Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trying to remove malware-malwarebytes access denied


  • This topic is locked This topic is locked
14 replies to this topic

#1 bradrx

bradrx

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 20 September 2009 - 11:58 AM

OK,

Windows XP sp3

heres the problem,
All search engine results take me to various other sites. Malwarebytes wont run. Sometimes regedit wont run. I downloaded spyware doctor, and superanti spyware the first one runs but doesnt fix the problem the second one will not run now. it did one scan and now does not work. I have mcafee on the system . it was not updated, but is now.

I have spyware doctor and mcafee both running. Spyware doctor will scan and find things like trojan-downloader agent, but the trojans com right back after it says they are removed. Mcafee cannot scan.

after reviewing your site i tried to download and install malwarebytes. it loaded but the scan gets a few seconds in and then shuts down.

Ill take any help u can offeer.

thanks,
Brad

Edited by bradrx, 20 September 2009 - 01:00 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:36 AM

Posted 20 September 2009 - 02:57 PM

Try disabling McAfee before running MBAM and SAS.

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. Mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.php
Note: You will need to reactivate the program using the license you were sent.
Note: If using Free version, ignore the part about putting in your license key and activating.
Launch the program and set the Protection and Registration.
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.


We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 bradrx

bradrx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 20 September 2009 - 04:17 PM

thanks for the responce,

I tried everything in your post. it all worked fine except both Malwarebytes and rootrepeal ran for about 10 seconds and then shutdown. i managed to get everything downloaded and at least they both tried to run once. now they both say i dont have permission to access them.

sry but no logs were generated and now i cannont run the programs again. i will continue to try this again until i hear back with any other suggestions.

Brad

hey i did manage to get rootrepeal to partially run by renaming it

it still would shutdown when i scanned C;
but the rest of the scan worked
here it is if it helps

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xA2E34000 Size: 479232 File Visible: No Signed: -
Status: -

Name: root-repealrenamed.sys
Image Path: C:\WINDOWS\system32\drivers\root-repealrenamed.sys
Address: 0xA1542000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sUBs:1
Image Path: C:\WINDOWS\sUBs:1
Address: 0xA3277000 Size: 20480 File Visible: No Signed: -
Status: -

Name: sUBs:2
Image Path: C:\WINDOWS\sUBs:2
Address: 0xB5DC1000 Size: 61440 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xba705d72

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xba6e69a6

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xba6e6b98

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xba706568

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xba706820

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xba704a80

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xba706c8a

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xba706036

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xba6e6656

==EOF==

Edited by bradrx, 20 September 2009 - 04:43 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:36 AM

Posted 20 September 2009 - 05:14 PM

What antivirus,Operating System and are you using SpyBot?

SINO
Let's run System INvestigator by Olrik

Please download SINO by Artellos from here
  • Save SINO to a place you can remember and run SINO.exe.
  • Then please check the following checkboxes:

    System Info
    Services
    Boot Check
    Tasklist
    Startup Items
    Ipconfig
    Ping
    Netstat
    Hosts file
    Shares
    Routing Table


  • Once checked, hit the Run Scan! button and wait for the program to finish the scan.
  • A notepad file will pop up, Please copy and paste the content of the notepad into your next reply.
Note: If you try to interact with the program once it's started scanning it might appear to hang. The scan however will continue.

Edited by boopme, 20 September 2009 - 05:22 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 bradrx

bradrx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 20 September 2009 - 06:16 PM

ok i have the file from SINO

is there a way to e-mail it to you. it is too big to post here and it keeps telling me there is an error in the bb code


sry, im pretty new to some of this

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:36 AM

Posted 20 September 2009 - 07:03 PM

Well you can try a PM// Also if the Hosts file is too long leave it out. You can also break it into severral posts.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 bradrx

bradrx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 20 September 2009 - 07:13 PM

sent it on e-mail..hope it helps out.

brad

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:36 AM

Posted 20 September 2009 - 07:42 PM

It still needs to be copy/paste or it becomes un readable and I cannot do anything with it to post it.

Also rerun Rootrepeal .. This time in step select only Files.

Edited by boopme, 20 September 2009 - 07:44 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 bradrx

bradrx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 20 September 2009 - 07:47 PM

OK .

copy and pasted in new e-mail

rootrepeal still shuts down when trying to scan only files

Edited by bradrx, 20 September 2009 - 07:55 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:36 AM

Posted 20 September 2009 - 08:24 PM

Ok looks like we need to give this a go.. I am thinkung we have aserious rootkit here.

System Repair Engineer
  • Please download System Repair Engineer from here
  • Unzip/extract sreng2.zip to a folder on your desktop
  • Double-click on SREngLdr.EXE to launch System Repair Engineer
  • Click the Smart Scan Icon
  • Click Scan
  • Wait for the scan to finish
  • Click on the Save Reports button
  • Save it to your desktop, using the recommended name of SREngLOG.log
  • Close System Repair Engineer
  • Use notepad to open the SREngLOG.log file
  • Copy & paste the contents of that file as a reply to this topic
  • Note: The log may be long, and you may need several posts to post all of it
  • If you are using a custom HOSTS file, please leave out the HOSTS File section, as it will make the log far too long

Edited by boopme, 20 September 2009 - 08:25 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 bradrx

bradrx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 20 September 2009 - 08:44 PM

here ya go
CODE]

2009-09-20,20:40:38

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Running Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan
Scheduled Tasks
Windows Security Update Check
API HOOK
Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
<H/PC Connection Agent><"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"> [(Verified)Microsoft Corporation]
<Orb><"C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background> [File is missing]
<ISUSPM><"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler> [(Verified)Acresso Software Inc.]
<SUPERAntiSpyware><C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe> []
<WMPNSCFG><C:\Program Files\Windows Media Player\WMPNSCFG.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<DwlClient><C:\Program Files\Common Files\Dell\EUSW\Support.exe> [Dell]
<UpdateManager><"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r> [Sonic Solutions]
<SoundMAXPnP><C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe> [Analog Devices, Inc.]
<PrinTray><C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe> [Lexmark]
<POINTER><point32.exe> [N/A]
<lxamsp32.exe><lxamsp32.exe> [Lexmark International]
<IntelMeM><C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe> [Intel Corporation]
<IAAnotif><C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe> [Intel Corporation]
<dla><C:\WINDOWS\system32\dla\tfswctrl.exe> [Sonic Solutions]
<mmtask><"C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"> [Musicmatch Inc.]
<UnlockerAssistant><"C:\Program Files\Unlocker\UnlockerAssistant.exe"> [File is missing]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<mcagent_exe><"C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey> [(Verified)"McAfee, Inc."]
<BlackBerryAutoUpdate><C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background> [(Verified)Research In Motion]
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.]
<iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)Apple Inc.]
<RoxWatchTray><"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"> [(Verified)Sonic Solutions]
<SunJavaUpdateSched><"C:\Program Files\Java\jre6\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<Orb><> [N/A]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><nadubesu.dll> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}><C:\Program Files\SUPERAntiSpyware\SASSEH.DLL> [SuperAdBlocker.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><C:\WINDOWS\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Component Publisher]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
<WinlogonNotify: !SASWinLogon><C:\Program Files\SUPERAntiSpyware\SASWINLO.dll> [SUPERAntiSpyware.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\KB910393]
<KB910393><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{407408d4-94ed-4d86-ab69-a7f649d112ee}]
<Media Center><%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser> [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\system32\WPGLDFSH.SCR> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<DVDLauncher><; "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"> [CyberLink Corp.]
<iTunesHelper><; "C:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)Apple Inc.]
<mmtask><; C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe> [Musicmatch Inc.]
<QuickTime Task><; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.]
<RealTray><; C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER> [File is missing]

==================================
Startup Folders
N/A

==================================
Services
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
<"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple Inc.>
[Bonjour Service / Bonjour Service][Running/Auto Start]
<"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Inc.>
[IAA Event Monitor / IAANTMon][Running/Auto Start]
<C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe><Intel Corporation>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPod Service / iPod Service][Stopped/Manual Start]
<"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[Java Quick Starter / JavaQuickStarterService][Running/Auto Start]
<"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"><Sun Microsystems, Inc.>
[LexBce Server / LexBceS][Running/Auto Start]
<C:\WINDOWS\system32\LEXBCES.EXE><Lexmark International, Inc.>
[McAfee SiteAdvisor Service / McAfee SiteAdvisor Service][Running/Auto Start]
<"C:\Program Files\McAfee\SiteAdvisor\McSACore.exe"><>
[McAfee Services / mcmscsvc][Running/Auto Start]
<C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe><McAfee, Inc.>
[McAfee Network Agent / McNASvc][Running/Auto Start]
<"c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe"><McAfee, Inc.>
[McAfee Scanner / McODS][Stopped/Manual Start]
<C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe><N/A>
[McAfee Proxy Service / McProxy][Running/Auto Start]
<c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe><McAfee, Inc.>
[McAfee Real-time Scanner / McShield][Running/Auto Start]
<C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe><McAfee, Inc.>
[McAfee SystemGuards / McSysmon][Running/Manual Start]
<C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe><McAfee, Inc.>
[MHN / MHN][Stopped/Manual Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\mhn.dll><Microsoft Corporation>
[McAfee Personal Firewall Service / MpfService][Running/Auto Start]
<"C:\Program Files\McAfee\MPF\MPFSrv.exe"><McAfee, Inc.>
[McAfee Anti-Spam Service / MSK80Service][Running/Auto Start]
<"C:\Program Files\McAfee\MSK\MskSrver.exe"><McAfee, Inc.>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Roxio UPnP Renderer 9 / Roxio UPnP Renderer 9][Stopped/Manual Start]
<"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe"><Sonic Solutions>
[Roxio Upnp Server 9 / Roxio Upnp Server 9][Stopped/Auto Start]
<"C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe"><Sonic Solutions>
[LiveShare P2P Server 9 / RoxLiveShare9][Stopped/Auto Start]
<"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe"><Sonic Solutions>
[RoxMediaDB9 / RoxMediaDB9][Stopped/Manual Start]
<"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"><Sonic Solutions>
[Roxio Hard Drive Watcher 9 / RoxWatch9][Stopped/Auto Start]
<"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"><Sonic Solutions>
[PC Tools Auxiliary Service / sdAuxService][Stopped/Manual Start]
<C:\Program Files\Spyware Doctor\pctsAuxs.exe><PC Tools>
[PC Tools Security Service / sdCoreService][Stopped/Manual Start]
<C:\Program Files\Spyware Doctor\pctsSvc.exe><PC Tools>
[Ulead Burning Helper / UleadBurningHelper][Running/Auto Start]
<C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>

==================================
Drivers
[AliIde / AliIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[APLMp50 NDIS Protocol Driver / APLMp50][Stopped/Manual Start]
<System32\Drivers\APLMp50.sys><Printing Communications Assoc., Inc. (PCAUSA)>
[asc / asc][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[ATI TV Wonder Pro A/V Capture / ATICXCAP][Stopped/Manual Start]
<system32\drivers\aticxcap.sys><ATI Technologies, Inc.>
[ATI TV Wonder Pro Tuner (Philips 1236 MK3) / ATICXTUN][Stopped/Manual Start]
<system32\drivers\aticxtun.sys><ATI Technologies, Inc.>
[ATI TV Wonder Pro A/V Crossbar / ATICXXBR][Stopped/Manual Start]
<system32\drivers\aticxxbr.sys><ATI Technologies, Inc.>
[ATITool Overclocking Utility / ATITool][Stopped/System Start]
<system32\DRIVERS\ATITool.sys><>
[Broadcom NetXtreme 57xx Gigabit Controller / b57w2k][Running/Manual Start]
<system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[Arrowkey Device Access / CDRPDACC][Running/Auto Start]
<\??\C:\Program Files\321Studios\Shared\CDRPDACC.SYS><Arrowkey>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[drvmcdb / drvmcdb][Running/Boot Start]
<\SystemRoot\system32\drivers\drvmcdb.sys><Sonic Solutions>
[drvnddm / drvnddm][Running/Auto Start]
<system32\drivers\drvnddm.sys><Sonic Solutions>
[Intel® PRO Adapter Driver / E100B][Stopped/Manual Start]
<system32\DRIVERS\e100b325.sys><Intel Corporation>
[GEAR ASPI Filter Driver / GEARAspiWDM][Running/Manual Start]
<SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[Hauppauge WinTV PVR PCI II ([23|25|26]xxx) / hcwPP2][Running/Manual Start]
<system32\DRIVERS\hcwPP2.sys><Hauppauge Computer Works, Inc.>
[Intel AHCI Controller / iaStor][Running/Boot Start]
<\SystemRoot\system32\drivers\iaStor.sys><Intel Corporation>
[IntelC51 / IntelC51][Running/Manual Start]
<system32\DRIVERS\IntelC51.sys><Intel Corporation>
[IntelC52 / IntelC52][Running/Manual Start]
<system32\DRIVERS\IntelC52.sys><Intel Corporation>
[IntelC53 / IntelC53][Running/Manual Start]
<system32\DRIVERS\IntelC53.sys><Intel Corporation>
[Lbd / Lbd][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\Lbd.sys><N/A>
[McAfee Inc. mfeavfk / mfeavfk][Running/Manual Start]
<system32\drivers\mfeavfk.sys><McAfee, Inc.>
[McAfee Inc. mfebopk / mfebopk][Running/Manual Start]
<system32\drivers\mfebopk.sys><McAfee, Inc.>
[McAfee Inc. mfehidk / mfehidk][Running/System Start]
<system32\drivers\mfehidk.sys><McAfee, Inc.>
[McAfee Inc. mferkdk / mferkdk][Stopped/Manual Start]
<system32\drivers\mferkdk.sys><McAfee, Inc.>
[McAfee Inc. mfesmfk / mfesmfk][Running/Manual Start]
<system32\drivers\mfesmfk.sys><McAfee, Inc.>
[MHN driver / MHNDRV][Stopped/Manual Start]
<system32\DRIVERS\mhndrv.sys><Microsoft Corporation>
[mohfilt / mohfilt][Running/Manual Start]
<system32\DRIVERS\mohfilt.sys><Intel Corporation>
[MPFP / MPFP][Running/System Start]
<System32\Drivers\Mpfp.sys><McAfee, Inc.>
[mraid35x / mraid35x][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[OMCI WDM Device Driver / omci][Running/System Start]
<system32\DRIVERS\omci.sys><Dell Computer Corporation>
[Low level access layer for CD devices / Pcouffin][Running/Manual Start]
<System32\Drivers\Pcouffin.sys><VSO Software>
[PCTools KDS / PCTCore][Running/Boot Start]
<\SystemRoot\system32\drivers\PCTCore.sys><PC Tools>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[ql1080 / ql1080][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[ql12160 / ql12160][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[BlackBerry Smartphone / RimUsb][Stopped/Manual Start]
<System32\Drivers\RimUsb.sys><Research In Motion Limited>
[RIM Virtual Serial Port v2 / RimVSerPort][Running/Manual Start]
<system32\DRIVERS\RimSerial.sys><Research in Motion Ltd>
[rootrepeal / rootrepeal][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\rootrepeal.sys><N/A>
[SASDIFSV / SASDIFSV][Running/System Start]
<\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS><SUPERAdBlocker.com and SUPERAntiSpyware.com>
[SASENUM / SASENUM][Stopped/Manual Start]
<\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS><SUPERAdBlocker.com and SUPERAntiSpyware.com>
[SASKUTIL / SASKUTIL][Running/System Start]
<\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys><SUPERAdBlocker.com and SUPERAntiSpyware.com>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[senfilt / senfilt][Running/Manual Start]
<system32\drivers\senfilt.sys><Sensaura>
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[Sparrow / Sparrow][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[sscdbhk5 / sscdbhk5][Running/System Start]
<system32\drivers\sscdbhk5.sys><Sonic Solutions>
[ssrtln / ssrtln][Running/System Start]
<system32\drivers\ssrtln.sys><Sonic Solutions>
[symc810 / symc810][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[Tunebite High-Speed Dubbing / tbhsd][Running/Manual Start]
<system32\drivers\tbhsd.sys><RapidSolution Software AG>
[tfsnboio / tfsnboio][Running/Auto Start]
<system32\dla\tfsnboio.sys><Sonic Solutions>
[tfsncofs / tfsncofs][Running/Auto Start]
<system32\dla\tfsncofs.sys><Sonic Solutions>
[tfsndrct / tfsndrct][Running/Auto Start]
<system32\dla\tfsndrct.sys><Sonic Solutions>
[tfsndres / tfsndres][Running/Auto Start]
<system32\dla\tfsndres.sys><Sonic Solutions>
[tfsnifs / tfsnifs][Running/Auto Start]
<system32\dla\tfsnifs.sys><Sonic Solutions>
[tfsnopio / tfsnopio][Running/Auto Start]
<system32\dla\tfsnopio.sys><Sonic Solutions>
[tfsnpool / tfsnpool][Running/Auto Start]
<system32\dla\tfsnpool.sys><Sonic Solutions>
[tfsnudf / tfsnudf][Running/Auto Start]
<system32\dla\tfsnudf.sys><Sonic Solutions>
[tfsnudfa / tfsnudfa][Running/Auto Start]
<system32\dla\tfsnudfa.sys><Sonic Solutions>
[ultra / ultra][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[Apple Mobile USB Driver / USBAAPL][Stopped/Manual Start]
<System32\Drivers\usbaapl.sys><Apple, Inc.>
[WAN Miniport (ATW) / wanatw][Stopped/Manual Start]
<system32\DRIVERS\wanatw4.sys><N/A>

==================================
Browser Add-ons
[Create Mobile Favorite]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MI3AA1~1\INetRepl.dll, (Signed) Microsoft Corporation>
[Create Mobile Favorite]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MI3AA1~1\INetRepl.dll, (Signed) Microsoft Corporation>
[]
{9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} <, >
[Real.com]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} <C:\WINDOWS\system32\Shdocvw.dll, (Signed) Microsoft Corporation>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[McAfee SiteAdvisor Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} <c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll, (Signed) >
[]
{2E28242B-A689-11D4-80F2-0040266CBB8D} <, >
[Java Plug-in 1.6.0_15]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[]
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[Java Plug-in 1.6.0_15]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_15]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_15.dll, (Signed) Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx, (Signed) Adobe Systems, Inc.>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>
[MetaStreamCtl Class]
{03F998B2-0E00-11D3-A498-00104B6EB52E} <, >
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
{089FD14D-132B-48FC-8861-0048AE113215} <, >
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[]
{0BF43445-2F28-4351-9252-17FE6E806AA0} <, >
[McAfee SiteAdvisor Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} <c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll, (Signed) >
[PeerDraw Class]
{10072CEC-8CC1-11D1-986E-00A0C955B42E} <%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll, (Signed) N/A>
[]
{11260943-421B-11D0-8EAC-0000C07D88CF} <, >
[]
{166B1BCA-3F9C-11CF-8075-444553540000} <, >
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[InformationCardSigninHelper Class]
{19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, (Signed) Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[]
{233C1507-6A77-46A4-9443-F871F945D258} <, >
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[McAfee Phishing Filter]
{27B4851A-3207-45A2-B947-BE8AFE6163AB} <c:\PROGRA~1\mcafee\msk\mskapbho.dll, (Signed) >
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XSL Template]
{2933BF94-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[]
{2E28242B-A689-11D4-80F2-0040266CBB8D} <, >
[]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <, >
[]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <, >
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, (Signed) Microsoft Corporation>
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, (Signed) Microsoft Corporation>
[]
{36C417C6-13C6-448B-9784-DD73A93B0582} <, >
[XML Schema Cache]
{373984C9-B845-449B-91E7-45AC83036ADE} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
{377C180E-6F0E-4D4C-980F-F45BD3D40CF4} <, >
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation>
[]
{39FD89BF-D3F1-45B6-BB56-3582CCF489E1} <, >
[]
{3AA42713-5C1E-48E2-B432-D8BF420DD31D} <, >
[]
{3BA4271E-5C1E-48E2-B432-D8BF420DD31D} <, >
[QuickTime Object]
{4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>
[]
{41D68ED8-4CFF-4115-88A6-6EBB8AF19000} <, >
[]
{43CF38F3-5AEC-45A3-AD31-04EB06E9C6CA} <, >
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
{4C29D864-C55A-46DD-865C-17A1B7CC1A1A} <, >
[]
{4DC7EF9E-48DC-4E29-B3E7-ACF54BB91B45} <, >
[Microsoft Terminal Services Client Control (redist)]
{4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} <, >
[Microsoft Terminal Services Client Control (redist)]
{4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Glassbook Detecter Class]
{4F878398-E58A-11D3-BEE9-00C04FA0D6BA} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\GbDetect.dll, (Signed) Adobe Systems Incorporated>
[Microsoft Licensed Class Manager 1.0]
{5220CB21-C88D-11CF-B347-00AA00A28331} <C:\WINDOWS\system32\licmgr10.dll, (Signed) Microsoft Corporation>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[isInstalled Class]
{5852F5ED-8BF4-11D4-A245-0080C6F74284} <C:\Program Files\Java\jre6\bin\wsdetect.dll, Sun Microsystems, Inc.>
[]
{5940894F-4BA9-4FAC-ACFD-2F56F7CE0E3B} <, >
[InstallShield Update Service Agent]
{5B7524C8-2446-40E9-9474-94A779DBA224} <C:\WINDOWS\Downloaded Program Files\isusweb.dll, (Signed) Macrovision Corporation>
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[Microsoft Shell UI Helper]
{64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[]
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} <, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Windows Script Host Shell Object]
{72C24DD5-D70A-438B-8A42-98424B88AFB8} <C:\WINDOWS\system32\wshom.ocx, (Signed) Microsoft Corporation>
[Microsoft Terminal Services Client Control (redist)]
{7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
{7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, >
[COM+ Transaction Context Component]
{7999FC25-D3C6-11CF-ACAB-00A024A55AEF} <C:\WINDOWS\system32\comsvcs.dll, (Signed) Microsoft Corporation>
[scriptproxy]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} <c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll, (Signed) McAfee, Inc.>
[]
{85D1F3B2-2A21-11D7-97B9-0010DC2A6243} <, >
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[XML DOM Document 4.0]
{88D969C0-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 4.0]
{88D969C1-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XML Schema Cache 4.0]
{88D969C2-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XSL Template 4.0]
{88D969C3-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XML Data Source Object 4.0]
{88D969C4-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XML HTTP 4.0]
{88D969C5-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
{88D96A05-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 6.0]
{88D96A06-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XML Schema Cache 6.0]
{88D96A07-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XSL Template 6.0]
{88D96A08-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XML HTTP 6.0]
{88D96A0A-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_15]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[]
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[Microsoft Terminal Services Client Control (redist)]
{9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
{9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} <, >
[McSubMgr Class]
{9BE8D7B2-329C-442A-A4AC-ABA9D7572602} <c:\PROGRA~1\mcafee\msc\mcsubmgr\9_3_13~1\mcsubmgr.dll, (Signed) McAfee, Inc.>
[McAfee SiteAdvisor BHO]
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} <c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll, (Signed) >
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[]
{BA52B914-B692-46C4-B683-905236F6F655} <, >
[]
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} <, >
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[EPUImageControl Class]
{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} <C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll, (Signed) eBay, Inc.>
[]
{CA145D71-4BCB-461D-BCBE-C01C42867380} <, >
[Adobe PDF Reader]
{CA8A9780-280D-11CF-A24D-444553540000} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll, (Signed) Adobe Systems, Inc.>
[Java Plug-in 1.6.0_02]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_02]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_02]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_03]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_03]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_03]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_07]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_07]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_07]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_15]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Deployment Toolkit]
{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} <C:\WINDOWS\system32\deploytk.dll, (Signed) Sun Microsystems, Inc.>
[Behavior Object]
{CB927D12-4FF7-4A9E-A169-56E4B8A75598} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__MPEG Moniker Class]
{CD3AFA89-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[]
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE} <, >
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx, (Signed) Adobe Systems, Inc.>
[]
{D2D8D3C0-C750-4703-A6AD-75D6B578FFE6} <, >
[iTunesDetector Class]
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} <C:\Program Files\iTunes\ITDetector.ocx, (Signed) Apple Inc.>
[Java™ Plug-In 2 SSV Helper]
{DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, (Signed) Sun Microsystems, Inc.>
[QuickTimeCheck Class]
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, (Signed) Apple Inc.>
[Microsoft Silverlight]
{DFEAF541-F3E1-4C24-ACAC-99C30715084A} <c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll, (Signed) Microsoft Corporation>
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[JQSIEStartDetectorImpl Class]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[InstallShield Update Service Agent]
{E9880553-B8A7-4960-A668-95C68BED571E} <C:\WINDOWS\Downloaded Program Files\isusweb.dll, (Signed) Macrovision Corporation>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Scripting.Dictionary]
{EE09B103-97E0-11CF-978F-00A02463E06F} <C:\WINDOWS\system32\scrrun.dll, (Signed) Microsoft Corporation>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 3.0]
{F5078F33-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML Schema Cache 3.0]
{F5078F34-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XSL Template 3.0]
{F5078F36-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML Data Source Object 3.0]
{F5078F39-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document]
{F6D90F12-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML Data Source Object]
{F6D90F14-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[Download ALL with IDA]
<F1910-F110-11D2-BB9E-00C04F795683}, N/A>
[Download with IDA]
<, >
[E&xport to Microsoft Excel]
<res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 708 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 756 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 780 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\Program Files\SUPERAntiSpyware\SASWINLO.dll] [SUPERAntiSpyware.com, 1, 0, 0, 1054]
[PID: 824 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[PID: 836 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\tscocawf.dll] [user, 1, 0, 0, 9]
[PID: 1032 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1116 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[\\?\globalroot\Device\__max++>\19726338.x86.dll] [N/A, ]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Inc., 1,0,6,2]
[PID: 1212 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[\\?\globalroot\Device\__max++>\19726338.x86.dll] [N/A, ]
[PID: 1336 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[\\?\globalroot\Device\__max++>\19726338.x86.dll] [N/A, ]
[PID: 1412 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1556 / SYSTEM][C:\WINDOWS\system32\LEXBCES.EXE] [Lexmark International, Inc., 7.2]
[C:\WINDOWS\system32\lexp2p32.dll] [Lexmark International, Inc., 7.2]
[C:\WINDOWS\system32\lex2kusb.dll] [Lexmark International, Inc., 7.2]
[PID: 1600 / SYSTEM][C:\WINDOWS\system32\LEXPPS.EXE] [Lexmark International, Inc., 7.2]
[\\?\globalroot\Device\__max++>\19726338.x86.dll] [N/A, ]
[C:\WINDOWS\system32\LEXBCE.DLL] [Lexmark International, Inc., 7.2]
[PID: 1620 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[\\?\globalroot\Device\__max++>\19726338.x86.dll] [N/A, ]
[C:\WINDOWS\system32\LEXLMPM.DLL] [Lexmark International, Inc., 7.2]
[C:\WINDOWS\system32\LexBce.dll] [Lexmark International, Inc., 7.2]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxampp.dll] [Lexmark International, 1, 0, 0, 1]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Inc., 1,0,6,2]
[PID: 232 / Brad][C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe] [Analog Devices, Inc., 5, 0, 2, 0]
[C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll] [Analog Devices, Inc., 5, 0, 2, 008]
[C:\Program Files\McAfee\SiteAdvisor\saHook.dll] [, ]
[C:\Program Files\Microsoft Hardware\Mouse\MSH_ZWF.dll] [Microsoft Corporation, 4.10.0851.0]
[PID: 236 / Brad][C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe] [Lexmark, 1, 0, 0, 7]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\PrinTray.dll] [Lexmark, 1, 0, 0, 7]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXAMICO.DLL] [N/A, ]
[C:\Program Files\Microsoft Hardware\Mouse\MSH_ZWF.dll] [Microsoft Corporation, 4.10.0851.0]
[PID: 248 / Brad][C:\Program Files\Microsoft Hardware\Mouse\point32.exe] [Microsoft Corporation, 4.10.0851.0]
[C:\Program Files\Microsoft Hardware\Mouse\CMTOOL32.dll] [Microsoft Corporation, 4.10.0851.0]
[C:\Program Files\Microsoft Hardware\Mouse\MSHLOCAL.dll] [Microsoft Corporation, 4.10.0851.0]
[C:\Program Files\Microsoft Hardware\Mouse\MSLNG32.dll] [Microsoft Corporation, 4.10.0851.0]
[C:\Program Files\Microsoft Hardware\Mouse\MSH_ZWF.dll] [Microsoft Corporation, 4.10.0851.0]
[C:\Program Files\Microsoft Hardware\Mouse\POINT32.dll] [Microsoft Corporation, 4.10.0851.0]
[C:\Program Files\Microsoft Hardware\Mouse\IP4xBatt.dll] [N/A, ]
[PID: 256 / Brad][C:\WINDOWS\system32\lxamsp32.exe] [Lexmark International, 0, 98, 1, 0]
[C:\WINDOWS\system32\lxamsp32.dll] [Lexmark International, 0, 98, 4, 0]
[C:\Program Files\Microsoft Hardware\Mouse\MSH_ZWF.dll] [Microsoft Corporation, 4.10.0851.0]
[PID: 520 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 552 / SYSTEM][C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe] [Apple Inc., 2.50.39.0]
[\\?\globalroot\Device\__max++>\19726338.x86.dll] [N/A, ]
[PID: 568 / SYSTEM][C:\Program Files\Bonjour\mDNSResponder.exe] [Apple Inc., 1,0,6,2]
[\\?\globalroot\Device\__max++>\19726338.x86.dll] [N/A, ]
[PID: 604 / SYSTEM][C:\WINDOWS\eHome\ehRecvr.exe] [Microsoft Corporation, 5.1.2715.3011 (xpsp(wmbla).061009-1511)]
[C:\WINDOWS\system32\sbe.dll] [, ]
[C:\WINDOWS\system32\quartz.dll] [, ]
[C:\WINDOWS\system32\devenum.dll] [, ]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\hcwECP.ax] [Hauppauge Computer Works, Inc., 1.3.22208]
[C:\WINDOWS\system32\mpg2splt.ax] [, ]
[C:\WINDOWS\system32\VBICodec.ax] [, ]
[C:\WINDOWS\system32\encdec.dll] [, ]
[C:\WINDOWS\system32\hcwXDS.dll] [, 1, 4, 0, 20266]
[C:\WINDOWS\system32\hcwCCnv2.ax] [Hauppauge Computer Works, Inc., 2.0.16.22216]
[C:\Program Files\Replay AV 8\ffdshow.ax] [, 1.0.2.2041]
[C:\Program Files\Replay AV 8\VSFilter.dll] [Gabest, 1, 0, 1, 3]
[C:\Program Files\Common Files\Roxio Shared\9.0\SharedCom\RxDSMp3Encoder.ax] [Sonic Solutions, 9.4.1.48]
[C:\Program Files\Common Files\Roxio Shared\SharedCom\RxACMP3Lame3.dll] [Sonic Solutions, 9.4.1.48]
[C:\Program Files\321Studios\Platinum\mlcom.ax] [Moonlight Cordless Ltd., 1.00]
[C:\Program Files\Common Files\IviSDK\Hauppauge\IviAudio_Hauppauge.ax] [InterVideo Inc., 4.5.28.92]
[C:\WINDOWS\system32\L3CODECX.AX] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 5, 0, 50]
[C:\Program Files\Orb Networks\Orb\bin\DScaler5\MpegAudio.dll] [DScaler Team, 0, 0, 6, 0]
[PID: 672 / SYSTEM][C:\WINDOWS\eHome\ehSched.exe] [(Verified) Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1239)]
[PID: 840 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1324 / SYSTEM][C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe] [Intel Corporation, 4.0.0.6211]
[PID: 1392 / SYSTEM][C:\Program Files\Java\jre6\bin\jqs.exe] [Sun Microsystems, Inc., 6.0.150.3]
[\\?\globalroot\Device\__max++>\19726338.x86.dll] [N/A, ]
[PID: 1572 / SYSTEM][C:\Program Files\McAfee\SiteAdvisor\McSACore.exe] [, ]
[C:\Program Files\McAfee\SiteAdvisor\saHook.dll] [, ]
[c:\PROGRA~1\mcafee\SITEAD~1\apengine.dll] [, ]
[c:\PROGRA~1\mcafee\SITEAD~1\saupkeep.dll] [, ]
[C:\Program Files\McAfee\SiteAdvisor\SACore.dll] [, ]
[C:\Program Files\McAfee\SiteAdvisor\SASet.dll] [, ]
[c:\PROGRA~1\mcafee\SITEAD~1\MCSACO~1.DLL] [, ]
[c:\PROGRA~1\mcafee\msc\mcregobj\9_3_13~1\mcregobj.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\COMMON~1\mcafee\msc\mcutil\9_3_11~1\McUtil.dll] [McAfee, Inc., 9,3,114,0]
[c:\PROGRA~1\mcafee\SITEAD~1\McFrmWk.dll] [, ]
[c:\PROGRA~1\mcafee\SITEAD~1\CntScan.dll] [, ]
[PID: 1884 / Brad][C:\WINDOWS\explorer.exe] [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\McAfee\SiteAdvisor\saHook.dll] [, ]
[C:\Program Files\Microsoft Hardware\Mouse\MSH_ZWF.dll] [Microsoft Corporation, 4.10.0851.0]
[C:\WINDOWS\tscocawf.dll] [user, 1, 0, 0, 9]
[\\?\globalroot\Device\__max++>\19726338.x86.dll] [N/A, ]
[c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll] [McAfee, Inc., VSCORE.14.0.0.423.x86]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Inc., 1,0,6,2]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll] [McAfee, Inc., 13,3,127,0]
[C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL] [SUPERAntiSpyware.com, 1, 0, 0, 1004]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\SUPERAntiSpyware\SASSEH.DLL] [SuperAdBlocker.com, 1, 0, 0, 1012]
[PID: 2012 / SYSTEM][C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\COMMON~1\mcafee\msc\mcutil\9_3_11~1\McUtil.dll] [McAfee, Inc., 9,3,114,0]
[C:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 9,3,137,0]
[C:\PROGRA~1\McAfee\MSC\1033\McLocRes.dll] [McAfee, Inc., 9,3,106,0]
[C:\Program Files\McAfee\MSC\oem\105-59\Mccobres.dll] [McAfee, Inc., 8,0,205,0]
[C:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 9,3,106,0]
[C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll] [McAfee, Inc., 9,3,114,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll] [McAfee, Inc., 3,3,103,0]
[c:\PROGRA~1\mcafee\msc\mcshllps.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\mcafee\msc\mcmispps.dll] [McAfee, Inc., 9,3,137,0]
[C:\PROGRA~1\McAfee\MSC\McProHlp.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mvsap.dll] [McAfee, Inc., 13,3,127,0]
[c:\PROGRA~1\mcafee\msc\mcsubmgr\9_3_13~1\mcsubmgr.dll] [McAfee, Inc., 9,3,137,0]
[C:\PROGRA~1\McAfee\VIRUSS~1\1033\vscobres.dll] [McAfee, Inc., 13,3,126,0]
[c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll] [McAfee, Inc., 10.3.106.0]
[C:\Program Files\McAfee\MPF\1033\L10N.DLL] [McAfee, Inc., 10.3.102.0]
[c:\PROGRA~1\mcafee\mps\mpsmspap.dll] [McAfee, Inc., 11.3.103.0]
[c:\PROGRA~1\mcafee\msc\mcmscver.dll] [McAfee, Inc., 9,3,162,0]
[C:\PROGRA~1\McAfee\MPS\1033\MpsRes.DLL] [McAfee, Inc., 11.3.103.0]
[c:\PROGRA~1\mcafee\msk\mskmisp.dll] [McAfee, Inc., 10.3.109.0]
[c:\PROGRA~1\mcafee\msc\mcprotpv.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mvsver.dll] [McAfee, Inc., 13,3,130,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 3,3,103,0]
[c:\PROGRA~1\COMMON~1\mcafee\mcproxy\proxyver.dll] [McAfee, Inc., 3,3,104,0]
[c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapi.dll] [McAfee, Inc., 10.3.104.0]
[c:\PROGRA~1\COMMON~1\mcafee\fwdriver\fwdrvver.dll] [McAfee, Inc., 10.3.102.0]
[c:\PROGRA~1\mcafee\mps\mpsver.dll] [McAfee, Inc., 11.3.103.0]
[c:\PROGRA~1\mcafee\msc\mcnmcver.dll] [McAfee, Inc., 3,3,104,0]
[c:\PROGRA~1\mcafee\mqc\qcmisp.dll] [McAfee, Inc., 9,3,102,0]
[c:\PROGRA~1\mcafee\mqc\QcLite.dll] [McAfee, Inc., 9,3,102,0]
[PID: 2036 / SYSTEM][c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe] [McAfee, Inc., 3,3,104,0]
[c:\PROGRA~1\COMMON~1\mcafee\msc\mcutil\9_3_11~1\McUtil.dll] [McAfee, Inc., 9,3,114,0]
[\\?\globalroot\Device\__max++>\19726338.x86.dll] [N/A, ]
[c:\PROGRA~1\mcafee\msc\mcnmcsrv.dll] [McAfee, Inc., 3,3,104,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll] [McAfee, Inc., VSCORE.14.0.0.423.x86]
[c:\PROGRA~1\mcafee\msc\mcndsv.dll] [McAfee, Inc., 3,3,104,0]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Inc., 1,0,6,2]
[c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll] [McAfee, Inc., 3,3,103,0]
[C:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\mcafee\msc\mcshllps.dll] [McAfee, Inc., 9,3,137,0]
[C:\PROGRA~1\McAfee\MSC\1033\McLocRes.dll] [McAfee, Inc., 9,3,106,0]
[C:\Program Files\McAfee\MSC\oem\105-59\Mccobres.dll] [McAfee, Inc., 8,0,205,0]
[C:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 9,3,106,0]
[c:\PROGRA~1\mcafee\msc\mcsubmgr\9_3_13~1\mcsubmgr.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\COMMON~1\mcafee\mna\MCNASV~1.DLL] [McAfee, Inc., 3,3,104,0]
[c:\PROGRA~1\mcafee\msc\mcnmcsps.dll] [McAfee, Inc., 3,3,104,0]
[c:\PROGRA~1\mcafee\mpf\mc\mpfp.dll] [McAfee, Inc., 10.3.106.0]
[c:\PROGRA~1\mcafee\msc\mcregobj\9_3_13~1\mcregobj.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\mcafee\msc\mcmismgr.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\COMMON~1\mcafee\mna\mcuj.dll] [McAfee, Inc., 3,3,104,0]
[PID: 2204 / SYSTEM][c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe] [McAfee, Inc., 3,3,104,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\escnplug.dll] [McAfee, Inc., 13,3,130,0]
[C:\PROGRA~1\McAfee\VIRUSS~1\1033\EsPlgRes.dll] [McAfee, Inc., 13,3,113,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll] [McAfee, Inc., 13,3,130,0]
[c:\PROGRA~1\mcafee\mps\mps.dll] [McAfee, Inc., 11.3.103.0]
[c:\PROGRA~1\mcafee\msk\mskpxplg.dll] [McAfee, Inc., 10.3.109.0]
[c:\PROGRA~1\mcafee\mps\mpscfg.dll] [McAfee, Inc., 11.3.103.0]
[c:\PROGRA~1\mcafee\msc\mcmispps.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 3,3,103,0]
[c:\PROGRA~1\mcafee\msc\mcsubmgr\9_3_13~1\mcsubmgr.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\mcafee\mps\mpsevh.dll] [McAfee, Inc., 11.3.103.0]
[c:\PROGRA~1\mcafee\mps\mpsmisp.dll] [McAfee, Inc., 11.3.103.0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll] [McAfee, Inc., 3,3,103,0]
[C:\Program Files\McAfee\VirusScan\mvslog.dll] [McAfee, Inc., 13,3,127,0]
[PID: 2292 / SYSTEM][C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe] [McAfee, Inc., VSCORE.14.0.0.423.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\LockDown.dll] [McAfee, Inc., VSCORE.14.0.0.423.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\mytilus3.dll] [McAfee, Inc., VSCORE.14.0.0.423.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\mytilus3_worker.dll] [McAfee, Inc., VSCORE.14.0.0.423.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\mytilus3_server.dll] [McAfee, Inc., VSCORE.14.0.0.423.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\RES00\McShield.dll] [McAfee, Inc., VSCORE.14.0.0.423]
[C:\PROGRA~1\McAfee\VIRUSS~1\FTL.Dll] [McAfee, Inc., VSCORE.14.0.0.423.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\naiann.dll] [McAfee, Inc., 13,3,130,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll] [McAfee, Inc., 3,3,103,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mcvsps.dll] [McAfee, Inc., 13,3,130,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\naiannps.dll] [McAfee, Inc., 13,3,130,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll] [McAfee, Inc., 13,3,130,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 3,3,103,0]
[C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll] [McAfee, Inc., 13,3,127,0]
[C:\Program Files\McAfee\VirusScan\Engine\5301.4018\mcscan32.dll] [McAfee, Inc., 5.3.00]
[C:\Program Files\McAfee\VirusScan\Engine\5301.4018\mc5300up.001] [McAfee, Inc., 5.3.00]
[c:\PROGRA~1\mcafee\msc\mcmispps.dll] [McAfee, Inc., 9,3,137,0]
[C:\PROGRA~1\McAfee\VIRUSS~1\mfebopa.dll] [McAfee, Inc., SYSCORE.14.0.0.340.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll] [McAfee, Inc., SYSCORE.14.0.0.340.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\mfeavfa.dll] [McAfee, Inc., SYSCORE.14.0.0.340.x86]
[PID: 2348 / SYSTEM][C:\Program Files\McAfee\MPF\MPFSrv.exe] [McAfee, Inc., 10.3.111.0]
[c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapi.dll] [McAfee, Inc., 10.3.104.0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 3,3,103,0]
[c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll] [McAfee, Inc., 10.3.106.0]
[c:\PROGRA~1\mcafee\msc\mcmispps.dll] [McAfee, Inc., 9,3,137,0]
[\\?\globalroot\Device\__max++>\19726338.x86.dll] [N/A, ]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Inc., 1,0,6,2]
[c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll] [McAfee, Inc., VSCORE.14.0.0.423.x86]
[c:\PROGRA~1\mcafee\msc\mccfgpv.dll] [McAfee, Inc., 9,3,137,0]
[C:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 9,3,137,0]
[C:\PROGRA~1\McAfee\MSC\1033\McLocRes.dll] [McAfee, Inc., 9,3,106,0]
[C:\Program Files\McAfee\MSC\oem\105-59\Mccobres.dll] [McAfee, Inc., 8,0,205,0]
[C:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 9,3,106,0]
[PID: 2436 / SYSTEM][C:\Program Files\McAfee\MSK\MskSrver.exe] [McAfee, Inc., 10.3.109.0]
[c:\PROGRA~1\mcafee\msk\mskengn.dll] [McAfee, Inc., 10.3.109.0]
[c:\PROGRA~1\mcafee\msk\mskupd.dll] [McAfee, Inc., 10.3.109.0]
[c:\PROGRA~1\mcafee\msk\mskwm.dll] [McAfee, Inc., 10.3.109.0]
[c:\PROGRA~1\mcafee\msk\mskxaif.dll] [McAfee, Inc., 10.3.109.0]
[C:\Program Files\McAfee\MSK\MSKSet.dll] [McAfee, Inc., 10.3.109.0]
[C:\Program Files\McAfee\MSK\masecore.dll] [McAfee, Inc., 2.1.0.7825]
[\\?\globalroot\Device\__max++>\19726338.x86.dll] [N/A, ]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Inc., 1,0,6,2]
[PID: 2484 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.11.8120]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.8120]
[C:\Program Files\McAfee\SiteAdvisor\saHook.dll] [, ]
[PID: 528 / Brad][c:\PROGRA~1\mcafee.com\agent\mcagent.exe] [McAfee, Inc., 9,3,137,0]
[C:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 9,3,137,0]
[C:\PROGRA~1\McAfee\MSC\1033\McLocRes.dll] [McAfee, Inc., 9,3,106,0]
[C:\Program Files\McAfee\MSC\oem\105-59\Mccobres.dll] [McAfee, Inc., 8,0,205,0]
[C:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 9,3,106,0]
[C:\Program Files\McAfee\SiteAdvisor\saHook.dll] [, ]
[C:\PROGRA~1\McAfee\MSC\McAltLib.dll] [McAfee, Inc., 9,3,137,0]
[C:\PROGRA~1\COMMON~1\McAfee\MSC\MispLF.dll] [McAfee, Inc., 9,3,114,0]
[c:\PROGRA~1\COMMON~1\mcafee\msc\mcutil\9_3_11~1\McUtil.dll] [McAfee, Inc., 9,3,114,0]
[c:\PROGRA~1\mcafee\msc\mcuicfg.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll] [McAfee, Inc., 3,3,103,0]
[c:\PROGRA~1\mcafee\msc\mcmispps.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\mcafee\msc\mccfgpv.dll] [McAfee, Inc., 9,3,137,0]
[C:\Program Files\Microsoft Hardware\Mouse\MSH_ZWF.dll] [Microsoft Corporation, 4.10.0851.0]
[c:\PROGRA~1\mcafee.com\agent\mcagntps.dll] [McAfee, Inc., 9,3,137,0]
[c:\PROGRA~1\mcafee\msc\mcshllps.dll] [McAfee, Inc., 9,3,137,0]
[PID: 3584 / SYSTEM][c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe] [Microsoft Corporation, 2005.090.3042.00]
[PID: 3608 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[\\?\globalroot\Device\__max++>\19726338.x86.dll] [N/A, ]
[PID: 3660 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 3752 / SYSTEM][C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe] [Ulead Systems, Inc., 1, 0, 0, 3]
[PID: 3940 / LOCAL SERVICE][C:\WINDOWS\ehome\mcrdsvc.exe] [Microsoft Corporation, 4.1.2710.2732 (xpsp(wmbla).050805-1239)]
[\\?\globalroot\Device\__max++>\19726338.x86.dll] [N/A, ]
[PID: 3996 / NETWORK SERVICE][C:\Program Files\Windows Media Player\WMPNetwk.exe] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[\\?\globalroot\Device\__max++>\19726338.x86.dll] [N/A, ]
[PID: 3128 / SYSTEM][C:\WINDOWS\system32\dllhost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]
[PID: 3320 / SYSTEM][C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe] [McAfee, Inc., 13,3,130,0]
[c:\PROGRA~1\mcafee\msc\mcmispps.dll] [McAfee, Inc., 9,3,137,0]
[C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll] [McAfee, Inc., 13,3,127,0]
[C:\PROGRA~1\McAfee\VIRUSS~1\mfesmfa.dll] [McAfee, Inc., SYSCORE.14.0.0.340.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll] [McAfee, Inc., SYSCORE.14.0.0.340.x86]
[c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapi.dll] [McAfee, Inc., 10.3.104.0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll] [McAfee, Inc., 13,3,130,0]
[PID: 1956 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[\\?\globalroot\Device\__max++>\19726338.x86.dll] [N/A, ]
[PID: 3384 / Brad][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\Program Files\McAfee\SiteAdvisor\saHook.dll] [, ]
[C:\Program Files\Microsoft Hardware\Mouse\MSH_ZWF.dll] [Microsoft Corporation, 4.10.0851.0]
[PID: 304 / Brad][C:\downloads\str\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.8.1.1279]
[PID: 3428 / Brad][C:\downloads\str\sreng2\SRE3757f084.EXE] [Smallfrogs Studio, 2.8.1.1279]
[C:\Program Files\McAfee\SiteAdvisor\saHook.dll] [, ]
[C:\Program Files\Microsoft Hardware\Mouse\MSH_ZWF.dll] [Microsoft Corporation, 4.10.0851.0]
[C:\downloads\str\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[\\?\globalroot\Device\__max++>\19726338.x86.dll] [N/A, ]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Inc., 1,0,6,2]
[c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll] [McAfee, Inc., VSCORE.14.0.0.423.x86]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1556, C:\WINDOWS\SYSTEM32\LEXBCES.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1600, C:\WINDOWS\SYSTEM32\LEXPPS.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 232, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4PNP.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 236, C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\PRINTRAY.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 248, C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 256, C:\WINDOWS\SYSTEM32\LXAMSP32.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1324, C:\PROGRAM FILES\INTEL\INTEL APPLICATION ACCELERATOR\IAANTMON.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3752, C:\PROGRAM FILES\COMMON FILES\ULEAD SYSTEMS\DVD\ULCDRSVR.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 304, C:\DOWNLOADS\STR\SRENG2\SRENGLDR.EXE]

==================================
Scheduled Tasks
[Enabled] Orb Index when idle.job
C:\Program Files\Orb Networks\Orb\bin\OrbLauncher.exe
[Enabled] McQcTask.job
c:\PROGRA~1\mcafee\mqc\QcConsol.exe
[Enabled] McDefragTask.job
c:\PROGRA~1\mcafee\mqc\QcConsol.exe
[Enabled] AppleSoftwareUpdate.job
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
[Enabled] Ad-Aware Update (Weekly).job
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
[Enabled] User_Feed_Synchronization-{31133D98-C44C-4191-A7E3-ACCE74E204F2}.job
C:\WINDOWS\system32\msfeedssync.exe

==================================
Windows Security Update Check
N/A

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


[/CODE]

#12 bradrx

bradrx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 22 September 2009 - 10:00 PM

anything at all here?..im still stuck

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:36 AM

Posted 23 September 2009 - 09:37 AM

Hello, it took me a while but I found it in that log..
You do have a Rootkit that needs attention.

Now ... Download this Utility and save it to your Desktop.
Double-click the Utility to run it and and let it finish.
When it states Finished! Press any key to exit, press any key to close the program.
It will save a .txt file to your desktop automatically. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as part of the reply in the topic you will create below..

If you cannot do that ..Post thr SRE log also. In fact post it anyway.
Next please go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post the Rootrepeal log and the above log.

Let me know how that went.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 bradrx

bradrx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 23 September 2009 - 05:46 PM

ok..

got the utility to run. posted the log to the new topic. rootrepeal still will not run.

#15 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:36 AM

Posted 23 September 2009 - 10:40 PM

Hello,

Now comes the hard and frustrating part: waiting.

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/259794/win32kdiagexe-log/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users