <system32\drivers\mfesmfk.sys><McAfee, Inc.>
[MPFP / MPFP][Running/System Start]
  <System32\Drivers\Mpfp.sys><McAfee, Inc.>
[Mraid35x / Mraid35x][Stopped/Disabled]
  <\SystemRoot\system32\drivers\mraid35x.sys><LSI Logic Corporation>
[MREMP50 NDIS Protocol Driver / MREMP50][Stopped/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[MREMP50a64 NDIS Protocol Driver / MREMP50a64][Stopped/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS><N/A>
[MRESP50 NDIS Protocol Driver / MRESP50][Stopped/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[MRESP50a64 NDIS Protocol Driver / MRESP50a64][Stopped/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS><N/A>
[Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista / NETw2v32][Stopped/Manual Start]
  <system32\DRIVERS\NETw2v32.sys><Intel® Corporation>
[nfrd960 / nfrd960][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[GoProto Protocol Driver for NMS / nmsgopro][Running/Auto Start]
  <system32\DRIVERS\nmsgopro.sys><Gteko Ltd.>
[UniDriver for NMS / nmsunidr][Running/Auto Start]
  <system32\DRIVERS\nmsunidr.sys><Gteko Ltd.>
[N-trig HID Tablet Driver / ntrigdigi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ntrigdigi.sys><N-trig Innovative Technologies>
[nvraid / nvraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvraid.sys><NVIDIA Corporation>
[nvstor / nvstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvstor.sys><NVIDIA Corporation>
[IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkflt.sys><N/A>
[IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkfwd.sys><N/A>
[pavboot / pavboot][Running/Boot Start]
  <\SystemRoot\system32\drivers\pavboot.sys><Panda Security, S.L.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[QLogic Fibre Channel Miniport Driver / ql2300][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[QLogic iSCSI Miniport Driver / ql40xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql40xx.sys><QLogic Corporation>
[SASDIFSV / SASDIFSV][Running/System Start]
  <\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS><SUPERAdBlocker.com and SUPERAntiSpyware.com>
[SASENUM / SASENUM][Running/Manual Start]
  <\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS><SuperAdBlocker, Inc.>
[SASKUTIL / SASKUTIL][Running/System Start]
  <\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys><SUPERAdBlocker.com and SUPERAntiSpyware.com>
[SDDMI2 / SDDMI2][Stopped/Manual Start]
  <\??\C:\Windows\system32\DDMI2.sys><N/A>
[Sentinel / Sentinel][Stopped/Auto Start]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
[SiSRaid2 / SiSRaid2][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sisraid2.sys><Silicon Integrated Systems Corp.>
[SiSRaid4 / SiSRaid4][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sisraid4.sys><Silicon Integrated Systems>
[SigmaTel High Definition Audio CODEC / STHDA][Running/Manual Start]
  <system32\drivers\stwrt.sys><SigmaTel, Inc.>
[Symc8xx / Symc8xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\symc8xx.sys><LSI Logic>
[Sym_hi / Sym_hi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_hi.sys><LSI Logic>
[Sym_u3 / Sym_u3][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_u3.sys><LSI Logic>
[TSHWMDTCP / TSHWMDTCP][Stopped/Manual Start]
  <\??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys><N/A>
[uliahci / uliahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\uliahci.sys><ULi Electronics Inc.>
[UlSata / UlSata][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata.sys><Promise Technology, Inc.>
[ulsata2 / ulsata2][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata2.sys><Promise Technology, Inc.>
[viaide / viaide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\viaide.sys><VIA Technologies, Inc.>
[vsmraid / vsmraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\vsmraid.sys><VIA Technologies Inc.,Ltd>
[WAN Miniport (ATW) / wanatw][Running/Manual Start]
  <system32\DRIVERS\wanatw4.sys><America Online, Inc.>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSX_CNXT.sys><Conexant Systems, Inc.>
[XAudio / XAudio][Running/Auto Start]
  <system32\DRIVERS\xaudio.sys><Conexant Systems, Inc.>

==================================
Browser Add-ons
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre6\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[scriptproxy]
  {7DB2D5A0-7241-4E79-B68D-6309F01C5231} <c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll, (Signed) McAfee, Inc.>
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll, (Signed) Google Inc.>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435b-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, (Signed) Sun Microsystems, Inc.>
[Send to OneNote from Internet Explorer button]
  {2670000A-7350-4f3c-8081-5663EE0C6C49} <C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll, (Signed) Microsoft Corporation>
[]
  {85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A>
[&Research]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[BDSCANONLINE Control]
  {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\Windows\DOWNLO~1\oscan82.ocx, BitDefender>
[Java Plug-in 1.6.0_15]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[a-squared Scanner]
  {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} <C:\Windows\DOWNLO~1\asquared.ocx, (Signed) Emsi Software GmbH>
[Java Plug-in 1.6.0_15]
  {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_15]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_15.dll, (Signed) Sun Microsystems, Inc.>
[]
  {01895BDB-00E4-491E-A0A9-47E5E815BEC2} <, >
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <, >
[]
  {2670000A-7350-4F3C-8081-5663EE0C6C49} <, >
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[]
  {35B207D6-02F3-4109-B346-7C3AF36EC39F} <, >
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre6\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[scriptproxy]
  {7DB2D5A0-7241-4E79-B68D-6309F01C5231} <c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll, (Signed) McAfee, Inc.>
[]
  {85D1F590-48F4-11D9-9669-0800200C9A66} <, >
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <, >
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll, (Signed) Google Inc.>
[]
  {CA6319C0-31B7-401E-A518-A07C3DB8F777} <, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[]
  {D920E924-46CC-4D2E-843B-C14AB51A1BCF} <, >
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, (Signed) Sun Microsystems, Inc.>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>

==================================
Running Processes
[PID: 420 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 6.0.6002.18005 (lh_sp2rtm.090410-1830)]
[PID: 556 / SYSTEM][C:\Windows\system32\csrss.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 592 / SYSTEM][C:\Windows\system32\wininit.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 612 / SYSTEM][C:\Windows\system32\csrss.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 644 / SYSTEM][C:\Windows\system32\services.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 656 / SYSTEM][C:\Windows\system32\lsass.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 664 / SYSTEM][C:\Windows\system32\lsm.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 728 / SYSTEM][C:\Windows\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 860 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 920 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1056 / LOCAL SERVICE][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 1120 / SYSTEM][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1132 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 1212 / LOCAL SERVICE][C:\Windows\system32\AUDIODG.EXE]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1240 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1264 / NETWORK SERVICE][C:\Windows\system32\SLsvc.exe]  [(Verified) Microsoft Corporation, 6.0.6002.18005 (lh_sp2rtm.090410-1830)]
[PID: 1304 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 1472 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 1784 / SYSTEM][C:\Windows\System32\spoolsv.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\System32\hpzlllhn.dll]  [Hewlett-Packard Company, 61.053.25.9]
	[C:\Windows\system32\spool\PRTPROCS\W32X86\hpzpplhn.dll]  [Hewlett-Packard Corporation, 61.053.25.9]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 1836 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1848 / Led Zeppelin][C:\Windows\system32\Dwm.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1856 / SYSTEM][C:\Windows\system32\taskeng.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1960 / Led Zeppelin][C:\Windows\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1992 / Led Zeppelin][C:\Windows\system32\taskeng.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\igfxTMM.dll]  [, 1, 0, 0, 1]
[PID: 548 / Led Zeppelin][C:\Windows\zHotkey.exe]  [, 3, 0, 0, 10]
[PID: 600 / Led Zeppelin][C:\Windows\ModPS2Key.exe]  [Chicony, 4, 2, 0, 0]
[PID: 692 / Led Zeppelin][C:\Program Files\McAfee.com\Agent\mcagent.exe]  [McAfee, Inc., 8,0,237,0]
	[C:\PROGRA~1\McAfee\MSC\McRes.dll]  [McAfee, Inc., 8,0,226,0]
	[C:\PROGRA~1\McAfee\MSC\McLocRes.dll]  [McAfee, Inc., 8,1,153,0]
	[C:\Program Files\McAfee\MSC\oem\370-46\Mccobres.dll]  [McAfee, Inc., 8,0,205,0]
	[C:\PROGRA~1\McAfee\MSC\Mccobres.dll]  [McAfee, Inc., 8,1,165,0]
	[c:\PROGRA~1\mcafee\msc\mcsubmgr\8_1_13~1\mcsubmgr.dll]  [McAfee, Inc., 8,1,133,0]
	[C:\Program Files\Common Files\McAfee\Core\mccoreps.dll]  [McAfee, Inc., 3,0,115,0]
	[C:\Program Files\McAfee\MSC\mcmispps.dll]  [McAfee, Inc., 8,0,226,0]
	[C:\Program Files\McAfee.com\Agent\mcagntps.dll]  [McAfee, Inc., 8,0,226,0]
	[c:\PROGRA~1\mcafee\msc\mccfgpv.dll]  [McAfee, Inc., 8,1,133,0]
[PID: 660 / Led Zeppelin][C:\Windows\System32\igfxtray.exe]  [Intel Corporation, 7.14.10.1147]
	[C:\Windows\System32\hccutils.DLL]  [N/A, ]
	[C:\Windows\system32\igfxsrvc.dll]  [Intel Corporation, 7.14.10.1147]
	[C:\Windows\System32\igfxres.dll]  [Intel Corporation, 7.14.10.1409]
	[C:\Windows\System32\igfxress.dll]  [Intel Corporation, 7.14.10.1147]
[PID: 868 / Led Zeppelin][C:\Windows\System32\hkcmd.exe]  [Intel Corporation, 6.14.10.1147]
	[C:\Windows\System32\hccutils.DLL]  [N/A, ]
	[C:\Windows\system32\igfxsrvc.dll]  [Intel Corporation, 7.14.10.1147]
	[C:\Windows\System32\igfxres.dll]  [Intel Corporation, 7.14.10.1409]
[PID: 1012 / Led Zeppelin][C:\Windows\System32\igfxpers.exe]  [Intel Corporation, 7.14.10.1147]
	[C:\Windows\system32\igfxsrvc.dll]  [Intel Corporation, 7.14.10.1147]
[PID: 1072 / Led Zeppelin][C:\Program Files\HP\HP Software Update\hpwuSchd2.exe]  [Hewlett-Packard Co., 82.0.173.000]
[PID: 1492 / Led Zeppelin][C:\Program Files\iTunes\iTunesHelper.exe]  [Apple Inc., 8.0.2.20]
	[C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL]  [Apple Inc., 8.0.2.20]
	[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL]  [Apple Inc., 8.0.2.20]
	[C:\Program Files\QuickTime\QTSystem\QuickTime.qts]  [Apple Inc., 7.5.5 (990.7)]
	[C:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll]  [Apple Inc., 185.11.0.10]
[PID: 1628 / Led Zeppelin][C:\Windows\sttray.exe]  [SigmaTel, Inc., 1.0.5274.0  nd532 cp1]
	[C:\Windows\system32\STLang.dll]  [SigmaTel, Inc., 1.0.5274.0  nd532 cp1]
	[C:\Windows\system32\stapi32.dll]  [SigmaTel, Inc., 1.0.5274.0  nd532 cp1]
[PID: 1380 / Led Zeppelin][C:\Program Files\Java\jre6\bin\jusched.exe]  [Sun Microsystems, Inc., 6.0.150.3]
[PID: 2056 / Led Zeppelin][C:\Windows\ehome\ehtray.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 2064 / Led Zeppelin][C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe]  [Macrovision Corporation, 6, 0, 100, 54472]
[PID: 2072 / Led Zeppelin][C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE]  [SUPERAntiSpyware.com, 4, 29, 0, 1002]
	[C:\Program Files\SUPERAntiSpyware\deupx.dll]  [SuperAntiSpyware.com, 1, 0, 0, 2]
	[C:\Users\Led Zeppelin\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL]  [N/A, ]
[PID: 2080 / Led Zeppelin][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe]  [Google Inc., 2, 0, 301, 1654]
	[C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\gtn.dll]  [Google Inc., 5, 3, 4501, 1418]
	[C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll]  [Google Inc., 5, 3, 4501, 1418]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 2120 / Led Zeppelin][C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe]  [Nero AG, 3.1.2.0]
	[C:\Program Files\Common Files\Nero\Lib\NMSQLDB.dll]  [Nero AG, 3.1.2.0]
	[C:\Program Files\Common Files\Nero\Lib\NMLogCxx.dll]  [Nero AG, 3.1.2.0]
	[C:\Program Files\Common Files\Nero\Lib\log4cxx.dll]  [Nero AG, 1, 0, 1, 0]
[PID: 2128 / Led Zeppelin][C:\Program Files\Windows Media Player\wmpnscfg.exe]  [Microsoft Corporation, 11.0.6000.6324 (vista_rtm.061101-2205)]
[PID: 2300 / Led Zeppelin][C:\Windows\ehome\ehmsas.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2376 / Led Zeppelin][C:\Program Files\HDD Health\hddhealth.exe]  [PANTERASoft, 3.3.0.220]
[PID: 2412 / Led Zeppelin][C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll]  [Hewlett-Packard Co., 82.0.242.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc]  [Hewlett-Packard Co., 82.0.242.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll]  [Hewlett-Packard Co., 82.0.242.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll]  [Hewlett-Packard Co., 82.0.173.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll]  [Hewlett-Packard Co., 82.0.174.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqddusr.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll]  [Hewlett-Packard Co., 82.0.174.000]
	[C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.4053]
[PID: 2428 / Led Zeppelin][C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe]  [, 2, 0, 1, 1]
	[C:\Program Files\SEC\Natural Color\LowCMS.dll]  [, 1, 0, 0, 1]
	[C:\Program Files\SEC\Natural Color\MFC42D.DLL]  [Microsoft Corporation, 6.00.8665.0]
	[C:\Program Files\SEC\Natural Color\MSVCRTD.dll]  [Microsoft Corporation, 6.00.8797.0]
	[C:\Program Files\SEC\Natural Color\MFCO42D.DLL]  [Microsoft Corporation, 6.00.8665.0]
[PID: 2460 / Led Zeppelin][C:\Program Files\AOL 9.0a\waol.exe]  [AOL, LLC., 9.05.001]
	[C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Program Files\AOL 9.0a\waol.dll]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\supersub.dll]  [AOL, LLC., 9.05.001]
	[C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\AOL 9.0a\xprt5.dll]  [AOL LLC, 5.2.4.5154]
	[C:\Program Files\AOL 9.0a\coolcore46.dll]  [AOL LLC, 4.6.6.5154]
	[C:\Program Files\AOL 9.0a\zlib.dll]  [, 1.1.4]
	[C:\Program Files\AOL 9.0a\xmlparse.dll]  [N/A, ]
	[C:\Program Files\AOL 9.0a\xmltok.dll]  [N/A, ]
	[C:\Program Files\AOL 9.0a\comm.dll]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\manager.dll]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\SYNCCORE.dll]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\ProxyMgr.dll]  [AOL LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\APPDATA.dll]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\acfBase.DLL]  [America Online, 1, 0, 0, 1]
	[C:\Program Files\Common Files\AOL\1186805682\ee\AOLSvcMgr.dll]  [America Online, Inc., 1.5.6.1]
	[C:\Program Files\AOL 9.0a\resource.dll]  [AOL, LLC., 9.05.001]
	[C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll]  [AOL LLC, 3.3.10.1]
	[C:\Program Files\Common Files\AOL\ACS\AcsCmn.dll]  [AOL LLC, 4.6.61.1			 ]
	[C:\Program Files\AOL 9.0a\TOOL\imfdecode.rct]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\TOOL\coretool.rct]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\DUNZIP32.dll]  [Inner Media, Inc., 4.00.04]
	[C:\Program Files\AOL 9.0a\TOOL\mip.tol]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\ABOOK.dll]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\TOOL\rich.rct]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\TOOL\actvx.rct]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\TOOL\sec.cct]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\TOOL\chat.tol]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\TOOL\htmlview.tol]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\TOOL\www.tol]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\TOOL\lvi.tol]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\COOLAPI.dll]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\idleproc.dll]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\TOOL\talk.tol]  [AOL, LLC., 9.05.001]
	[C:\Windows\system32\jgpl400.dll]  [Johnson-Grace Company, 054]
	[C:\Windows\system32\jgdw400.dll]  [America Online, 106]
	[C:\Windows\system32\igdumd32.dll]  [Intel Corporation, 7.14.10.1147]
[PID: 2688 / Led Zeppelin][C:\Program Files\Common Files\AOL\1186805682\ee\aolsoftware.exe]  [America Online, Inc., 1.5.6.1]
	[C:\Program Files\Common Files\AOL\1186805682\ee\xprt5.dll]  [AOL LLC, 5.2.3.5014]
	[C:\Program Files\Common Files\AOL\1186805682\ee\AOLSvcMgr.dll]  [America Online, Inc., 1.5.6.1]
	[C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll]  [AOL LLC, 3.3.10.1]
	[C:\Program Files\Common Files\AOL\1186805682\ee\AOLHostMgr.dll]  [America Online, Inc., 1.5.6.1]
	[c:\program files\common files\aol\1186805682\ee\services\os\ver5_2_1_1\OS.dll]  [AOL LLC, 5.2.1.1]
	[c:\program files\common files\aol\1186805682\ee\services\os\ver5_2_1_1\AOLIdleMon.dll]  [AOL LLC, 5.2.1.1]
	[c:\program files\common files\aol\1186805682\ee\services\basics\ver8_0_4_1\basics.dll]  [America Online, Inc., 8.0.4.1]
	[c:\program files\common files\aol\1186805682\ee\services\notification\ver6_2_6_1\Notify.dll]  [America Online, Inc., 6.2.6.1]
	[c:\program files\common files\aol\1186805682\ee\services\localStorage\ver7_1_5_2\clsSvc.dll]  [AOL LLC, 7.1.5.2]
	[c:\program files\common files\aol\1186805682\ee\services\metrics\ver3_6_15_1\cmls.dll]  [America Online, Inc., 3.6.15.1]
	[c:\program files\common files\aol\1186805682\ee\services\aolsystrayservice\ver3_0_11_1\AOLSysTrayService.dll]  [AOL LLC, 3.0.11.1]
	[C:\Program Files\Common Files\AOL\1186805682\ee\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[c:\program files\common files\aol\1186805682\ee\services\suiteFramework\ver3_1_3_1\suiteFramework.dll]  [America Online, Inc., 3.1.3.1]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 2900 / SYSTEM][C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe]  [AOL LLC, 4.6.1.2			  ]
	[C:\Program Files\Common Files\AOL\ACS\AOLacsd.dll]  [AOL LLC, 4.6.61.1			 ]
	[C:\Program Files\Common Files\AOL\ACS\xpat.dll]  [AOL LLC, 4.6.61.1			 ]
	[C:\Program Files\Common Files\AOL\ACS\ACSMDiag.dll]  [AOL LLC, 4.6.61.1			 ]
	[C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll]  [AOL LLC, 3.3.10.1]
	[C:\Program Files\Common Files\AOL\ACS\AcsCmn.dll]  [AOL LLC, 4.6.61.1			 ]
	[C:\Program Files\Common Files\AOL\ACS\ACSSwu.dll]  [AOL LLC, 4.6.61.1			 ]
[PID: 2932 / SYSTEM][C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe]  [Apple Inc., 2.12.33.0]
[PID: 2944 / SYSTEM][C:\Program Files\Bonjour\mDNSResponder.exe]  [Apple Inc., 1,0,5,11]
[PID: 2984 / SYSTEM][C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe]  [, 1, 0, 0, 8]
	[C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\nmsmc.dll]  [Gteko Ltd., 1, 0, 0, 9]
[PID: 3156 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[c:\program files\hp\digital imaging\bin\hpqddsvc.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[c:\program files\hp\digital imaging\bin\hpqddcmn.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[c:\program files\hp\digital imaging\bin\hpqcxs08.dll]  [Hewlett-Packard Co., 120.0.214.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll]  [Hewlett-Packard Co., 110.0.180.000]
[PID: 3172 / SYSTEM][C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe]  [Intel Corporation, 6.2.1.1005]
[PID: 3212 / SYSTEM][C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe]  [McAfee, Inc., 8.3.105.0]
	[C:\Program Files\Common Files\McAfee\Core\mccoreps.dll]  [McAfee, Inc., 3,0,115,0]
	[c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapips.dll]  [McAfee, Inc., 8.3.105.0]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 3248 / SYSTEM][C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe]  [McAfee, Inc., 11,2,121,0]
	[c:\PROGRA~1\mcafee\VIRUSS~1\mcodsax.dll]  [McAfee, Inc., 11,2,121,0]
[PID: 3272 / SYSTEM][c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe]  [McAfee, Inc., 1,2,138,0]
	[c:\PROGRA~1\mcafee\msk\mcadaptr.dll]  [McAfee Inc., 8.2.137.0]
	[c:\PROGRA~1\mcafee\mps\mpsppm.dll]  [McAfee, Inc., 9.2.134.0]
	[C:\PROGRA~1\COMMON~1\McAfee\Core\McEvtBrk.dll]  [McAfee, Inc., 3,0,115,0]
	[c:\PROGRA~1\mcafee\msk\mskp3plg.dll]  [McAfee Inc., 8.2.125.0]
	[c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirps.dll]  [McAfee, Inc., 1,3,109,0]
	[c:\PROGRA~1\mcafee\msk\McAPFilt.dll]  [McAfee Inc., 8.2.134.0]
	[c:\PROGRA~1\mcafee\msk\MSKSet.dll]  [McAfee Inc., 8.2.125.0]
[PID: 3368 / SYSTEM][c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe]  [McAfee, Inc., 1,3,109,0]
	[C:\PROGRA~1\COMMON~1\McAfee\Core\McEvtBrk.dll]  [McAfee, Inc., 3,0,115,0]
	[C:\Program Files\Common Files\McAfee\Core\mccoreps.dll]  [McAfee, Inc., 3,0,115,0]
	[c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapips.dll]  [McAfee, Inc., 8.3.105.0]
	[c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirps.dll]  [McAfee, Inc., 1,3,109,0]
[PID: 3404 / SYSTEM][C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe]  [McAfee, Inc., VSCORE.13.3.2.116.x86]
	[C:\PROGRA~1\McAfee\VIRUSS~1\LockDown.dll]  [McAfee, Inc., VSCORE.13.3.2.116.x86]
	[C:\PROGRA~1\McAfee\VIRUSS~1\mytilus.dll]  [McAfee, Inc., VSCORE.13.3.2.116.x86]
	[C:\PROGRA~1\McAfee\VIRUSS~1\mytilus2.dll]  [McAfee, Inc., VSCORE.13.3.2.116.x86]
	[C:\PROGRA~1\McAfee\VIRUSS~1\RES00\McShield.dll]  [McAfee, Inc., VSCORE.13.3.2.116]
	[C:\PROGRA~1\McAfee\VIRUSS~1\FTL.Dll]  [McAfee, Inc., VSCORE.13.3.2.116.x86]
	[C:\PROGRA~1\McAfee\VIRUSS~1\naiann.dll]  [McAfee, Inc., 11,2,127,0]
	[C:\Program Files\Common Files\McAfee\Core\mccoreps.dll]  [McAfee, Inc., 3,0,115,0]
	[c:\PROGRA~1\mcafee\VIRUSS~1\mcvsps.dll]  [McAfee, Inc., 11,2,127,0]
	[c:\PROGRA~1\mcafee\VIRUSS~1\naiannps.dll]  [McAfee, Inc., 11,2,127,0]
	[c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll]  [McAfee, Inc., 11,2,134,0]
	[c:\PROGRA~1\mcafee\VIRUSS~1\mcvsqt.dll]  [McAfee, Inc., 11,2,127,0]
	[C:\PROGRA~1\McAfee\VIRUSS~1\McQtLib.dll]  [McAfee, Inc., 11,2,127,0]
	[C:\PROGRA~1\COMMON~1\McAfee\Core\McEvtBrk.dll]  [McAfee, Inc., 3,0,115,0]
	[C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll]  [McAfee, Inc., 11,2,121,0]
	[C:\PROGRA~1\McAfee\VIRUSS~1\scriptsv.dll]  [McAfee, Inc., VSCORE.13.3.2.116.x86]
	[C:\PROGRA~1\McAfee\VIRUSS~1\mfebopa.dll]  [McAfee, Inc., SYSCORE.13.3.0.136.x86]
	[C:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll]  [McAfee, Inc., SYSCORE.13.3.0.136.x86]
	[C:\PROGRA~1\McAfee\VIRUSS~1\mfeavfa.dll]  [McAfee, Inc., SYSCORE.13.3.0.136.x86]
	[c:\PROGRA~1\mcafee\msc\mcsubmgr\8_1_13~1\mcsubmgr.dll]  [McAfee, Inc., 8,1,133,0]
	[C:\Program Files\McAfee\MSC\mcmispps.dll]  [McAfee, Inc., 8,0,226,0]
[PID: 3520 / SYSTEM][C:\Program Files\McAfee\MPF\MPFSrv.exe]  [McAfee, Inc., 8.2.122.0]
	[C:\Program Files\Common Files\McAfee\Core\mccoreps.dll]  [McAfee, Inc., 3,0,115,0]
	[c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapips.dll]  [McAfee, Inc., 8.3.105.0]
	[C:\PROGRA~1\COMMON~1\McAfee\Core\McEvtBrk.dll]  [McAfee, Inc., 3,0,115,0]
	[c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll]  [McAfee, Inc., 8.2.118.0]
	[C:\Program Files\McAfee\MSC\mcmispps.dll]  [McAfee, Inc., 8,0,226,0]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
	[C:\Program Files\McAfee\MPF\L10N.DLL]  [McAfee Security, 8.2.118.0]
[PID: 3600 / SYSTEM][C:\PROGRA~1\McAfee\MPS\mps.exe]  [McAfee, Inc., 9.2.134.0]
	[C:\Windows\system32\Dunzip32.dll]  [Inner Media, Inc., 5.00.06]
	[C:\PROGRA~1\COMMON~1\McAfee\Core\McEvtBrk.dll]  [McAfee, Inc., 3,0,115,0]
	[c:\PROGRA~1\mcafee\mps\mpsps.dll]  [McAfee, Inc., 9.2.134.0]
	[C:\Program Files\Common Files\McAfee\Core\mccoreps.dll]  [McAfee, Inc., 3,0,115,0]
[PID: 3660 / SYSTEM][C:\Program Files\McAfee\MSK\MskSrver.exe]  [McAfee Inc., 8.2.125.0]
	[c:\PROGRA~1\mcafee\msk\mskengn.dll]  [McAfee Inc., 8.2.139.0]
	[c:\PROGRA~1\mcafee\msk\mskwm.dll]  [McAfee Inc., 8.2.125.0]
	[C:\Program Files\McAfee\MSK\MSKSet.dll]  [McAfee Inc., 8.2.125.0]
[PID: 3736 / SYSTEM][C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe]  [Nero AG, 3, 1, 0, 0]
	[C:\Program Files\Nero\Nero8\Nero BackItUp\NB.dll]  [Nero AG, 3, 1, 0, 0]
	[C:\Program Files\Nero\Nero8\Nero BackItUp\NeroAPIGlueLayerUnicode.dll]  [Nero AG, 8.1.3.0]
	[C:\Program Files\Nero\Nero8\Nero BackItUp\LBFC.dll]  [Nero AG, 3, 1, 0, 0]
	[C:\Program Files\Nero\Nero8\Nero BackItUp\NBHDMgr.dll]  [Nero AG, 3, 1, 0, 0]
[PID: 3920 / LOCAL SERVICE][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[c:\windows\system32\hpzinw12.dll]  [Hewlett-Packard, 12,1,2,54]
[PID: 4004 / LOCAL SERVICE][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[c:\windows\system32\hpzipm12.dll]  [Hewlett-Packard, 12,1,2,54]
[PID: 4060 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 4080 / Led Zeppelin][C:\Program Files\McAfee\MPS\mpsevh.exe]  [McAfee, Inc., 9.2.134.0]
	[C:\PROGRA~1\McAfee\MSC\McAltLib.dll]  [McAfee, Inc., 8,1,133,0]
	[C:\PROGRA~1\McAfee\MSC\McRes.dll]  [McAfee, Inc., 8,0,226,0]
	[C:\PROGRA~1\McAfee\MSC\McLocRes.dll]  [McAfee, Inc., 8,1,153,0]
	[C:\Program Files\McAfee\MSC\oem\370-46\Mccobres.dll]  [McAfee, Inc., 8,0,205,0]
	[C:\PROGRA~1\McAfee\MSC\Mccobres.dll]  [McAfee, Inc., 8,1,165,0]
	[c:\PROGRA~1\mcafee\mps\mpsps.dll]  [McAfee, Inc., 9.2.134.0]
	[c:\PROGRA~1\mcafee\mps\mpsmisp.dll]  [McAfee, Inc., 9.2.134.0]
	[C:\Program Files\Common Files\McAfee\Core\mccoreps.dll]  [McAfee, Inc., 3,0,115,0]
	[C:\Program Files\McAfee\MSC\mcmispps.dll]  [McAfee, Inc., 8,0,226,0]
[PID: 1096 / SYSTEM][C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS]  [New Boundary Technologies, Inc., 5.0]
[PID: 564 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 916 / SYSTEM][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 3304 / SYSTEM][C:\Windows\system32\SearchIndexer.exe]  [(Verified) Microsoft Corporation, 7.00.6002.18005 (lh_sp2rtm.090410-1830)]
[PID: 820 / SYSTEM][C:\Windows\system32\DRIVERS\xaudio.exe]  [Conexant Systems, Inc., 1.00.00]
[PID: 1436 / SYSTEM][C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\tbmux32.exe]  [Transaction Software, D 81737 Munich, V5.3.1.19 (Build 129)]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 2756 / SYSTEM][C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\tbkern32.exe]  [Transaction Software, D 81737 Munich, V5.3.1.19 (Build 129)]
	[C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\polycsr.dll]  [Transaction Software, D 81737 Munich, V5.3.1.19 (Build 129)]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 3784 / SYSTEM][C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\tbkern32.exe]  [Transaction Software, D 81737 Munich, V5.3.1.19 (Build 129)]
	[C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\polycsr.dll]  [Transaction Software, D 81737 Munich, V5.3.1.19 (Build 129)]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 4148 / LOCAL SERVICE][C:\Windows\system32\WUDFHost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 4328 / Led Zeppelin][C:\Program Files\AOL 9.0a\shellmon.exe]  [AOL, LLC., 9.05.001]
	[C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 5768 / SYSTEM][C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe]  [McAfee, Inc., 8,1,159,0]
	[c:\PROGRA~1\COMMON~1\mcafee\msc\mcutil\8_1_11~1\McUtil.dll]  [McAfee, Inc., 8,1,114,0]
	[C:\PROGRA~1\McAfee\MSC\McRes.dll]  [McAfee, Inc., 8,0,226,0]
	[C:\PROGRA~1\McAfee\MSC\McLocRes.dll]  [McAfee, Inc., 8,1,153,0]
	[C:\Program Files\McAfee\MSC\oem\370-46\Mccobres.dll]  [McAfee, Inc., 8,0,205,0]
	[C:\PROGRA~1\McAfee\MSC\Mccobres.dll]  [McAfee, Inc., 8,1,165,0]
	[C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll]  [McAfee, Inc., 8,1,125,0]
	[C:\Program Files\Common Files\McAfee\Core\mccoreps.dll]  [McAfee, Inc., 3,0,115,0]
	[C:\Program Files\McAfee\MSC\mcmispps.dll]  [McAfee, Inc., 8,0,226,0]
	[c:\PROGRA~1\mcafee\msc\mcdbmgr.dll]  [McAfee, Inc., 8,0,226,0]
	[c:\PROGRA~1\mcafee\msc\mcshllps.dll]  [McAfee, Inc., 8,1,133,0]
	[c:\PROGRA~1\mcafee\msc\mcsubmgr\8_1_13~1\mcsubmgr.dll]  [McAfee, Inc., 8,1,133,0]
	[c:\PROGRA~1\mcafee\VIRUSS~1\mvsap.dll]  [McAfee, Inc., 11,2,121,0]
	[c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll]  [McAfee, Inc., 8.2.118.0]
	[C:\Program Files\McAfee\MPF\L10N.DLL]  [McAfee Security, 8.2.118.0]
	[c:\PROGRA~1\mcafee\msk\mskmisp.dll]  [McAfee Inc., 8.2.125.0]
	[c:\PROGRA~1\mcafee\mps\mpsmisp.dll]  [McAfee, Inc., 9.2.134.0]
	[c:\PROGRA~1\mcafee\mps\mpsps.dll]  [McAfee, Inc., 9.2.134.0]
	[C:\Program Files\McAfee\MPS\MpsRes.DLL]  [McAfee, Inc., 9.2.134.0]
	[C:\Program Files\McAfee\MSC\mcprotpv.dll]  [McAfee, Inc., 8,0,226,0]
	[C:\PROGRA~1\McAfee\MSC\McNmcRes.dll]  [McAfee, Inc., 2,1,151,0]
	[C:\PROGRA~1\McAfee\MSC\McNmcLoR.dll]  [McAfee, Inc., 2,1,151,0]
	[C:\PROGRA~1\McAfee\MSC\McNmcCoR.dll]  [McAfee, Inc., 2,1,151,0]
	[C:\PROGRA~1\McAfee\MSC\McProHlp.dll]  [McAfee, Inc., 8,0,226,0]
	[c:\PROGRA~1\mcafee\msc\mcregobj\8_0_22~1\mcregobj.dll]  [McAfee, Inc., 8,0,226,0]
	[c:\PROGRA~1\mcafee\VIRUSS~1\mcvspp.dll]  [McAfee, Inc., 11,2,121,0]
	[c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll]  [McAfee, Inc., 11,2,134,0]
	[c:\PROGRA~1\mcafee\VIRUSS~1\naiannps.dll]  [McAfee, Inc., 11,2,127,0]
	[C:\Program Files\McAfee\MSC\mcdemenu.dll]  [McAfee, Inc., 8,0,226,0]
	[c:\PROGRA~1\mcafee\VIRUSS~1\mvscp.dll]  [McAfee, Inc., 11,2,121,0]
	[c:\PROGRA~1\mcafee\msc\mcuicfg.dll]  [McAfee, Inc., 8,0,226,0]
	[c:\PROGRA~1\mcafee\msc\mccfgpv.dll]  [McAfee, Inc., 8,1,133,0]
	[c:\PROGRA~1\mcafee\mps\mpsver.dll]  [McAfee, Inc., 9.2.134.0]
	[c:\PROGRA~1\COMMON~1\mcafee\mcproxy\proxyver.dll]  [McAfee, Inc., 1,2,138,0]
	[c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirver.dll]  [McAfee, Inc., 1,3,109,0]
	[C:\PROGRA~1\COMMON~1\McAfee\Core\McEvtBrk.dll]  [McAfee, Inc., 3,0,115,0]
	[c:\PROGRA~1\mcafee\VIRUSS~1\mvsver.dll]  [McAfee, Inc., 11,2,132,0]
	[c:\PROGRA~1\COMMON~1\mcafee\emproxy\empxyver.dll]  [McAfee, Inc., 11,2,206,0]
	[c:\PROGRA~1\mcafee\msc\mcmscver.dll]  [McAfee, Inc., 8,1,136,0]
	[c:\PROGRA~1\mcafee\msc\mcnmcver.dll]  [McAfee, Inc., 2,0,115,0]
	[c:\PROGRA~1\mcafee\mqc\qcmisp.dll]  [McAfee, Inc., 8,1,106,0]
	[c:\PROGRA~1\mcafee\mqc\QcLite.dll]  [McAfee, Inc., 8,1,106,0]
	[c:\PROGRA~1\mcafee\msc\mcnmcprv.dll]  [McAfee, Inc., 2,1,151,0]
	[c:\PROGRA~1\COMMON~1\mcafee\mna\MCNASV~1.DLL]  [McAfee, Inc., 2,1,143,0]
	[c:\PROGRA~1\mcafee\msc\mcnmcsps.dll]  [McAfee, Inc., 2,0,115,0]
	[c:\PROGRA~1\mcafee\mpf\mc\mpfp.dll]  [McAfee, Inc., 8.2.118.0]
[PID: 6024 / NETWORK SERVICE][C:\Program Files\Windows Media Player\wmpnetwk.exe]  [Microsoft Corporation, 11.0.6000.6324 (vista_rtm.061101-2205)]
[PID: 1420 / SYSTEM][C:\Program Files\iPod\bin\iPodService.exe]  [Apple Inc., 8.0.2.20]
	[C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL]  [Apple Inc., 8.0.2.20]
	[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL]  [Apple Inc., 8.0.2.20]
[PID: 4400 / SYSTEM][C:\Windows\system32\wbem\wmiprvse.exe]  [(Verified) Microsoft Corporation, 6.0.6002.18005 (lh_sp2rtm.090410-1830)]
[PID: 3484 / Led Zeppelin][C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.4053]
	[C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqwso08.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Windows\system32\hpzipr12.dll]  [Hewlett-Packard, 12,1,2,54]
	[C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqstp08.rsc]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll]  [Hewlett-Packard Co., 120.0.214.000]
	[C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.762]
[PID: 560 / Led Zeppelin][C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe]  [Hewlett-Packard Co., 120.0.4.000]
[PID: 4672 / SYSTEM][c:\program files\common files\mcafee\mna\mcnasvc.exe]  [McAfee, Inc., 2,1,143,0]
	[c:\PROGRA~1\COMMON~1\mcafee\msc\mcutil\8_1_11~1\McUtil.dll]  [McAfee, Inc., 8,1,114,0]
	[c:\PROGRA~1\mcafee\msc\mcnmcsrv.dll]  [McAfee, Inc., 2,1,151,0]
	[C:\Program Files\Common Files\McAfee\Core\mccoreps.dll]  [McAfee, Inc., 3,0,115,0]
	[c:\PROGRA~1\mcafee\msc\mcshllps.dll]  [McAfee, Inc., 8,1,133,0]
	[c:\PROGRA~1\COMMON~1\mcafee\mna\MCNASV~1.DLL]  [McAfee, Inc., 2,1,143,0]
	[c:\PROGRA~1\mcafee\msc\mcnmcsps.dll]  [McAfee, Inc., 2,0,115,0]
	[c:\PROGRA~1\mcafee\mpf\mc\mpfp.dll]  [McAfee, Inc., 8.2.118.0]
	[c:\PROGRA~1\mcafee\msc\mcregobj\8_0_22~1\mcregobj.dll]  [McAfee, Inc., 8,0,226,0]
	[c:\PROGRA~1\mcafee\msc\mcmismgr.dll]  [McAfee, Inc., 8,1,149,0]
	[C:\PROGRA~1\McAfee\MSC\McRes.dll]  [McAfee, Inc., 8,0,226,0]
	[C:\PROGRA~1\McAfee\MSC\McLocRes.dll]  [McAfee, Inc., 8,1,153,0]
	[C:\Program Files\McAfee\MSC\oem\370-46\Mccobres.dll]  [McAfee, Inc., 8,0,205,0]
	[C:\PROGRA~1\McAfee\MSC\Mccobres.dll]  [McAfee, Inc., 8,1,165,0]
	[c:\PROGRA~1\mcafee\msc\mcsubmgr\8_1_13~1\mcsubmgr.dll]  [McAfee, Inc., 8,1,133,0]
	[c:\PROGRA~1\COMMON~1\mcafee\mna\mcuj.dll]  [McAfee, Inc., 2,1,143,0]
	[C:\PROGRA~1\McAfee\MSC\McNmcRes.dll]  [McAfee, Inc., 2,1,151,0]
	[C:\PROGRA~1\McAfee\MSC\McNmcLoR.dll]  [McAfee, Inc., 2,1,151,0]
	[C:\PROGRA~1\McAfee\MSC\McNmcCoR.dll]  [McAfee, Inc., 2,1,151,0]
[PID: 368 / Led Zeppelin][c:\PROGRA~1\mcafee\msc\mcuimgr.exe]  [McAfee, Inc., 8,0,226,0]
	[C:\Program Files\Common Files\McAfee\Core\mccoreps.dll]  [McAfee, Inc., 3,0,115,0]
	[c:\PROGRA~1\mcafee\msc\mcshllps.dll]  [McAfee, Inc., 8,1,133,0]
	[C:\PROGRA~1\McAfee\MSC\McRes.dll]  [McAfee, Inc., 8,0,226,0]
	[C:\PROGRA~1\McAfee\MSC\McLocRes.dll]  [McAfee, Inc., 8,1,153,0]
	[C:\Program Files\McAfee\MSC\oem\370-46\Mccobres.dll]  [McAfee, Inc., 8,0,205,0]
	[C:\PROGRA~1\McAfee\MSC\Mccobres.dll]  [McAfee, Inc., 8,1,165,0]
[PID: 296 / Led Zeppelin][C:\Users\Led Zeppelin\Desktop\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]
[PID: 4832 / Led Zeppelin][C:\Users\Led Zeppelin\Desktop\SREdf9c0eae.EXE]  [Smallfrogs Studio, 2.8.1.1279]
	[C:\Users\Led Zeppelin\Desktop\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["%SystemRoot%\hh.exe" %1]
.HLP  OK. [%SystemRoot%\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
.JS   Error. [C:\Windows\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
˙ţ1

==================================
Process Privileges Scan
N/A

==================================
Scheduled Tasks
[Enabled] \\Google Software Updater
		C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe scheduled_start
[Enabled] \\GoogleUpdateTaskMachineCore
		C:\Program Files\Google\Update\GoogleUpdate.exe /c
[Enabled] \\GoogleUpdateTaskMachineUA
		C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
[Enabled] \\McDefragTask
		c:\PROGRA~1\mcafee\mqc\QcConsol.exe "C:\Windows\system32\defrag.exe" C: -f
[Enabled] \\McQcTask
		c:\PROGRA~1\mcafee\mqc\QcConsol.exe 14 0
[Enabled] \\{188406B8-0620-4B90-86DA-A2D351A1297E}
		C:\Windows\system32\pcalua.exe -a "C:\Program Files\Mozilla Firefox\firefox.exe" -d "C:\Program Files\Mozilla Firefox"
[Disabled] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
		N/A 
[Enabled] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
		N/A 
[Enabled] \Microsoft\Windows\Bluetooth\UninstallDeviceTask
		BthUdTask.exe $(Arg0)
[Enabled] \Microsoft\Windows\CertificateServicesClient\SystemTask
		N/A 
[Enabled] \Microsoft\Windows\CertificateServicesClient\UserTask
		N/A 
[Enabled] \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
		N/A 
[Enabled] \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
		%SystemRoot%\System32\wsqmcons.exe 
[Enabled] \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification
		%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0
[Enabled] \Microsoft\Windows\Defrag\ManualDefrag
		%windir%\system32\defrag.exe -c
[Enabled] \Microsoft\Windows\Defrag\ScheduledDefrag
		%windir%\system32\defrag.exe -c -i
[Enabled] \Microsoft\Windows\Media Center\ehDRMInit
		%SystemRoot%\ehome\ehPrivJob.exe /DRMInit
[Enabled] \Microsoft\Windows\Media Center\mcupdate
		%SystemRoot%\ehome\mcupdate $(Arg0) -gc
[Enabled] \Microsoft\Windows\Media Center\OCURActivate
		%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
[Enabled] \Microsoft\Windows\Media Center\OCURDiscovery
		%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery
[Enabled] \Microsoft\Windows\Media Center\UpdateRecordPath
		%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
[Enabled] \Microsoft\Windows\MobilePC\HotStart
		N/A 
[Enabled] \Microsoft\Windows\MobilePC\TMM
		N/A 
[Enabled] \Microsoft\Windows\MUI\LPRemove
		%windir%\system32\lpremove.exe 
[Enabled] \Microsoft\Windows\Multimedia\SystemSoundsService
		N/A 
[Enabled] \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
		N/A 
[Enabled] \Microsoft\Windows\Shell\CrawlStartPages
		N/A 
[Disabled] \Microsoft\Windows\SideShow\AutoWake
		N/A 
[Enabled] \Microsoft\Windows\SideShow\GadgetManager
		N/A 
[Disabled] \Microsoft\Windows\SideShow\SessionAgent
		N/A 
[Disabled] \Microsoft\Windows\SideShow\SystemDataProviders
		N/A 
[Enabled] \Microsoft\Windows\SystemRestore\SR
		%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
[Enabled] \Microsoft\Windows\Tcpip\IpAddressConflict1
		rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
[Enabled] \Microsoft\Windows\Tcpip\IpAddressConflict2
		rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
[Enabled] \Microsoft\Windows\UPnP\UPnPHostConfig
		sc.exe config upnphost start= auto
[Enabled] \Microsoft\Windows\Windows Error Reporting\QueueReporting
		%windir%\system32\wermgr.exe -queuereporting
[Enabled] \Microsoft\Windows\Wired\GatherWiredInfo
		%windir%\system32\gatherWiredInfo.vbs 
[Enabled] \Microsoft\Windows\Wireless\GatherWirelessInfo
		%windir%\system32\gatherWirelessInfo.vbs 

==================================
Windows Security Update Check
 Office Live add-in 1.4 
KB949810,  Office Genuine Advantage Notifications (KB949810) 
KB949810,  Windows Live Essentials 

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

I will PMing you the screen shots and I do get them in IE on the same page.

Edited by imazephed, 07 October 2009 - 10:16 PM.


#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:40 AM

Posted 08 October 2009 - 03:33 AM

Hi imazephed,



Your Hosts file was hijacked even we have reset it to no avail. We need to redo and check it manually. Please be patient and do the following:

Step1

Please run SREng>Click Boot Items>Click Services Menu>Press Drivers button. Locate and Click the following Service name entry.

[MEMSWEEP2 / MEMSWEEP2][Stopped/Manual Start]
<\??\C:\Windows\system32\E089.tmp><N/A>


Check Delete Service button, Click Set button on the right pane, follow the prompt, click "NO" button to delete the service. Exit the program,


Step2

Start HijackThis,click Config > Misc Tools > Delete a file on reboot >copy/paste C:\Windows\system32\E089.tmp on file name box, click "open" and "yes" to the prompt window.

Now, You will reboot your pc.


Step3

Please open System Repair Engine

  • Click your SREng.exe and run it
  • Click System Repair in the left pane.
  • Click on Hosts File tap
  • Press reset button, and click Yes to the prompt window.
  • Click save button in the right bottom corner. Exit the program and restart it
  • Select 'Smart Scan' & tick "Verify the digital signatures of process modules"
  • Click on the Scan button. When finished, click on the Save Reports button & save the log to Desktop
  • You can refer to this thread for your reference.
After that, we need to check it manually. Please do in the following:

1) Browse to Start -> All Programs -> Accessories
2) Right click "Notepad" and select "Run as administrator"
3) Click "Continue" on the UAC prompt
4) Click File -> Open
5) Browse to "C:\Windows\System32\Drivers\etc"
6) Change the file filter drop down box from "Text Documents (*.txt)" to "All Files (*.*)"
7) Select "hosts" and click "Open"
8) Please check if the contents of Hosts file is exactly the same as follows:

# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost



In your next reply, please post back:

1.SREng log

Tell me how things went.

Edited by sundavis, 08 October 2009 - 03:34 AM.


#13 imazephed

imazephed
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 08 October 2009 - 06:14 PM

Sundavis I did as you asked and all went as you said it would this is the System Repair Engine log

2009-10-08,17:41:59

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows Vista Home Premium Edition Service Pack 2 (Build 6002) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
	All Boot Items (Including Registry, Startup Folders, Services and so on)
	Browser Add-ons
	Running Processes (Including process model information)
	File Associations
	Winsock Provider
	Autorun.Inf
	HOSTS File
	Process Privileges Scan
	Scheduled Tasks
	Windows Security Update Check
	API HOOK
	Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
	<ehTray.exe><C:\Windows\ehome\ehTray.exe>  [(Verified)Microsoft Windows]
	<ISUSPM><"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler>  [(Verified)Macrovision Corporation]
	<SUPERAntiSpyware><C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe>  [(Verified)SuperAdBlocker.com]
	<swg><"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe">  [(Verified)Google Inc]
	<IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020>  [File is missing]
	<WMPNSCFG><C:\Program Files\Windows Media Player\WMPNSCFG.exe>  [(Verified)Microsoft Windows]
	<HDDHealth><C:\Program Files\HDD Health\hddhealth.exe -wl>  [PANTERASoft]
	<AOL Fast Start><"C:\Program Files\AOL 9.0a\AOL.EXE" -b>  [(Verified)AOL LLC]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
	<Windows Defender><%ProgramFiles%\Windows Defender\MSASCui.exe -hide>  [(Verified)Microsoft Windows]
	<CHotkey><zHotkey.exe>  []
	<ShowWnd><ShowWnd.exe>  []
	<ModPS2><ModPS2Key.exe>  [Chicony]
	<mcagent_exe><C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey>  [(Verified)"McAfee, Inc."]
	<Google Desktop Search><"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup>  [Google]
	<IgfxTray><C:\Windows\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<HotKeysCmds><C:\Windows\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<Persistence><C:\Windows\system32\igfxpers.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<NBKeyScan><"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe">  [(Verified)Nero AG]
	<HP Software Update><C:\Program Files\HP\HP Software Update\HPWuSchd2.exe>  [Hewlett-Packard Co.]
	<AppleSyncNotifier><C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe>  [(Verified)Apple Inc.]
	<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
	<QuickTime Task><"C:\Program Files\QuickTime\QTTask.exe" -atboottime>  [Apple Inc.]
	<iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe">  [(Verified)Apple Inc.]
	<SigmatelSysTrayApp><sttray.exe>  [SigmaTel, Inc.]
	<SunJavaUpdateSched><"C:\Program Files\Java\jre6\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<shell><Explorer.exe>  [(Verified)Microsoft Windows]
	<Userinit><C:\Windows\system32\userinit.exe,>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<AppInit_DLLs><C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll>  [Google]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
	<{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}><C:\Program Files\SUPERAntiSpyware\SASSEH.DLL>  [SuperAdBlocker.com]
	<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
	<WebCheck><C:\Windows\System32\webcheck.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
	<WinlogonNotify: !SASWinLogon><C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL>  [SUPERAntiSpyware.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
	<WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
	<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{03F5D01C-F7DB-4F1A-9389-BF06ECDE5D44}]
	<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
	<Microsoft Windows Media Player><C:\Windows\system32\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
	<Internet Explorer><C:\Windows\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
	<N/A><"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
	<Microsoft Windows Mail 7><"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
	<Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
	<Internet Explorer><C:\Windows\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
	<N/A><C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install>  [(Verified)Microsoft Windows]

==================================
Startup Folders
[Adobe Gamma Loader]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[HP Digital Imaging Monitor]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]><N>
[NaturalColorLoad]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NaturalColorLoad.lnk --> C:\PROGRA~1\SEC\NATURA~1\NATURA~1.EXE []><N>
[NaturalColorLoad]
  <C:\Users\Led Zeppelin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NaturalColorLoad.lnk --> C:\PROGRA~1\SEC\NATURA~1\NATURA~1.EXE []><N>
[NaturalColorLoad]
  <C:\Users\Led Zeppelin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NaturalColorLoad.lnk --> C:\PROGRA~1\SEC\NATURA~1\NATURA~1.EXE []><N>
[Adobe Gamma Loader]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[HP Digital Imaging Monitor]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]><N>
[NaturalColorLoad]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NaturalColorLoad.lnk --> C:\PROGRA~1\SEC\NATURA~1\NATURA~1.EXE []><N>

==================================
Services
[Intel(R) Alert Service / AlertService][Stopped/Manual Start]
  <"C:\Program Files\Intel\IntelDH\CCU\AlertService.exe"><Intel(R) Corporation>
[AOL Connectivity Service / AOL ACS][Running/Auto Start]
  <"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"><AOL LLC>
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
  <"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple Inc.>
[Bonjour Service / Bonjour Service][Running/Auto Start]
  <"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Inc.>
[DQLWinService / DQLWinService][Running/Auto Start]
  <"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe"><>
[McAfee E-mail Proxy / Emproxy][Stopped/Manual Start]
  <C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe><McAfee, Inc.>
[FNWPMR / FNWPMR][Stopped/Manual Start]
  <C:\Users\LEDZEP~1\AppData\Local\Temp\FNWPMR.exe><(File is missing)>
[Google Desktop Manager 5.5.709.30344 / GoogleDesktopManager-093007-112848][Stopped/Manual Start]
  <"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"><Google>
[Google Update Service (gupdate1ca163962adda23) / gupdate1ca163962adda23][Stopped/Auto Start]
  <"C:\Program Files\Google\Update\GoogleUpdate.exe" /svc><Google Inc.>
[Google Software Updater / gusvc][Running/Auto Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[hpqcxs08 / hpqcxs08][Running/Manual Start]
  <C:\Windows\system32\svchost.exe -k hpdevmgmt-->C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll><Hewlett-Packard Co.>
[HP CUE DeviceDiscovery Service / hpqddsvc][Running/Auto Start]
  <C:\Windows\system32\svchost.exe -k hpdevmgmt-->C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll><Hewlett-Packard Co.>
[Intel(R) Matrix Storage Event Monitor / IAANTMON][Running/Auto Start]
  <C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe><Intel Corporation>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPod Service / iPod Service][Running/Manual Start]
  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[Intel(R) Software Services Manager / ISSM][Stopped/Manual Start]
  <"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe"><Intel(R) Corporation>
[Intel(R) Viiv(TM) Media Server / M1 Server][Stopped/Manual Start]
  <C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe><N/A>
[McAfee HackerWatch Service / McAfee HackerWatch Service][Running/Auto Start]
  <"C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"><McAfee, Inc.>
[Intel(R) Application Tracker / MCLServiceATL][Stopped/Manual Start]
  <"C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe"><Intel(R) Corporation>
[McAfee Services / mcmscsvc][Running/Auto Start]
  <C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe><McAfee, Inc.>
[McAfee Network Agent / McNASvc][Running/Auto Start]
  <"c:\program files\common files\mcafee\mna\mcnasvc.exe"><McAfee, Inc.>
[McAfee Scanner / McODS][Running/Auto Start]
  <C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe><McAfee, Inc.>
[McAfee Proxy Service / McProxy][Running/Auto Start]
  <c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe><McAfee, Inc.>
[McAfee Redirector Service / McRedirector][Running/Auto Start]
  <c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe><McAfee, Inc.>
[McAfee Real-time Scanner / McShield][Running/Auto Start]
  <C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe><McAfee, Inc.>
[McAfee SystemGuards / McSysmon][Stopped/Manual Start]
  <C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe><McAfee, Inc.>
[McAfee Personal Firewall Service / MpfService][Running/Auto Start]
  <"C:\Program Files\McAfee\MPF\MPFSrv.exe"><McAfee, Inc.>
[McAfee Privacy Service / MPS9][Running/Auto Start]
  <C:\PROGRA~1\McAfee\MPS\mps.exe><McAfee, Inc.>
[McAfee SpamKiller Service / MSK80Service][Running/Auto Start]
  <"C:\Program Files\McAfee\MSK\MskSrver.exe"><McAfee Inc.>
[Nero BackItUp Scheduler 3 / Nero BackItUp Scheduler 3][Running/Auto Start]
  <C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe><Nero AG>
[Net Driver HPZ12 / Net Driver HPZ12][Running/Auto Start]
  <C:\Windows\System32\svchost.exe -k HPZ12-->C:\Windows\system32\HPZinw12.dll><Hewlett-Packard>
[NMIndexingService / NMIndexingService][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe"><Nero AG>
[Pml Driver HPZ12 / Pml Driver HPZ12][Running/Auto Start]
  <C:\Windows\System32\svchost.exe -k HPZ12-->C:\Windows\system32\HPZipm12.dll><Hewlett-Packard>
[PrismXL / PrismXL][Running/Auto Start]
  <C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS><New Boundary Technologies, Inc.>
[Intel(R) Remoting Service / Remote UI Service][Stopped/Manual Start]
  <"C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe"><Intel(R) Corporation>
[XAudioService / XAudioService][Running/Auto Start]
  <C:\Windows\system32\DRIVERS\xaudio.exe><Conexant Systems, Inc.>
[XBaseMS-Service / XBaseMS-Service][Running/Auto Start]
  <C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\tbmux32.exe><Transaction Software, D 81737 Munich>

==================================
Drivers
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[adp94xx / adp94xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adp94xx.sys><Adaptec, Inc.>
[adpahci / adpahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpahci.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu160m.sys><Adaptec, Inc.>
[adpu320 / adpu320][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu320.sys><Adaptec, Inc.>
[aic78xx / aic78xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\djsvs.sys><Adaptec, Inc.>
[aliide / aliide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\aliide.sys><Acer Laboratories Inc.>
[arc / arc][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[arcsas / arcsas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arcsas.sys><Adaptec, Inc.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Stopped/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[blbdrive / blbdrive][Stopped/Disabled]
  <\SystemRoot\system32\drivers\blbdrive.sys><N/A>
[Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltlo.sys><Brother Industries, Ltd.>
[Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltup.sys><Brother Industries, Ltd.>
[Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserid.sys><Brother Industries Ltd.>
[Brother WDM Serial driver / BrSerWdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserwdm.sys><Brother Industries Ltd.>
[Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brusbmdm.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brusbser.sys><Brother Industries Ltd.>
[catchme / catchme][Stopped/Manual Start]
  <\??\C:\Users\LEDZEP~1\AppData\Local\Temp\catchme.sys><N/A>
[cmdide / cmdide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\cmdide.sys><CMD Technology, Inc.>
[Intel(R) PRO Network Connection Driver / E100B][Running/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[Intel(R) PRO/1000 NDIS 6 Adapter Driver / E1G60][Stopped/Manual Start]
  <system32\DRIVERS\E1G60I32.sys><Intel Corporation>
[elxstor / elxstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[GEAR ASPI Filter Driver / GEARAspiWDM][Running/Manual Start]
  <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[HpCISSs / HpCISSs][Stopped/Disabled]
  <\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\HSX_DPV.sys><Conexant Systems, Inc.>
[HSXHWBS2 / HSXHWBS2][Running/Manual Start]
  <system32\DRIVERS\HSXHWBS2.sys><Conexant Systems, Inc.>
[ialm / ialm][Stopped/Manual Start]
  <system32\DRIVERS\igdkmd32.sys><Intel Corporation>
[Intel RAID Controller / iaStor][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\iaStor.sys><Intel Corporation>
[Intel RAID Controller Vista / iaStorV][Running/Boot Start]
  <\SystemRoot\system32\drivers\iastorv.sys><Intel Corporation>
[igfx / igfx][Running/Manual Start]
  <system32\DRIVERS\igdkmd32.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[IntelDH Driver / IntelDH][Running/Manual Start]
  <System32\Drivers\IntelDH.sys><Intel Corporation>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <system32\DRIVERS\ipinip.sys><N/A>
[ITEATAPI_Service_Install / iteatapi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteatapi.sys><Integrated Technology Express, Inc.>
[ITERAID_Service_Install / iteraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteraid.sys><Integrated Technology Express, Inc.>
[LSI_FC / LSI_FC][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_fc.sys><LSI Logic>
[LSI_SAS / LSI_SAS][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_sas.sys><LSI Logic>
[LSI_SCSI / LSI_SCSI][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Logic>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[megasas / megasas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[McAfee Inc. / mfeavfk][Running/Manual Start]
  <system32\drivers\mfeavfk.sys><McAfee, Inc.>
[McAfee Inc. / mfebopk][Running/Manual Start]
  <system32\drivers\mfebopk.sys><McAfee, Inc.>
[McAfee Inc. / mfehidk][Running/Manual Start]
  <system32\drivers\mfehidk.sys><McAfee, Inc.>
[McAfee Inc. / mferkdk][Stopped/Manual Start]
  <system32\drivers\mferkdk.sys><McAfee, Inc.>
[McAfee Inc. / mfesmfk][Stopped/Manual Start]
  <system32\drivers\mfesmfk.sys><McAfee, Inc.>
[MPFP / MPFP][Running/System Start]
  <System32\Drivers\Mpfp.sys><McAfee, Inc.>
[Mraid35x / Mraid35x][Stopped/Disabled]
  <\SystemRoot\system32\drivers\mraid35x.sys><LSI Logic Corporation>
[MREMP50 NDIS Protocol Driver / MREMP50][Stopped/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[MREMP50a64 NDIS Protocol Driver / MREMP50a64][Stopped/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS><N/A>
[MRESP50 NDIS Protocol Driver / MRESP50][Stopped/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[MRESP50a64 NDIS Protocol Driver / MRESP50a64][Stopped/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS><N/A>
[Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista / NETw2v32][Stopped/Manual Start]
  <system32\DRIVERS\NETw2v32.sys><Intel® Corporation>
[nfrd960 / nfrd960][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[GoProto Protocol Driver for NMS / nmsgopro][Running/Auto Start]
  <system32\DRIVERS\nmsgopro.sys><Gteko Ltd.>
[UniDriver for NMS / nmsunidr][Running/Auto Start]
  <system32\DRIVERS\nmsunidr.sys><Gteko Ltd.>
[N-trig HID Tablet Driver / ntrigdigi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ntrigdigi.sys><N-trig Innovative Technologies>
[nvraid / nvraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvraid.sys><NVIDIA Corporation>
[nvstor / nvstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvstor.sys><NVIDIA Corporation>
[IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkflt.sys><N/A>
[IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkfwd.sys><N/A>
[pavboot / pavboot][Running/Boot Start]
  <\SystemRoot\system32\drivers\pavboot.sys><Panda Security, S.L.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[QLogic Fibre Channel Miniport Driver / ql2300][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[QLogic iSCSI Miniport Driver / ql40xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql40xx.sys><QLogic Corporation>
[SASDIFSV / SASDIFSV][Running/System Start]
  <\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS><SUPERAdBlocker.com and SUPERAntiSpyware.com>
[SASENUM / SASENUM][Running/Manual Start]
  <\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS><SuperAdBlocker, Inc.>
[SASKUTIL / SASKUTIL][Running/System Start]
  <\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys><SUPERAdBlocker.com and SUPERAntiSpyware.com>
[SDDMI2 / SDDMI2][Stopped/Manual Start]
  <\??\C:\Windows\system32\DDMI2.sys><N/A>
[Sentinel / Sentinel][Stopped/Auto Start]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
[SiSRaid2 / SiSRaid2][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sisraid2.sys><Silicon Integrated Systems Corp.>
[SiSRaid4 / SiSRaid4][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sisraid4.sys><Silicon Integrated Systems>
[SigmaTel High Definition Audio CODEC / STHDA][Running/Manual Start]
  <system32\drivers\stwrt.sys><SigmaTel, Inc.>
[Symc8xx / Symc8xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\symc8xx.sys><LSI Logic>
[Sym_hi / Sym_hi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_hi.sys><LSI Logic>
[Sym_u3 / Sym_u3][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_u3.sys><LSI Logic>
[TSHWMDTCP / TSHWMDTCP][Stopped/Manual Start]
  <\??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys><N/A>
[uliahci / uliahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\uliahci.sys><ULi Electronics Inc.>
[UlSata / UlSata][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata.sys><Promise Technology, Inc.>
[ulsata2 / ulsata2][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata2.sys><Promise Technology, Inc.>
[viaide / viaide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\viaide.sys><VIA Technologies, Inc.>
[vsmraid / vsmraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\vsmraid.sys><VIA Technologies Inc.,Ltd>
[WAN Miniport (ATW) / wanatw][Running/Manual Start]
  <system32\DRIVERS\wanatw4.sys><America Online, Inc.>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSX_CNXT.sys><Conexant Systems, Inc.>
[XAudio / XAudio][Running/Auto Start]
  <system32\DRIVERS\xaudio.sys><Conexant Systems, Inc.>

==================================
Browser Add-ons
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre6\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[scriptproxy]
  {7DB2D5A0-7241-4E79-B68D-6309F01C5231} <c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll, (Signed) McAfee, Inc.>
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll, (Signed) Google Inc.>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435b-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, (Signed) Sun Microsystems, Inc.>
[Send to OneNote from Internet Explorer button]
  {2670000A-7350-4f3c-8081-5663EE0C6C49} <C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll, (Signed) Microsoft Corporation>
[]
  {85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A>
[&Research]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[BDSCANONLINE Control]
  {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\Windows\DOWNLO~1\oscan82.ocx, BitDefender>
[Java Plug-in 1.6.0_15]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[a-squared Scanner]
  {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} <C:\Windows\DOWNLO~1\asquared.ocx, (Signed) Emsi Software GmbH>
[Java Plug-in 1.6.0_15]
  {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_15]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_15.dll, (Signed) Sun Microsystems, Inc.>
[]
  {01895BDB-00E4-491E-A0A9-47E5E815BEC2} <, >
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <, >
[]
  {2670000A-7350-4F3C-8081-5663EE0C6C49} <, >
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[]
  {35B207D6-02F3-4109-B346-7C3AF36EC39F} <, >
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre6\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[scriptproxy]
  {7DB2D5A0-7241-4E79-B68D-6309F01C5231} <c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll, (Signed) McAfee, Inc.>
[]
  {85D1F590-48F4-11D9-9669-0800200C9A66} <, >
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <, >
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll, (Signed) Google Inc.>
[]
  {CA6319C0-31B7-401E-A518-A07C3DB8F777} <, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[]
  {D920E924-46CC-4D2E-843B-C14AB51A1BCF} <, >
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, (Signed) Sun Microsystems, Inc.>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>

==================================
Running Processes
[PID: 420 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 6.0.6002.18005 (lh_sp2rtm.090410-1830)]
[PID: 492 / SYSTEM][C:\Windows\system32\csrss.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 536 / SYSTEM][C:\Windows\system32\wininit.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 544 / SYSTEM][C:\Windows\system32\csrss.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 580 / SYSTEM][C:\Windows\system32\services.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 592 / SYSTEM][C:\Windows\system32\lsass.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 600 / SYSTEM][C:\Windows\system32\lsm.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 648 / SYSTEM][C:\Windows\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 796 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 856 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 992 / LOCAL SERVICE][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 1020 / SYSTEM][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1040 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 1156 / LOCAL SERVICE][C:\Windows\system32\AUDIODG.EXE]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1184 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1208 / NETWORK SERVICE][C:\Windows\system32\SLsvc.exe]  [(Verified) Microsoft Corporation, 6.0.6002.18005 (lh_sp2rtm.090410-1830)]
[PID: 1232 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 1468 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 1692 / Led Zeppelin][C:\Windows\system32\Dwm.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1764 / SYSTEM][C:\Windows\System32\spoolsv.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\System32\hpzlllhn.dll]  [Hewlett-Packard Company, 61.053.25.9]
	[C:\Windows\system32\spool\PRTPROCS\W32X86\hpzpplhn.dll]  [Hewlett-Packard Corporation, 61.053.25.9]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 1776 / Led Zeppelin][C:\Windows\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1796 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1804 / Led Zeppelin][C:\Windows\system32\taskeng.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\igfxTMM.dll]  [, 1, 0, 0, 1]
[PID: 1892 / SYSTEM][C:\Windows\system32\taskeng.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 328 / Led Zeppelin][C:\Windows\zHotkey.exe]  [, 3, 0, 0, 10]
[PID: 352 / Led Zeppelin][C:\Windows\ModPS2Key.exe]  [Chicony, 4, 2, 0, 0]
[PID: 364 / Led Zeppelin][C:\Program Files\McAfee.com\Agent\mcagent.exe]  [McAfee, Inc., 8,0,237,0]
	[C:\PROGRA~1\McAfee\MSC\McRes.dll]  [McAfee, Inc., 8,0,226,0]
	[C:\PROGRA~1\McAfee\MSC\McLocRes.dll]  [McAfee, Inc., 8,1,153,0]
	[C:\Program Files\McAfee\MSC\oem\370-46\Mccobres.dll]  [McAfee, Inc., 8,0,205,0]
	[C:\PROGRA~1\McAfee\MSC\Mccobres.dll]  [McAfee, Inc., 8,1,165,0]
	[c:\PROGRA~1\mcafee\msc\mcsubmgr\8_1_13~1\mcsubmgr.dll]  [McAfee, Inc., 8,1,133,0]
	[C:\Program Files\Common Files\McAfee\Core\mccoreps.dll]  [McAfee, Inc., 3,0,115,0]
	[C:\Program Files\McAfee\MSC\mcmispps.dll]  [McAfee, Inc., 8,0,226,0]
	[c:\PROGRA~1\mcafee\msc\mccfgpv.dll]  [McAfee, Inc., 8,1,133,0]
	[C:\Program Files\McAfee.com\Agent\mcagntps.dll]  [McAfee, Inc., 8,0,226,0]
[PID: 440 / Led Zeppelin][C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe]  [Google, 5.0.611.10655]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll]  [Google, 5.5.709.30344]
[PID: 428 / Led Zeppelin][C:\Windows\System32\igfxtray.exe]  [Intel Corporation, 7.14.10.1147]
	[C:\Windows\System32\hccutils.DLL]  [N/A, ]
	[C:\Windows\system32\igfxsrvc.dll]  [Intel Corporation, 7.14.10.1147]
	[C:\Windows\System32\igfxres.dll]  [Intel Corporation, 7.14.10.1409]
	[C:\Windows\System32\igfxress.dll]  [Intel Corporation, 7.14.10.1147]
[PID: 528 / Led Zeppelin][C:\Windows\System32\hkcmd.exe]  [Intel Corporation, 6.14.10.1147]
	[C:\Windows\System32\hccutils.DLL]  [N/A, ]
	[C:\Windows\system32\igfxsrvc.dll]  [Intel Corporation, 7.14.10.1147]
	[C:\Windows\System32\igfxres.dll]  [Intel Corporation, 7.14.10.1409]
[PID: 784 / Led Zeppelin][C:\Windows\System32\igfxpers.exe]  [Intel Corporation, 7.14.10.1147]
	[C:\Windows\system32\igfxsrvc.dll]  [Intel Corporation, 7.14.10.1147]
[PID: 840 / Led Zeppelin][C:\Program Files\HP\HP Software Update\hpwuSchd2.exe]  [Hewlett-Packard Co., 82.0.173.000]
[PID: 1416 / Led Zeppelin][C:\Program Files\iTunes\iTunesHelper.exe]  [Apple Inc., 8.0.2.20]
	[C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL]  [Apple Inc., 8.0.2.20]
	[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL]  [Apple Inc., 8.0.2.20]
	[C:\Program Files\QuickTime\QTSystem\QuickTime.qts]  [Apple Inc., 7.5.5 (990.7)]
	[C:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll]  [Apple Inc., 185.11.0.10]
[PID: 1660 / Led Zeppelin][C:\Windows\sttray.exe]  [SigmaTel, Inc., 1.0.5274.0  nd532 cp1]
	[C:\Windows\system32\STLang.dll]  [SigmaTel, Inc., 1.0.5274.0  nd532 cp1]
	[C:\Windows\system32\stapi32.dll]  [SigmaTel, Inc., 1.0.5274.0  nd532 cp1]
[PID: 1884 / Led Zeppelin][C:\Program Files\Java\jre6\bin\jusched.exe]  [Sun Microsystems, Inc., 6.0.150.3]
[PID: 1064 / Led Zeppelin][C:\Windows\ehome\ehtray.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 1104 / Led Zeppelin][C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe]  [Macrovision Corporation, 6, 0, 100, 54472]
[PID: 964 / Led Zeppelin][C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE]  [SUPERAntiSpyware.com, 4, 29, 0, 1002]
	[C:\Program Files\SUPERAntiSpyware\deupx.dll]  [SuperAntiSpyware.com, 1, 0, 0, 2]
	[C:\Users\Led Zeppelin\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL]  [N/A, ]
[PID: 1080 / Led Zeppelin][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe]  [Google Inc., 2, 0, 301, 1654]
	[C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\gtn.dll]  [Google Inc., 5, 3, 4501, 1418]
	[C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll]  [Google Inc., 5, 3, 4501, 1418]
[PID: 1848 / Led Zeppelin][C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe]  [Nero AG, 3.1.2.0]
	[C:\Program Files\Common Files\Nero\Lib\NMSQLDB.dll]  [Nero AG, 3.1.2.0]
	[C:\Program Files\Common Files\Nero\Lib\NMLogCxx.dll]  [Nero AG, 3.1.2.0]
	[C:\Program Files\Common Files\Nero\Lib\log4cxx.dll]  [Nero AG, 1, 0, 1, 0]
[PID: 932 / Led Zeppelin][C:\Program Files\Windows Media Player\wmpnscfg.exe]  [Microsoft Corporation, 11.0.6000.6324 (vista_rtm.061101-2205)]
[PID: 1464 / Led Zeppelin][C:\Program Files\HDD Health\hddhealth.exe]  [PANTERASoft, 3.3.0.220]
[PID: 2064 / Led Zeppelin][C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll]  [Hewlett-Packard Co., 82.0.242.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc]  [Hewlett-Packard Co., 82.0.242.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll]  [Hewlett-Packard Co., 82.0.242.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll]  [Hewlett-Packard Co., 82.0.173.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll]  [Hewlett-Packard Co., 82.0.174.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqddusr.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll]  [Hewlett-Packard Co., 82.0.174.000]
	[C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.4053]
[PID: 2072 / Led Zeppelin][C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe]  [, 2, 0, 1, 1]
	[C:\Program Files\SEC\Natural Color\LowCMS.dll]  [, 1, 0, 0, 1]
	[C:\Program Files\SEC\Natural Color\MFC42D.DLL]  [Microsoft Corporation, 6.00.8665.0]
	[C:\Program Files\SEC\Natural Color\MSVCRTD.dll]  [Microsoft Corporation, 6.00.8797.0]
	[C:\Program Files\SEC\Natural Color\MFCO42D.DLL]  [Microsoft Corporation, 6.00.8665.0]
[PID: 2096 / Led Zeppelin][C:\Program Files\AOL 9.0a\waol.exe]  [AOL, LLC., 9.05.001]
	[C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Program Files\AOL 9.0a\waol.dll]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\supersub.dll]  [AOL, LLC., 9.05.001]
	[C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\AOL 9.0a\xprt5.dll]  [AOL LLC, 5.2.4.5154]
	[C:\Program Files\AOL 9.0a\coolcore46.dll]  [AOL LLC, 4.6.6.5154]
	[C:\Program Files\AOL 9.0a\zlib.dll]  [, 1.1.4]
	[C:\Program Files\AOL 9.0a\xmlparse.dll]  [N/A, ]
	[C:\Program Files\AOL 9.0a\xmltok.dll]  [N/A, ]
	[C:\Program Files\AOL 9.0a\comm.dll]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\manager.dll]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\SYNCCORE.dll]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\ProxyMgr.dll]  [AOL LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\APPDATA.dll]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\acfBase.DLL]  [America Online, 1, 0, 0, 1]
	[C:\Program Files\Common Files\AOL\1186805682\ee\AOLSvcMgr.dll]  [America Online, Inc., 1.5.6.1]
	[C:\Program Files\AOL 9.0a\resource.dll]  [AOL, LLC., 9.05.001]
	[C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll]  [AOL LLC, 3.3.10.1]
	[C:\Program Files\Common Files\AOL\ACS\AcsCmn.dll]  [AOL LLC, 4.6.61.1			 ]
	[C:\Program Files\AOL 9.0a\TOOL\imfdecode.rct]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\TOOL\coretool.rct]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\DUNZIP32.dll]  [Inner Media, Inc., 4.00.04]
	[C:\Program Files\AOL 9.0a\TOOL\mip.tol]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\ABOOK.dll]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\TOOL\rich.rct]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\TOOL\actvx.rct]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\TOOL\sec.cct]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\TOOL\chat.tol]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\TOOL\htmlview.tol]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\TOOL\www.tol]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\TOOL\lvi.tol]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\COOLAPI.dll]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\idleproc.dll]  [AOL, LLC., 9.05.001]
	[C:\Program Files\AOL 9.0a\TOOL\talk.tol]  [AOL, LLC., 9.05.001]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
	[C:\Windows\system32\jgpl400.dll]  [Johnson-Grace Company, 054]
	[C:\Windows\system32\jgdw400.dll]  [America Online, 106]
	[C:\Windows\system32\igdumd32.dll]  [Intel Corporation, 7.14.10.1147]
[PID: 2384 / Led Zeppelin][C:\Windows\ehome\ehmsas.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2460 / Led Zeppelin][C:\Program Files\Common Files\AOL\1186805682\ee\aolsoftware.exe]  [America Online, Inc., 1.5.6.1]
	[C:\Program Files\Common Files\AOL\1186805682\ee\xprt5.dll]  [AOL LLC, 5.2.3.5014]
	[C:\Program Files\Common Files\AOL\1186805682\ee\AOLSvcMgr.dll]  [America Online, Inc., 1.5.6.1]
	[C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll]  [AOL LLC, 3.3.10.1]
	[C:\Program Files\Common Files\AOL\1186805682\ee\AOLHostMgr.dll]  [America Online, Inc., 1.5.6.1]
	[c:\program files\common files\aol\1186805682\ee\services\os\ver5_2_1_1\OS.dll]  [AOL LLC, 5.2.1.1]
	[c:\program files\common files\aol\1186805682\ee\services\os\ver5_2_1_1\AOLIdleMon.dll]  [AOL LLC, 5.2.1.1]
	[c:\program files\common files\aol\1186805682\ee\services\basics\ver8_0_4_1\basics.dll]  [America Online, Inc., 8.0.4.1]
	[c:\program files\common files\aol\1186805682\ee\services\notification\ver6_2_6_1\Notify.dll]  [America Online, Inc., 6.2.6.1]
	[c:\program files\common files\aol\1186805682\ee\services\localStorage\ver7_1_5_2\clsSvc.dll]  [AOL LLC, 7.1.5.2]
	[c:\program files\common files\aol\1186805682\ee\services\metrics\ver3_6_15_1\cmls.dll]  [America Online, Inc., 3.6.15.1]
	[c:\program files\common files\aol\1186805682\ee\services\aolsystrayservice\ver3_0_11_1\AOLSysTrayService.dll]  [AOL LLC, 3.0.11.1]
	[C:\Program Files\Common Files\AOL\1186805682\ee\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[c:\program files\common files\aol\1186805682\ee\services\suiteFramework\ver3_1_3_1\suiteFramework.dll]  [America Online, Inc., 3.1.3.1]
[PID: 2736 / SYSTEM][C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe]  [AOL LLC, 4.6.1.2			  ]
	[C:\Program Files\Common Files\AOL\ACS\AOLacsd.dll]  [AOL LLC, 4.6.61.1			 ]
	[C:\Program Files\Common Files\AOL\ACS\xpat.dll]  [AOL LLC, 4.6.61.1			 ]
	[C:\Program Files\Common Files\AOL\ACS\ACSMDiag.dll]  [AOL LLC, 4.6.61.1			 ]
	[C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll]  [AOL LLC, 3.3.10.1]
	[C:\Program Files\Common Files\AOL\ACS\AcsCmn.dll]  [AOL LLC, 4.6.61.1			 ]
	[C:\Program Files\Common Files\AOL\ACS\ACSSwu.dll]  [AOL LLC, 4.6.61.1			 ]
[PID: 2752 / SYSTEM][C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe]  [Apple Inc., 2.12.33.0]
[PID: 2764 / SYSTEM][C:\Program Files\Bonjour\mDNSResponder.exe]  [Apple Inc., 1,0,5,11]
[PID: 2796 / SYSTEM][C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe]  [, 1, 0, 0, 8]
	[C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\nmsmc.dll]  [Gteko Ltd., 1, 0, 0, 9]
[PID: 2908 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[c:\program files\hp\digital imaging\bin\hpqddsvc.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[c:\program files\hp\digital imaging\bin\hpqddcmn.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[c:\program files\hp\digital imaging\bin\hpqcxs08.dll]  [Hewlett-Packard Co., 120.0.214.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll]  [Hewlett-Packard Co., 110.0.180.000]
[PID: 2924 / SYSTEM][C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe]  [Intel Corporation, 6.2.1.1005]
[PID: 3024 / SYSTEM][C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe]  [McAfee, Inc., 8.3.105.0]
	[C:\Program Files\Common Files\McAfee\Core\mccoreps.dll]  [McAfee, Inc., 3,0,115,0]
	[c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapips.dll]  [McAfee, Inc., 8.3.105.0]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 3064 / SYSTEM][C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe]  [McAfee, Inc., 11,2,121,0]
	[c:\PROGRA~1\mcafee\VIRUSS~1\mcodsax.dll]  [McAfee, Inc., 11,2,121,0]
[PID: 3096 / SYSTEM][c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe]  [McAfee, Inc., 1,2,138,0]
	[c:\PROGRA~1\mcafee\msk\mcadaptr.dll]  [McAfee Inc., 8.2.137.0]
	[c:\PROGRA~1\mcafee\mps\mpsppm.dll]  [McAfee, Inc., 9.2.134.0]
	[C:\PROGRA~1\COMMON~1\McAfee\Core\McEvtBrk.dll]  [McAfee, Inc., 3,0,115,0]
	[c:\PROGRA~1\mcafee\msk\mskp3plg.dll]  [McAfee Inc., 8.2.125.0]
	[c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirps.dll]  [McAfee, Inc., 1,3,109,0]
	[c:\PROGRA~1\mcafee\msk\McAPFilt.dll]  [McAfee Inc., 8.2.134.0]
	[c:\PROGRA~1\mcafee\msk\MSKSet.dll]  [McAfee Inc., 8.2.125.0]
[PID: 3156 / SYSTEM][c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe]  [McAfee, Inc., 1,3,109,0]
	[C:\PROGRA~1\COMMON~1\McAfee\Core\McEvtBrk.dll]  [McAfee, Inc., 3,0,115,0]
	[c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirps.dll]  [McAfee, Inc., 1,3,109,0]
	[C:\Program Files\Common Files\McAfee\Core\mccoreps.dll]  [McAfee, Inc., 3,0,115,0]
	[c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapips.dll]  [McAfee, Inc., 8.3.105.0]
[PID: 3188 / SYSTEM][C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe]  [McAfee, Inc., VSCORE.13.3.2.116.x86]
	[C:\PROGRA~1\McAfee\VIRUSS~1\LockDown.dll]  [McAfee, Inc., VSCORE.13.3.2.116.x86]
	[C:\PROGRA~1\McAfee\VIRUSS~1\mytilus.dll]  [McAfee, Inc., VSCORE.13.3.2.116.x86]
	[C:\PROGRA~1\McAfee\VIRUSS~1\mytilus2.dll]  [McAfee, Inc., VSCORE.13.3.2.116.x86]
	[C:\PROGRA~1\McAfee\VIRUSS~1\RES00\McShield.dll]  [McAfee, Inc., VSCORE.13.3.2.116]
	[C:\PROGRA~1\McAfee\VIRUSS~1\FTL.Dll]  [McAfee, Inc., VSCORE.13.3.2.116.x86]
	[C:\PROGRA~1\McAfee\VIRUSS~1\naiann.dll]  [McAfee, Inc., 11,2,127,0]
	[C:\Program Files\Common Files\McAfee\Core\mccoreps.dll]  [McAfee, Inc., 3,0,115,0]
	[c:\PROGRA~1\mcafee\VIRUSS~1\mcvsps.dll]  [McAfee, Inc., 11,2,127,0]
	[c:\PROGRA~1\mcafee\VIRUSS~1\naiannps.dll]  [McAfee, Inc., 11,2,127,0]
	[c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll]  [McAfee, Inc., 11,2,134,0]
	[c:\PROGRA~1\mcafee\VIRUSS~1\mcvsqt.dll]  [McAfee, Inc., 11,2,127,0]
	[C:\PROGRA~1\McAfee\VIRUSS~1\McQtLib.dll]  [McAfee, Inc., 11,2,127,0]
	[C:\PROGRA~1\COMMON~1\McAfee\Core\McEvtBrk.dll]  [McAfee, Inc., 3,0,115,0]
	[C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll]  [McAfee, Inc., 11,2,121,0]
	[C:\PROGRA~1\McAfee\VIRUSS~1\scriptsv.dll]  [McAfee, Inc., VSCORE.13.3.2.116.x86]
	[C:\Program Files\McAfee\VirusScan\mcscan32.dll]  [McAfee, Inc., 5.1.00]
	[C:\PROGRA~1\McAfee\VIRUSS~1\mfebopa.dll]  [McAfee, Inc., SYSCORE.13.3.0.136.x86]
	[C:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll]  [McAfee, Inc., SYSCORE.13.3.0.136.x86]
	[C:\PROGRA~1\McAfee\VIRUSS~1\mfeavfa.dll]  [McAfee, Inc., SYSCORE.13.3.0.136.x86]
[PID: 3256 / SYSTEM][C:\Program Files\McAfee\MPF\MPFSrv.exe]  [McAfee, Inc., 8.2.122.0]
	[C:\Program Files\Common Files\McAfee\Core\mccoreps.dll]  [McAfee, Inc., 3,0,115,0]
	[C:\PROGRA~1\COMMON~1\McAfee\Core\McEvtBrk.dll]  [McAfee, Inc., 3,0,115,0]
	[c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapips.dll]  [McAfee, Inc., 8.3.105.0]
	[c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll]  [McAfee, Inc., 8.2.118.0]
	[C:\Program Files\McAfee\MSC\mcmispps.dll]  [McAfee, Inc., 8,0,226,0]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
	[C:\Program Files\McAfee\MPF\L10N.DLL]  [McAfee Security, 8.2.118.0]
	[c:\PROGRA~1\mcafee\mpf\mc\mpfp.dll]  [McAfee, Inc., 8.2.118.0]
[PID: 3324 / SYSTEM][C:\PROGRA~1\McAfee\MPS\mps.exe]  [McAfee, Inc., 9.2.134.0]
	[C:\Windows\system32\Dunzip32.dll]  [Inner Media, Inc., 5.00.06]
	[C:\PROGRA~1\COMMON~1\McAfee\Core\McEvtBrk.dll]  [McAfee, Inc., 3,0,115,0]
	[c:\PROGRA~1\mcafee\mps\mpsps.dll]  [McAfee, Inc., 9.2.134.0]
	[C:\Program Files\Common Files\McAfee\Core\mccoreps.dll]  [McAfee, Inc., 3,0,115,0]
[PID: 3348 / SYSTEM][C:\Program Files\McAfee\MSK\MskSrver.exe]  [McAfee Inc., 8.2.125.0]
	[c:\PROGRA~1\mcafee\msk\mskengn.dll]  [McAfee Inc., 8.2.139.0]
	[c:\PROGRA~1\mcafee\msk\mskwm.dll]  [McAfee Inc., 8.2.125.0]
	[C:\Program Files\McAfee\MSK\MSKSet.dll]  [McAfee Inc., 8.2.125.0]
[PID: 3452 / SYSTEM][C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe]  [Nero AG, 3, 1, 0, 0]
	[C:\Program Files\Nero\Nero8\Nero BackItUp\NB.dll]  [Nero AG, 3, 1, 0, 0]
	[C:\Program Files\Nero\Nero8\Nero BackItUp\NeroAPIGlueLayerUnicode.dll]  [Nero AG, 8.1.3.0]
	[C:\Program Files\Nero\Nero8\Nero BackItUp\LBFC.dll]  [Nero AG, 3, 1, 0, 0]
	[C:\Program Files\Nero\Nero8\Nero BackItUp\NBHDMgr.dll]  [Nero AG, 3, 1, 0, 0]
[PID: 3620 / LOCAL SERVICE][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[c:\windows\system32\hpzinw12.dll]  [Hewlett-Packard, 12,1,2,54]
[PID: 3680 / LOCAL SERVICE][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[c:\windows\system32\hpzipm12.dll]  [Hewlett-Packard, 12,1,2,54]
[PID: 3732 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 3756 / SYSTEM][C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS]  [New Boundary Technologies, Inc., 5.0]
[PID: 3804 / Led Zeppelin][C:\Program Files\McAfee\MPS\mpsevh.exe]  [McAfee, Inc., 9.2.134.0]
	[C:\PROGRA~1\McAfee\MSC\McAltLib.dll]  [McAfee, Inc., 8,1,133,0]
	[C:\PROGRA~1\McAfee\MSC\McRes.dll]  [McAfee, Inc., 8,0,226,0]
	[C:\PROGRA~1\McAfee\MSC\McLocRes.dll]  [McAfee, Inc., 8,1,153,0]
	[C:\Program Files\McAfee\MSC\oem\370-46\Mccobres.dll]  [McAfee, Inc., 8,0,205,0]
	[C:\PROGRA~1\McAfee\MSC\Mccobres.dll]  [McAfee, Inc., 8,1,165,0]
	[c:\PROGRA~1\mcafee\mps\mpsps.dll]  [McAfee, Inc., 9.2.134.0]
	[c:\PROGRA~1\mcafee\mps\mpsmisp.dll]  [McAfee, Inc., 9.2.134.0]
	[C:\Program Files\Common Files\McAfee\Core\mccoreps.dll]  [McAfee, Inc., 3,0,115,0]
	[C:\Program Files\McAfee\MSC\mcmispps.dll]  [McAfee, Inc., 8,0,226,0]
[PID: 3864 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 3992 / SYSTEM][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 4056 / SYSTEM][C:\Windows\system32\SearchIndexer.exe]  [(Verified) Microsoft Corporation, 7.00.6002.18005 (lh_sp2rtm.090410-1830)]
[PID: 4080 / SYSTEM][C:\Windows\system32\DRIVERS\xaudio.exe]  [Conexant Systems, Inc., 1.00.00]
[PID: 1656 / SYSTEM][C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\tbmux32.exe]  [Transaction Software, D 81737 Munich, V5.3.1.19 (Build 129)]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 1348 / SYSTEM][C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\tbkern32.exe]  [Transaction Software, D 81737 Munich, V5.3.1.19 (Build 129)]
	[C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\polycsr.dll]  [Transaction Software, D 81737 Munich, V5.3.1.19 (Build 129)]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 2480 / SYSTEM][C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\tbkern32.exe]  [Transaction Software, D 81737 Munich, V5.3.1.19 (Build 129)]
	[C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\polycsr.dll]  [Transaction Software, D 81737 Munich, V5.3.1.19 (Build 129)]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 2008 / LOCAL SERVICE][C:\Windows\system32\WUDFHost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2440 / Led Zeppelin][C:\Program Files\AOL 9.0a\shellmon.exe]  [AOL, LLC., 9.05.001]
	[C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 1476 / Led Zeppelin][C:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.9.1.3]
	[C:\Program Files\Mozilla Firefox\xul.dll]  [Mozilla Foundation, 1.9.1.3]
	[C:\Program Files\Mozilla Firefox\sqlite3.dll]  [sqlite.org, 3.6.10]
	[C:\Program Files\Mozilla Firefox\MOZCRT19.dll]  [Mozilla Foundation, 8.00.0000]
	[C:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
	[C:\Program Files\Mozilla Firefox\nspr4.dll]  [Mozilla Foundation, 4.8]
	[C:\Program Files\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nssutil3.dll]  [Mozilla Foundation, 3.12.3.1]
	[C:\Program Files\Mozilla Firefox\plc4.dll]  [Mozilla Foundation, 4.8]
	[C:\Program Files\Mozilla Firefox\plds4.dll]  [Mozilla Foundation, 4.8]
	[C:\Program Files\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]
	[C:\Program Files\Mozilla Firefox\xpcom.dll]  [Mozilla Foundation, 1.9.1.3]
	[C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll]  [Mozilla Foundation, 1.9.1.3]
	[C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll]  [Google, 5.5.709.30344]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll]  [Google, 5.5.709.30344]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll]  [Google, 5.5.709.30344]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopCommon.dll]  [Google, 5.5.709.30344]
	[C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll]  [Mozilla Foundation, 1.9.1.3]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
	[C:\Program Files\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nssdbm3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]
	[C:\Program Files\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.75]
[PID: 2848 / NETWORK SERVICE][C:\Program Files\Windows Media Player\wmpnetwk.exe]  [Microsoft Corporation, 11.0.6000.6324 (vista_rtm.061101-2205)]
[PID: 2200 / SYSTEM][C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe]  [McAfee, Inc., 8,1,159,0]
	[c:\PROGRA~1\COMMON~1\mcafee\msc\mcutil\8_1_11~1\McUtil.dll]  [McAfee, Inc., 8,1,114,0]
	[C:\PROGRA~1\McAfee\MSC\McRes.dll]  [McAfee, Inc., 8,0,226,0]
	[C:\PROGRA~1\McAfee\MSC\McLocRes.dll]  [McAfee, Inc., 8,1,153,0]
	[C:\Program Files\McAfee\MSC\oem\370-46\Mccobres.dll]  [McAfee, Inc., 8,0,205,0]
	[C:\PROGRA~1\McAfee\MSC\Mccobres.dll]  [McAfee, Inc., 8,1,165,0]
	[C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll]  [McAfee, Inc., 8,1,125,0]
	[C:\Program Files\Common Files\McAfee\Core\mccoreps.dll]  [McAfee, Inc., 3,0,115,0]
	[C:\Program Files\McAfee\MSC\mcmispps.dll]  [McAfee, Inc., 8,0,226,0]
	[c:\PROGRA~1\mcafee\msc\mcdbmgr.dll]  [McAfee, Inc., 8,0,226,0]
	[C:\Program Files\McAfee.com\Agent\mcagntps.dll]  [McAfee, Inc., 8,0,226,0]
	[c:\PROGRA~1\mcafee\msc\mcshllps.dll]  [McAfee, Inc., 8,1,133,0]
	[c:\PROGRA~1\mcafee\msc\mcsubmgr\8_1_13~1\mcsubmgr.dll]  [McAfee, Inc., 8,1,133,0]
	[c:\PROGRA~1\mcafee\msc\mcmscver.dll]  [McAfee, Inc., 8,1,136,0]
	[c:\PROGRA~1\mcafee\VIRUSS~1\mvsap.dll]  [McAfee, Inc., 11,2,121,0]
	[c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll]  [McAfee, Inc., 8.2.118.0]
	[C:\Program Files\McAfee\MPF\L10N.DLL]  [McAfee Security, 8.2.118.0]
	[c:\PROGRA~1\mcafee\msk\mskmisp.dll]  [McAfee Inc., 8.2.125.0]
	[c:\PROGRA~1\mcafee\mps\mpsmisp.dll]  [McAfee, Inc., 9.2.134.0]
	[c:\PROGRA~1\mcafee\mps\mpsps.dll]  [McAfee, Inc., 9.2.134.0]
	[C:\Program Files\McAfee\MPS\MpsRes.DLL]  [McAfee, Inc., 9.2.134.0]
	[c:\PROGRA~1\mcafee\VIRUSS~1\mcvspp.dll]  [McAfee, Inc., 11,2,121,0]
	[C:\Program Files\McAfee\MSC\mcprotpv.dll]  [McAfee, Inc., 8,0,226,0]
	[c:\PROGRA~1\mcafee\msc\mcnmcprv.dll]  [McAfee, Inc., 2,1,151,0]
	[C:\PROGRA~1\McAfee\MSC\McNmcRes.dll]  [McAfee, Inc., 2,1,151,0]
	[C:\PROGRA~1\McAfee\MSC\McNmcLoR.dll]  [McAfee, Inc., 2,1,151,0]
	[C:\PROGRA~1\McAfee\MSC\McNmcCoR.dll]  [McAfee, Inc., 2,1,151,0]
	[c:\PROGRA~1\COMMON~1\mcafee\mna\MCNASV~1.DLL]  [McAfee, Inc., 2,1,143,0]
	[c:\PROGRA~1\mcafee\msc\mcnmcsps.dll]  [McAfee, Inc., 2,0,115,0]
	[c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll]  [McAfee, Inc., 11,2,134,0]
	[c:\PROGRA~1\mcafee\VIRUSS~1\naiannps.dll]  [McAfee, Inc., 11,2,127,0]
	[c:\PROGRA~1\mcafee\msc\mcregobj\8_0_22~1\mcregobj.dll]  [McAfee, Inc., 8,0,226,0]
	[c:\PROGRA~1\mcafee\mpf\mc\mpfp.dll]  [McAfee, Inc., 8.2.118.0]
	[C:\Program Files\McAfee\MSC\mcdemenu.dll]  [McAfee, Inc., 8,0,226,0]
	[C:\PROGRA~1\McAfee\MSC\McProHlp.dll]  [McAfee, Inc., 8,0,226,0]
	[c:\PROGRA~1\mcafee\VIRUSS~1\mvscp.dll]  [McAfee, Inc., 11,2,121,0]
	[c:\PROGRA~1\mcafee\msc\mcuicfg.dll]  [McAfee, Inc., 8,0,226,0]
	[c:\PROGRA~1\mcafee\msc\mccfgpv.dll]  [McAfee, Inc., 8,1,133,0]
	[c:\PROGRA~1\mcafee\msk\MSKSet.dll]  [McAfee Inc., 8.2.125.0]
[PID: 596 / SYSTEM][C:\Program Files\iPod\bin\iPodService.exe]  [Apple Inc., 8.0.2.20]
	[C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL]  [Apple Inc., 8.0.2.20]
	[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL]  [Apple Inc., 8.0.2.20]
[PID: 4180 / SYSTEM][C:\Windows\system32\wbem\wmiprvse.exe]  [(Verified) Microsoft Corporation, 6.0.6002.18005 (lh_sp2rtm.090410-1830)]
[PID: 4524 / Led Zeppelin][C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.4053]
	[C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqwso08.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Windows\system32\hpzipr12.dll]  [Hewlett-Packard, 12,1,2,54]
	[C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqstp08.rsc]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll]  [Hewlett-Packard Co., 120.0.214.000]
	[C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\HP\Digital Imaging\bin\hpqstd08.dll]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqmfc10.dll]  [Hewlett-Packard Co., 120.0.194.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqstd08.rsc]  [Hewlett-Packard Co., 110.0.180.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqsoa08.dll]  [Hewlett-Packard Co., 110.0.180.000]
[PID: 4644 / Led Zeppelin][C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe]  [Hewlett-Packard Co., 120.0.4.000]
[PID: 5672 / Led Zeppelin][C:\Users\Led Zeppelin\Desktop\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]
[PID: 5684 / Led Zeppelin][C:\Users\Led Zeppelin\Desktop\SREdf9c0eae.EXE]  [Smallfrogs Studio, 2.8.1.1279]
	[C:\Users\Led Zeppelin\Desktop\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 5828 / SYSTEM][c:\program files\common files\mcafee\mna\mcnasvc.exe]  [McAfee, Inc., 2,1,143,0]
	[c:\PROGRA~1\COMMON~1\mcafee\msc\mcutil\8_1_11~1\McUtil.dll]  [McAfee, Inc., 8,1,114,0]
	[c:\PROGRA~1\mcafee\msc\mcnmcsrv.dll]  [McAfee, Inc., 2,1,151,0]
	[C:\Program Files\Common Files\McAfee\Core\mccoreps.dll]  [McAfee, Inc., 3,0,115,0]
	[c:\PROGRA~1\mcafee\msc\mcshllps.dll]  [McAfee, Inc., 8,1,133,0]
	[c:\PROGRA~1\COMMON~1\mcafee\mna\MCNASV~1.DLL]  [McAfee, Inc., 2,1,143,0]
	[c:\PROGRA~1\mcafee\msc\mcnmcsps.dll]  [McAfee, Inc., 2,0,115,0]
	[c:\PROGRA~1\mcafee\mpf\mc\mpfp.dll]  [McAfee, Inc., 8.2.118.0]
	[c:\PROGRA~1\mcafee\msc\mcregobj\8_0_22~1\mcregobj.dll]  [McAfee, Inc., 8,0,226,0]
	[c:\PROGRA~1\mcafee\msc\mcmismgr.dll]  [McAfee, Inc., 8,1,149,0]
	[C:\PROGRA~1\McAfee\MSC\McRes.dll]  [McAfee, Inc., 8,0,226,0]
	[C:\PROGRA~1\McAfee\MSC\McLocRes.dll]  [McAfee, Inc., 8,1,153,0]
	[C:\Program Files\McAfee\MSC\oem\370-46\Mccobres.dll]  [McAfee, Inc., 8,0,205,0]
	[C:\PROGRA~1\McAfee\MSC\Mccobres.dll]  [McAfee, Inc., 8,1,165,0]
	[c:\PROGRA~1\mcafee\msc\mcsubmgr\8_1_13~1\mcsubmgr.dll]  [McAfee, Inc., 8,1,133,0]
	[c:\PROGRA~1\COMMON~1\mcafee\mna\mcuj.dll]  [McAfee, Inc., 2,1,143,0]
	[C:\PROGRA~1\McAfee\MSC\McNmcRes.dll]  [McAfee, Inc., 2,1,151,0]
	[C:\PROGRA~1\McAfee\MSC\McNmcLoR.dll]  [McAfee, Inc., 2,1,151,0]
	[C:\PROGRA~1\McAfee\MSC\McNmcCoR.dll]  [McAfee, Inc., 2,1,151,0]
[PID: 6112 / Led Zeppelin][c:\PROGRA~1\mcafee\msc\mcuimgr.exe]  [McAfee, Inc., 8,0,226,0]
	[C:\Program Files\Common Files\McAfee\Core\mccoreps.dll]  [McAfee, Inc., 3,0,115,0]
	[c:\PROGRA~1\mcafee\msc\mcshllps.dll]  [McAfee, Inc., 8,1,133,0]
	[C:\PROGRA~1\McAfee\MSC\McRes.dll]  [McAfee, Inc., 8,0,226,0]
	[C:\PROGRA~1\McAfee\MSC\McLocRes.dll]  [McAfee, Inc., 8,1,153,0]
	[C:\Program Files\McAfee\MSC\oem\370-46\Mccobres.dll]  [McAfee, Inc., 8,0,205,0]
	[C:\PROGRA~1\McAfee\MSC\Mccobres.dll]  [McAfee, Inc., 8,1,165,0]
[PID: 4132 / NETWORK SERVICE][C:\Windows\system32\wbem\wmiprvse.exe]  [(Verified) Microsoft Corporation, 6.0.6002.18005 (lh_sp2rtm.090410-1830)]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["%SystemRoot%\hh.exe" %1]
.HLP  OK. [%SystemRoot%\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
.JS   Error. [C:\Windows\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1	   localhost
::1			 localhost

==================================
Process Privileges Scan
N/A

==================================
Scheduled Tasks
[Enabled] \\Google Software Updater
		C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe scheduled_start
[Enabled] \\GoogleUpdateTaskMachineCore
		C:\Program Files\Google\Update\GoogleUpdate.exe /c
[Enabled] \\GoogleUpdateTaskMachineUA
		C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
[Enabled] \\McDefragTask
		c:\PROGRA~1\mcafee\mqc\QcConsol.exe "C:\Windows\system32\defrag.exe" C: -f
[Enabled] \\McQcTask
		c:\PROGRA~1\mcafee\mqc\QcConsol.exe 14 0
[Enabled] \\{188406B8-0620-4B90-86DA-A2D351A1297E}
		C:\Windows\system32\pcalua.exe -a "C:\Program Files\Mozilla Firefox\firefox.exe" -d "C:\Program Files\Mozilla Firefox"
[Disabled] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
		N/A 
[Enabled] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
		N/A 
[Enabled] \Microsoft\Windows\Bluetooth\UninstallDeviceTask
		BthUdTask.exe $(Arg0)
[Enabled] \Microsoft\Windows\CertificateServicesClient\SystemTask
		N/A 
[Enabled] \Microsoft\Windows\CertificateServicesClient\UserTask
		N/A 
[Enabled] \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
		N/A 
[Enabled] \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
		%SystemRoot%\System32\wsqmcons.exe 
[Enabled] \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification
		%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0
[Enabled] \Microsoft\Windows\Defrag\ManualDefrag
		%windir%\system32\defrag.exe -c
[Enabled] \Microsoft\Windows\Defrag\ScheduledDefrag
		%windir%\system32\defrag.exe -c -i
[Enabled] \Microsoft\Windows\Media Center\ehDRMInit
		%SystemRoot%\ehome\ehPrivJob.exe /DRMInit
[Enabled] \Microsoft\Windows\Media Center\mcupdate
		%SystemRoot%\ehome\mcupdate $(Arg0) -gc
[Enabled] \Microsoft\Windows\Media Center\OCURActivate
		%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
[Enabled] \Microsoft\Windows\Media Center\OCURDiscovery
		%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery
[Enabled] \Microsoft\Windows\Media Center\UpdateRecordPath
		%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
[Enabled] \Microsoft\Windows\MobilePC\HotStart
		N/A 
[Enabled] \Microsoft\Windows\MobilePC\TMM
		N/A 
[Enabled] \Microsoft\Windows\MUI\LPRemove
		%windir%\system32\lpremove.exe 
[Enabled] \Microsoft\Windows\Multimedia\SystemSoundsService
		N/A 
[Enabled] \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
		N/A 
[Enabled] \Microsoft\Windows\Shell\CrawlStartPages
		N/A 
[Disabled] \Microsoft\Windows\SideShow\AutoWake
		N/A 
[Enabled] \Microsoft\Windows\SideShow\GadgetManager
		N/A 
[Disabled] \Microsoft\Windows\SideShow\SessionAgent
		N/A 
[Disabled] \Microsoft\Windows\SideShow\SystemDataProviders
		N/A 
[Enabled] \Microsoft\Windows\SystemRestore\SR
		%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
[Enabled] \Microsoft\Windows\Tcpip\IpAddressConflict1
		rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
[Enabled] \Microsoft\Windows\Tcpip\IpAddressConflict2
		rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
[Enabled] \Microsoft\Windows\UPnP\UPnPHostConfig
		sc.exe config upnphost start= auto
[Enabled] \Microsoft\Windows\Windows Error Reporting\QueueReporting
		%windir%\system32\wermgr.exe -queuereporting
[Enabled] \Microsoft\Windows\Wired\GatherWiredInfo
		%windir%\system32\gatherWiredInfo.vbs 
[Enabled] \Microsoft\Windows\Wireless\GatherWirelessInfo
		%windir%\system32\gatherWirelessInfo.vbs 

==================================
Windows Security Update Check
 Office Live add-in 1.4 
KB949810,  Office Genuine Advantage Notifications (KB949810) 
KB949810,  Windows Live Essentials 

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

I followed your instructions and this is what was in the host file

127.0.0.1 localhost
::1 localhost

#14 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:40 AM

Posted 08 October 2009 - 06:55 PM

Hi imazephed,


Looks better. Any more popups? Is everything back to working order?

#15 imazephed

imazephed
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 08 October 2009 - 07:21 PM

Pop ups are still there...:~(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users