Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed Windows Police Pro with Malwarebytes


  • Please log in to reply
5 replies to this topic

#1 pculter

pculter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 25 September 2009 - 07:02 PM

Ever since I used Malwarebytes to remove the Windows Police Pro malware, everytime I try and open any program, I get the following error in a Windows pop up box:

The application or DLL globalroot\systemroot\system32\gasfkyccofnjsu.dll is not a valid Windows image. Please check this against your installation diskette.

After I click OK on the window, the program opens up perfectly fine.

Please help!

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:07:17 AM

Posted 26 September 2009 - 09:38 AM

You're still infected. The newer variant of the rootkit can hide pretty good

Try these 2 scans to produce some logs

Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2
  • This tool will create a diagnostic report for me to review.
  • Double-click on Win32kDiag.exe to run and let it finish.
  • When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
  • A file called Win32kDiag.txt should be created on your Desktop.
  • Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.

    --------------------------------------
Go to Posted Image > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 pculter

pculter
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 26 September 2009 - 12:22 PM

Running from: C:\Documents and Settings\Ann\Local Settings\Temporary Internet Files\Content.IE5\TK9C8QAF\Win32kDiag[1].exe

Log file at : C:\Documents and Settings\Ann\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!

--------------

Volume in drive C has no label.
Volume Serial Number is 38E2-7DB5

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/10/2004 07:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/10/2004 07:00 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/10/2004 07:00 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 08:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 08:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 08:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

04/13/2008 08:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\system32

04/13/2008 08:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

04/13/2008 08:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Total Files Listed:
9 File(s) 1,932,288 bytes
0 Dir(s) 3,251,236,864 bytes free

#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:07:17 AM

Posted 26 September 2009 - 06:22 PM

Please download SREng2 (System Repair Engineer) and save to your desktop.
  • Create a new folder on your hard drive called Sreng2 (C:\Sreng2) and extract (unzip) the file there. (click here if you're not sure how to do this. Vista users refer to this link.)
  • Open the folder and double-click on SREngLdr.EXE to launch it. (If you are using Vista, please right-click and select run as administrator)
  • Select Smart Scan from the left pane.
  • Leave all options checked to include Verify the digital signature of process modules (default).
  • Click the Scan button at the bottom right corner.
  • Please be patient as the scan will take a few minutes.
  • When the scan is complete, click on the Save Reports button to save the SREngLOG.log to the SREeng folder (C:\SREng) or your Desktop.
  • Click Close and exit SREng.
  • Copy and paste the contents of SREngLOG.log in your next reply.
Note: The log can be long and you may need several posts to post all of it. If you're using a custom HOSTS file, edit out the HOSTS File section, as it will make the log too long for posting.[/color]
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 pculter

pculter
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 26 September 2009 - 10:47 PM

2009-09-26,23:45:22



System Repair Engineer 2.8.1.1279

Smallfrogs (http://www.KZTechs.com)



Windows XP Professional Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed



Follow item(s) have been selected:

	All Boot Items (Including Registry, Startup Folders, Services and so on)

	Browser Add-ons

	Running Processes (Including process model information)

	File Associations

	Winsock Provider

	Autorun.Inf

	HOSTS File

	Process Privileges Scan

	Scheduled Tasks

	Windows Security Update Check

	API HOOK

	Hidden Process





Boot Items

Registry

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

	<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]

	<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows Component Publisher]

	<H/PC Connection Agent><"C:\Program Files\Microsoft ActiveSync\wcescomm.exe">  [(Verified)Microsoft Corporation]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

	<Shockwave Updater><C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; Zune 3.0)" -"http://www.cartoonnetwork.com/games/scooby/bayouscooby/index.html">  [N/A]

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]

	<load><>  [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

	<cctray><"C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe">  [(Verified)CA]

	<CAVRID><"C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe">  [(Verified)CA]

	<capfupgrade><C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe>  [(Verified)CA]

	<capfasem><C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe>  [(Verified)CA]

	<cafwc><C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl>  [(Verified)CA]

	<Broadcom Wireless Manager UI><C:\WINDOWS\system32\WLTRAY.exe>  [Dell Inc.]

	<igfxtray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

	<igfxpers><C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

	<igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

	<SigmatelSysTrayApp><stsystra.exe>  [SigmaTel, Inc.]

	<dvd43><C:\Program Files\dvd43\dvd43_tray.exe>  []

	<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Inc.]

	<iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe">  [(Verified)Apple Inc.]

	<Zune Launcher><"c:\Program Files\Zune\ZuneLauncher.exe">  [(Verified)Microsoft Corporation]

	<Malwarebytes Anti-Malware (reboot)><"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript>  [(Verified)Malwarebytes Corporation]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

	<shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]

	<Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

	<AppInit_DLLs><>  [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

	<UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

	<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

	<PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]

	<CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]

	<WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows]

	<SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]

	<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

	<WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

	<WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

	<WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]

	<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

	<WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]

	<WinlogonNotify: PFW><UmxWnp.Dll>  [(Verified)CA]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

	<WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

	<WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

	<WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

	<WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

	<WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

	<WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

	<WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

	<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]

	<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]

	<Internet Explorer Version Update><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

	<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]

	<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

	<Browser Customizations><"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]

	<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]

	<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\KB910393]

	<KB910393><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]

	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{407408d4-94ed-4d86-ab69-a7f649d112ee}]

	<Media Center><%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

	<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]

	<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]

	<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

	<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

	<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]

	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]

	<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]

	<N/A><c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]

[HKEY_CURRENT_USER\Control Panel\Desktop]

	<SCRNSAVE.EXE><C:\WINDOWS\system32\logon.scr>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

	<Aim6><; >  [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

	<DLA><; C:\WINDOWS\System32\DLA\DLACTRLW.EXE>  [Sonic Solutions]

	<DVDLauncher><; "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe">  [CyberLink Corp.]

	<Easy Dock><; >  [N/A]

	<ehTray><; C:\WINDOWS\ehome\ehtray.exe>  [(Verified)Microsoft Windows Publisher]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

	<H/PC Connection Agent><; "C:\Program Files\Microsoft ActiveSync\wcescomm.exe">  [(Verified)Microsoft Corporation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

	<hcsystray><; >  [N/A]

	<ISUSPM Startup><; c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup>  [InstallShield Software Corporation]

	<ISUSScheduler><; "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start>  [InstallShield Software Corporation]

	<iTunesHelper><; "C:\Program Files\iTunes\iTunesHelper.exe">  [(Verified)Apple Inc.]

	<KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  [File is missing]

	<medicsp2><; C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2>  [(Verified)"SupportSoft, Inc."]

	<NoteBurner><; >  [N/A]

	<QuickTime Task><; "C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Inc.]

	<SunJavaUpdateSched><; C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe>  [Sun Microsystems, Inc.]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

	<swg><; >  [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

	<Zune Launcher><; "c:\Program Files\Zune\ZuneLauncher.exe">  [(Verified)Microsoft Corporation]



==================================

Startup Folders

N/A



==================================

Services

[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]

  <"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple Inc.>

[Bonjour Service / Bonjour Service][Running/Auto Start]

  <"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Inc.>

[CaCCProvSP / CaCCProvSP][Running/Manual Start]

  <"C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe"><CA, Inc.>

[CAISafe / CAISafe][Running/Auto Start]

  <C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe><Computer Associates International, Inc.>

[CopySafe Helper Service / CSHelper][Running/Auto Start]

  <C:\WINDOWS\system32\CSHelper.exe><N/A>

[Human Interface Device Access / HidServ][Stopped/Disabled]

  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>

[iPod Service / iPod Service][Running/Manual Start]

  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>

[CA Pest Patrol Realtime Protection Service / ITMRTSVC][Running/Auto Start]

  <"C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe"><CA, Inc.>

[MHN / MHN][Stopped/Manual Start]

  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\mhn.dll><Microsoft Corporation>

[PPCtlPriv / PPCtlPriv][Running/Manual Start]

  <"C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe"><CA, Inc.>

[SupportSoft Sprocket Service (medicsp2) / sprtsvc_medicsp2][Running/Auto Start]

  <C:\Program Files\twc\medicsp2\bin\sprtsvc.exe /service /p medicsp2><SupportSoft, Inc.>

[HIPS Event Manager / UmxAgent][Running/Auto Start]

  <"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe"><CA>

[HIPS Configuration Interpreter / UmxCfg][Running/Auto Start]

  <"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe"><CA>

[HIPS Firewall Helper / UmxFwHlp][Running/Auto Start]

  <"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe"><CA>

[HIPS Policy Manager / UmxPol][Running/Auto Start]

  <"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe"><CA>

[VET Message Service / VETMSGNT][Running/Auto Start]

  <C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe><CA, Inc.>

[Dell Wireless WLAN Tray Service / wltrysvc][Running/Auto Start]

  <C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe><N/A>

[Lavasoft Ad-Aware Service / aawservice][Running/Auto Start]

  <"C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"><Lavasoft>



==================================

Drivers

[Dell Wireless WLAN Card Driver / BCM43XX][Running/Manual Start]

  <system32\DRIVERS\bcmwl5.sys><Broadcom Corporation>

[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]

  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>

[CDAVFS / CDAVFS][Stopped/Manual Start]

  <system32\DRIVERS\CDAVFS.sys><N/A>

[DLABOIOM / DLABOIOM][Running/Auto Start]

  <System32\DLA\DLABOIOM.SYS><Sonic Solutions>

[DLACDBHM / DLACDBHM][Running/System Start]

  <System32\Drivers\DLACDBHM.SYS><Sonic Solutions>

[DLADResN / DLADResN][Running/Auto Start]

  <System32\DLA\DLADResN.SYS><Sonic Solutions>

[DLAIFS_M / DLAIFS_M][Running/Auto Start]

  <System32\DLA\DLAIFS_M.SYS><Sonic Solutions>

[DLAOPIOM / DLAOPIOM][Running/Auto Start]

  <System32\DLA\DLAOPIOM.SYS><Sonic Solutions>

[DLAPoolM / DLAPoolM][Running/Auto Start]

  <System32\DLA\DLAPoolM.SYS><Sonic Solutions>

[DLARTL_N / DLARTL_N][Running/System Start]

  <System32\Drivers\DLARTL_N.SYS><Sonic Solutions>

[DLAUDFAM / DLAUDFAM][Running/Auto Start]

  <System32\DLA\DLAUDFAM.SYS><Sonic Solutions>

[DLAUDF_M / DLAUDF_M][Running/Auto Start]

  <System32\DLA\DLAUDF_M.SYS><Sonic Solutions>

[DRVMCDB / DRVMCDB][Running/Boot Start]

  <\SystemRoot\System32\Drivers\DRVMCDB.SYS><Sonic Solutions>

[DRVNDDM / DRVNDDM][Running/Auto Start]

  <System32\Drivers\DRVNDDM.SYS><Sonic Solutions>

[dvd43llh / dvd43llh][Running/Manual Start]

  <System32\DRIVERS\dvd43llh.sys><RIF>

[GEAR ASPI Filter Driver / GEARAspiWDM][Running/Manual Start]

  <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>

[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]

  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>

[HSF_DPV / HSF_DPV][Running/Manual Start]

  <system32\DRIVERS\HSX_DPV.sys><Conexant Systems, Inc.>

[HSXHWAZL / HSXHWAZL][Running/Manual Start]

  <system32\DRIVERS\HSXHWAZL.sys><Conexant Systems, Inc.>

[ialm / ialm][Running/Manual Start]

  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>

[KmxAgent / KmxAgent][Running/System Start]

  <System32\DRIVERS\kmxagent.sys><CA>

[KmxCF / KmxCF][Running/Auto Start]

  <System32\DRIVERS\KmxCF.sys><CA>

[KmxCfg / KmxCfg][Running/Manual Start]

  <System32\DRIVERS\kmxcfg.sys><CA>

[KmxFile / KmxFile][Running/System Start]

  <System32\DRIVERS\KmxFile.sys><CA>

[KmxFw / KmxFw][Running/System Start]

  <System32\DRIVERS\kmxfw.sys><CA>

[KmxSbx / KmxSbx][Running/Auto Start]

  <System32\DRIVERS\KmxSbx.sys><CA>

[KmxStart / KmxStart][Running/Boot Start]

  <\SystemRoot\System32\DRIVERS\kmxstart.sys><CA>

[mdmxsdk / mdmxsdk][Running/Auto Start]

  <system32\DRIVERS\mdmxsdk.sys><Conexant>

[MHN driver / MHNDRV][Stopped/Manual Start]

  <system32\DRIVERS\mhndrv.sys><Microsoft Corporation>

[ntcdrdrv / ntcdrdrv][Stopped/Boot Start]

  <\SystemRoot\system32\DRIVERS\ntcdrdrv.sys><N/A>

[ZTekWare Original CD Emulator Service / OCDE][Stopped/Boot Start]

  <\SystemRoot\System32\Drivers\OCDE.sys><N/A>

[OMCI / OMCI][Running/System Start]

  <\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS><Dell Computer Corporation>

[Direct Parallel Link Driver / Ptilink][Running/Manual Start]

  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>

[PxHelp20 / PxHelp20][Running/Boot Start]

  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>

[rimmptsk / rimmptsk][Running/Manual Start]

  <system32\DRIVERS\rimmptsk.sys><REDC>

[rimsptsk / rimsptsk][Running/Manual Start]

  <system32\DRIVERS\rimsptsk.sys><REDC>

[Ricoh xD-Picture Card Driver / rismxdp][Running/Manual Start]

  <system32\DRIVERS\rixdptsk.sys><REDC>

[Secdrv / Secdrv][Stopped/Manual Start]

  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>

[SigmaTel High Definition Audio CODEC / STHDA][Running/Manual Start]

  <system32\drivers\sthda.sys><SigmaTel, Inc.>

[Conexant Setup API / UIUSys][Stopped/Manual Start]

  <system32\DRIVERS\UIUSYS.SYS><N/A>

[Apple Mobile USB Driver / USBAAPL][Stopped/Manual Start]

  <System32\Drivers\usbaapl.sys><Apple, Inc.>

[winachsf / winachsf][Running/Manual Start]

  <system32\DRIVERS\HSX_CNXT.sys><Conexant Systems, Inc.>



==================================

Browser Add-ons

[AcroIEHlprObj Class]

  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>

[]

  {243B17DE-77C7-46BF-B94B-0B5F309A0E64} <C:\Program Files\Microsoft Money\System\mnyside.dll, Microsoft Corporation>

[DriveLetterAccess]

  {5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\System32\DLA\DLASHX_W.DLL, Sonic Solutions>

[SSVHelper Class]

  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>

[]

  {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} <, >

[Java Plug-in]

  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>

[Create Mobile Favorite]

  {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MICROS~4\INetRepl.dll, (Signed) Microsoft Corporation>

[Create Mobile Favorite]

  {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MICROS~4\INetRepl.dll, (Signed) Microsoft Corporation>

[]

  {85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A>

[]

  {E023F504-0C5A-4750-A1E7-A9046DEA8A21} <C:\Program Files\Microsoft Money\System\mnyside.dll, Microsoft Corporation>

[]

  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>

[Messenger]

  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>

[QuickTime Object]

  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>

[Facebook Photo Uploader 5 Control]

  {0CCA191D-13A6-4E29-B746-314DEE697D83} <C:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx, (Signed) The Facebook>

[]

  {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} <C:\Program Files\Virtual Earth 3D\SentinelVirtualEarth3D.dll, (Signed) Microsoft Corporation.>

[Shockwave ActiveX Control]

  {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\Adobe\Director\SwDir.dll, (Signed) Adobe Systems, Inc.>

[Symantec AntiVirus scanner]

  {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} <C:\WINDOWS\Downloaded Program Files\avsniff.dll, (Signed) Symantec Corporation>

[Snapfish Activia]

  {406B5949-7190-4245-91A9-30A17DE16AD0} <C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx, Snapfish>

[BDSCANONLINE Control]

  {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\DOWNLO~1\oscan82.ocx, BitDefender>

[Oracle JInitiator 1.1.8.18]

  {5e2a3510-4371-11d6-b64c-00c04faedb18} <C:\Program Files\Oracle\JInitiator 1.1.8.19\bin\beans.ocx, Oracle Corporation>

[Windows Live Safety Center Base Module]

  {5ED80217-570B-4DA9-BF44-BE107C0EC166} <C:\WINDOWS\Downloaded Program Files\wlscBase.dll, (Signed) Microsoft Corporation>

[Symantec RuFSI Utility Class]

  {644E432F-49D3-41A1-8DD5-E099162EEEC5} <C:\WINDOWS\Downloaded Program Files\rufsi.dll, (Signed) Symantec Corporation>

[Groove Control]

  {77E32299-629F-43C6-AB77-6A1E6D7663F6} <C:\WINDOWS\Downloaded Program Files\GrooveAX.dll, (Signed) The Groove Alliance>

[Facebook Photo Uploader 5 Control]

  {8100D56A-5661-482C-BEE8-AFECE305D968} <C:\WINDOWS\Downloaded Program Files\PhotoUploader55.ocx, (Signed) The Facebook>

[Java Plug-in]

  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>

[]

  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >

[cpbrkpie Control]

  {9522B3FB-7A2B-4646-8AF6-36E7F593073C} <C:\WINDOWS\COUPON~1.OCX, (Signed) >

[InetDownload Class]

  {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} <C:\WINDOWS\Downloaded Program Files\WMDownload.dll, Approach Inc.>

[View22RTE Class]

  {BCBC9371-595D-11D4-A96D-00105A1CEF6C} <C:\WINDOWS\Downloaded Program Files\View22RTE.dll, View22>

[Java Plug-in]

  {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>

[Java Plug-in 1.5.0_06]

  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll, Sun Microsystems, Inc.>

[Shockwave Flash Object]

  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>

[CTAdjust Class]

  {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} <C:\WINDOWS\Downloaded Program Files\clearadjust.dll, >

[]

  {01111C00-3E00-11D2-8470-0060089874ED} <, >

[QuickTime Object]

  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>

[MetaStreamCtl Class]

  {03F998B2-0E00-11D3-A498-00104B6EB52E} <C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll, Viewpoint Corporation>

[ActiveMovieControl Object]

  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>

[AcroIEHlprObj Class]

  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>

[]

  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >

[Facebook Photo Uploader 5 Control]

  {0CCA191D-13A6-4E29-B746-314DEE697D83} <C:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx, (Signed) The Facebook>

[ArtistScope Control]

  {0CD74ED1-A8A0-43CF-91C6-FB5C10B93460} <C:\PROGRA~1\INTERN~1\plugins\ARTIST~1.OCX, (Signed) ArtistScope>

[]

  {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} <C:\Program Files\Virtual Earth 3D\SentinelVirtualEarth3D.dll, (Signed) Microsoft Corporation.>

[InformationCardSigninHelper Class]

  {19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, (Signed) Microsoft Corporation>

[MetaStreamCtl Class]

  {1B00725B-C455-4DE6-BFB6-AD540AD427CD} <C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll, Viewpoint Corporation>

[Windows Media Player]

  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>

[Shockwave ActiveX Control]

  {233C1507-6A77-46A4-9443-F871F945D258} <C:\WINDOWS\system32\Adobe\Director\SwDir.dll, (Signed) Adobe Systems, Inc.>

[]

  {243B17DE-77C7-46BF-B94B-0B5F309A0E64} <C:\Program Files\Microsoft Money\System\mnyside.dll, Microsoft Corporation>

[HTML Document]

  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>

[XML DOM Document]

  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>

[XSL Template]

  {2933BF94-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>

[Symantec AntiVirus scanner]

  {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} <C:\WINDOWS\Downloaded Program Files\avsniff.dll, (Signed) Symantec Corporation>

[DHTML Edit Control Safe for Scripting for IE5]

  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>

[]

  {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <, >

[]

  {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <, >

[HtmlDlgSafeHelper Class]

  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, (Signed) Microsoft Corporation>

[SentinelProxy Class]

  {3BB1D69B-A780-4BE1-876E-F3D488877135} <C:\Program Files\Virtual Earth 3D\SentinelVirtualEarth3DProxy.dll, (Signed) Microsoft Corporation>

[QuickTime Object]

  {4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>

[Snapfish Activia]

  {406B5949-7190-4245-91A9-30A17DE16AD0} <C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx, Snapfish>

[XML Document]

  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>

[EPUImageControl Class]

  {4C39376E-FA9D-4349-BACC-D305C1750EF3} <C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll, (Signed) eBay, Inc.>

[Microsoft Terminal Services Client Control (redist)]

  {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, (Signed) N/A>

[Microsoft Terminal Services Client Control (redist)]

  {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, (Signed) N/A>

[Glassbook Detecter Class]

  {4F878398-E58A-11D3-BEE9-00C04FA0D6BA} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\GbDetect.dll, Adobe Systems Incorporated>

[]

  {549F957E-2F89-11D6-8CFE-00C04F52B225} <, >

[Shell Name Space]

  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>

[isInstalled Class]

  {5852F5ED-8BF4-11D4-A245-0080C6F74284} <C:\Program Files\Java\jre1.5.0_06\bin\JavaWebStart.dll, Sun Microsystems, Inc.>

[DriveLetterAccess]

  {5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\System32\DLA\DLASHX_W.DLL, Sonic Solutions>

[BDSCANONLINE Control]

  {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\DOWNLO~1\oscan82.ocx, BitDefender>

[Oracle JInitiator 1.1.8.18]

  {5E2A3510-4371-11D6-B64C-00C04FAEDB18} <C:\Program Files\Oracle\JInitiator 1.1.8.19\bin\beans.ocx, Oracle Corporation>

[Windows Live Safety Center Base Module]

  {5ED80217-570B-4DA9-BF44-BE107C0EC166} <C:\WINDOWS\Downloaded Program Files\wlscBase.dll, (Signed) Microsoft Corporation>

[WUWebControl Class]

  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>

[Symantec RuFSI Utility Class]

  {644E432F-49D3-41A1-8DD5-E099162EEEC5} <C:\WINDOWS\Downloaded Program Files\rufsi.dll, (Signed) Symantec Corporation>

[Microsoft Shell UI Helper]

  {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>

[DivXBrowserPlugin Object]

  {67DABFBF-D0AB-41FA-9C46-CC0F21721616} <C:\Program Files\DivX\DivX Web Player\npdivx32.dll, DivX,Inc.>

[Microsoft.MapPoint.MapControl3D.MapControl]

  {68BFC611-B963-4E8C-B0FE-0DD4FB832796} <mscoree.dll, Microsoft Corporation>

[Windows Media Player]

  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>

[Active Desktop Mover]

  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>

[Microsoft Terminal Services Client Control (redist)]

  {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, (Signed) N/A>

[Microsoft Terminal Services Client Control (redist)]

  {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, (Signed) N/A>

[SSVHelper Class]

  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>

[Facebook Photo Uploader 5 Control]

  {8100D56A-5661-482C-BEE8-AFECE305D968} <C:\WINDOWS\Downloaded Program Files\PhotoUploader55.ocx, (Signed) The Facebook>

[]

  {85D1F590-48F4-11D9-9669-0800200C9A66} <, >

[Microsoft Web Browser]

  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>

[XML DOM Document 4.0]

  {88D969C0-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>

[Free Threaded XML DOM Document 4.0]

  {88D969C1-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>

[XSL Template 4.0]

  {88D969C3-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>

[XML HTTP 4.0]

  {88D969C5-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>

[XML DOM Document 6.0]

  {88D96A05-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>

[Free Threaded XML DOM Document 6.0]

  {88D96A06-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>

[XSL Template 6.0]

  {88D96A08-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>

[XML HTTP 6.0]

  {88D96A0A-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>

[]

  {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} <, >

[Java Plug-in]

  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>

[Windows Live Safety Center Control Module]

  {8E5C8BEE-1887-414C-8AC9-7C3951F28476} <C:\Program Files\Windows Live Safety Center\wlscCtrl.dll, (Signed) Microsoft Corporation>

[Microsoft Terminal Services Client Control (redist)]

  {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, (Signed) N/A>

[]

  {94148DB5-B42D-4915-95DA-2CBB4F7095BF} <, >

[cpbrkpie Control]

  {9522B3FB-7A2B-4646-8AF6-36E7F593073C} <C:\WINDOWS\COUPON~1.OCX, (Signed) >

[CDIGStreamClientInfo Object]

  {AAF15A90-F3EC-4FEE-9A00-F65B25B83D05} <C:\Program Files\DIGStream\locator.dll, Walt Disney Internet Group>

[SearchAssistantOC]

  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>

[RDS.DataSpace]

  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>

[]

  {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} <, >

[EPUImageControl Class]

  {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} <C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll, (Signed) eBay, Inc.>

[Adobe Acrobat Control for ActiveX]

  {CA8A9780-280D-11CF-A24D-444553540000} <C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\pdf.ocx, (Signed) Adobe Systems Incorporated>

[AUDIO__MID Moniker Class]

  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>

[AUDIO__MP3 Moniker Class]

  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>

[AUDIO__WAV Moniker Class]

  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>

[VIDEO__X_MS_ASF Moniker Class]

  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>

[VIDEO__X_MS_WMV Moniker Class]

  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>

[Microsoft Url Search Hook]

  {CFBFAE00-17A6-11D0-99CB-00C04FD64497} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>

[Msxml]

  {CFC399AF-D876-11D0-9C10-00C04FC99C8E} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>

[Shockwave Flash Object]

  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>

[iTunesDetector Class]

  {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} <C:\Program Files\iTunes\ITDetector.ocx, (Signed) Apple Inc.>

[CTAdjust Class]

  {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} <C:\WINDOWS\Downloaded Program Files\clearadjust.dll, >

[QuickTimeCheck Class]

  {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, (Signed) Apple Inc.>

[Microsoft Silverlight]

  {DFEAF541-F3E1-4C24-ACAC-99C30715084A} <c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll, (Signed)  Microsoft Corporation>

[]

  {E023F504-0C5A-4750-A1E7-A9046DEA8A21} <, >

[]

  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >

[]

  {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} <"C:\Documents and Settings\Ann\Application Data\Move Networks\ie_bin\qsp2ie071303000006.dll", N/A>

[]

  {e473a65c-8087-49a3-affd-c5bc4a10669b} <"C:\Documents and Settings\Ann\Application Data\Move Networks\ie_bin\qsp2ie071303000006.dll", N/A>

[WebViewFolderIcon Class]

  {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} <C:\WINDOWS\system32\webvw.dll, (Signed) Microsoft Corporation>

[XML HTTP Request]

  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>

[Scripting.Dictionary]

  {EE09B103-97E0-11CF-978F-00A02463E06F} <C:\WINDOWS\system32\scrrun.dll, (Signed) Microsoft Corporation>

[XML DOM Document 3.0]

  {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>

[Free Threaded XML DOM Document 3.0]

  {F5078F33-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>

[XML HTTP 3.0]

  {F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>

[XSL Template 3.0]

  {F5078F36-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>

[XML DOM Document]

  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>

[Free Threaded XML DOM Document]

  {F6D90F12-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>

[XML HTTP]

  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>

[]

  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >

[]

  {fc345d4c-b8f4-4674-bff7-3c37d2e535ee} <"C:\Documents and Settings\Ann\Application Data\Move Networks\ie_bin\qsp2ie071303000006.dll", N/A>

[]

  {fd6484ed-ebe3-4c3d-938a-8238003b41b7} <"C:\Documents and Settings\Ann\Application Data\Move Networks\ie_bin\qsp2ie071303000006.dll", N/A>

[]

  {FDD3B846-8D59-4FFB-8758-209B6AD74ACC} <, >



==================================

Running Processes

[PID: 876 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID: 940 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID: 964 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]

	[C:\WINDOWS\system32\UmxWnp.Dll]  [CA, 6, 0, 0, 5]

	[C:\WINDOWS\System32\BCMLogon.dll]  [Broadcom Corporation, 4.10.47.3]

	[C:\WINDOWS\System32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]

[PID: 1008 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]

[PID: 1020 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]

	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

[PID: 1216 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]

[PID: 1280 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]

[PID: 1320 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]

[PID: 1360 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]

[PID: 1408 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]

[PID: 1504 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]

[PID: 1796 / SYSTEM][C:\WINDOWS\System32\WLTRYSVC.EXE]  [N/A, ]

[PID: 1808 / SYSTEM][C:\WINDOWS\System32\bcmwltry.exe]  [Dell Inc., 4.10.47.3]

	[C:\WINDOWS\System32\bcm1xsup.dll]  [N/A, ]

	[C:\WINDOWS\System32\bcmwlpkt.dll]  [CACE Technologies, 3, 1, 0, 27]

	[C:\WINDOWS\System32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]

	[C:\WINDOWS\System32\atl71.dll]  [Microsoft Corporation, 7.10.3077.0]

	[C:\WINDOWS\System32\wltrynt.dll]  [Broadcom Corporation, 4.10.47.3]

[PID: 1856 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]

	[C:\WINDOWS\system32\custmon32.dll]  [N/A, ]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]

	[C:\WINDOWS\system32\icm32.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]

[PID: 1868 / SYSTEM][C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe]  [CA, 1.0.2.183]

	[C:\Program Files\CA\SharedComponents\HIPSEngine\UmxXmlSd.dll]  [CA, 1.2.0.202]

	[C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPthEx.dll]  [CA, 1.0.0.32]

[PID: 1908 / SYSTEM][C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe]  [CA, 6.5.5.6]

	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

[PID: 1964 / SYSTEM][C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe]  [CA, 6.0.0.47]

[PID: 1996 / SYSTEM][C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe]  [CA, 6, 0, 1, 202]

	[C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwCli.dll]  [CA, 6.5.4.7]

[PID: 1224 / Ann][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll]  [Malwarebytes Corporation, 1, 2, 0, 0]

	[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\avshlext.dll]  [CA, Inc., Version 8.4.0.28]

	[C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.1.2003110300]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]

	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4446]

	[C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.4446]

	[C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4446]

	[C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4446]

	[C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4446]

[PID: 1456 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]

[PID: 1400 / Ann][C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe]  [CA, Inc., Version 9.1.0.38]

	[C:\Program Files\CA\CA Internet Security Suite\ccpriv.dll]  [Computer Associates International, Inc., Version 3.2.1.19]

	[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrm.dll]  [CA, Inc., Version 3.2.1.21]

	[C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafwProduct.dll]  [CA, Inc., Version 9.1.0.38]

	[C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafwResource.dll]  [CA, Inc., Version 9.1.0.38]

	[C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafwImages.dll]  [CA, Inc., Version 9.1.0.38]

	[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrmRes.dll]  [CA, Inc., Version 3.2.1.19]

	[C:\Program Files\CA\SharedComponents\HIPSEngine\UmxEventCli.dll]  [CA, 1, 0, 0, 40]

[PID: 1568 / SYSTEM][C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe]  [Apple Inc., 2.12.33.0]

	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

[PID: 1588 / SYSTEM][C:\Program Files\Bonjour\mDNSResponder.exe]  [Apple Inc., 1,0,5,11]

	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

[PID: 1616 / SYSTEM][C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafServ.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\WINDOWS\system32\iSafProd.dll]  [CA, Inc., Version 8.4.0.28]

	[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\Arclib.dll]  [CA, Inc., 8.1.4.0]

	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafeEngine.dll]  [CA, Inc., Version 31.6.0.0]

[PID: 1672 / SYSTEM][C:\WINDOWS\system32\CSHelper.exe]  [N/A, ]

	[C:\WINDOWS\system32\CSInstru.dll]  [Art Dept (nsw) Pty Ltd, 3, 1, 2, 5]

[PID: 1960 / SYSTEM][C:\WINDOWS\eHome\ehRecvr.exe]  [Microsoft Corporation, 5.1.2715.2773 (xpsp(wmbla).051011-0745)]

	[C:\WINDOWS\system32\sbe.dll]  [, ]

	[C:\WINDOWS\system32\quartz.dll]  [, ]

	[C:\WINDOWS\system32\devenum.dll]  [, ]

	[C:\WINDOWS\system32\msdmo.dll]  [, ]

[PID: 188 / SYSTEM][C:\WINDOWS\eHome\ehSched.exe]  [(Verified) Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1239)]

	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

[PID: 332 / SYSTEM][C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\Common Files\Scanner\ppctl.dll]  [CA, 5.6.9.5]

[PID: 640 / SYSTEM][C:\Program Files\twc\medicsp2\bin\sprtsvc.exe]  [SupportSoft, Inc., 6,9,2018,0]

	[C:\Program Files\twc\medicsp2\bin\sprtsched.dll]  [SupportSoft, Inc., 6,9,2018,0]

	[C:\Program Files\twc\medicsp2\bin\sprtsync.dll]  [SupportSoft, Inc., 6,9,2018,0]

	[C:\Program Files\twc\medicsp2\bin\LIBEAY32.dll]  [The OpenSSL Project, http://www.openssl.org/, 0.9.8b]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]

	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

[PID: 728 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]

[PID: 796 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]

[PID: 676 / SYSTEM][C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe]  [CA, Inc., Version 8.4.0.28]

	[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\DriverIf.dll]  [CA, Inc., Version 8.4.0.28]

	[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetNtMsg.dll]  [CA, Inc., Version 8.4.0.28]

	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

[PID: 1604 / SYSTEM][c:\WINDOWS\system32\ZuneBusEnum.exe]  [Microsoft Corporation, 3.1.620.0 (ZUNE_DORADO_V3.01_RTM(pegblder).081110-1150)]

	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

[PID: 2128 / LOCAL SERVICE][C:\WINDOWS\ehome\mcrdsvc.exe]  [Microsoft Corporation, 4.1.2710.2732 (xpsp(wmbla).050805-1239)]

	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

[PID: 2588 / Ann][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]

[PID: 2628 / Ann][C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe]  [CA, Inc., Version 3.2.1.19]

	[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrm.dll]  [CA, Inc., Version 3.2.1.21]

	[C:\Program Files\CA\CA Internet Security Suite\ccissImg.dll]  [CA, Inc., Version 3.2.1.19]

	[C:\Program Files\CA\CA Internet Security Suite\ccissPrd.dll]  [CA, Inc., Version 3.2.1.19]

	[C:\Program Files\CA\CA Internet Security Suite\ccissRes.dll]  [CA, Inc., Version 3.2.1.19]

	[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrmRes.dll]  [CA, Inc., Version 3.2.1.19]

	[C:\Program Files\CA\CA Internet Security Suite\cctray\cafwsystrayapi.dll]  [CA, Inc., Version 9.1.0.38]

	[C:\Program Files\CA\CA Internet Security Suite\cctray\cctrayaspyplugin.dll]  [CA, Inc., 9, 0, 0, 9]

	[C:\Program Files\CA\CA Internet Security Suite\cctray\cctrayavplugin.dll]  [CA, Inc., Version 8.4.0.28]

	[C:\Program Files\CA\CA Internet Security Suite\cctray\cctrayissplugin.dll]  [CA, Inc., Version 3.2.1.20]

	[C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafwProduct.dll]  [CA, Inc., Version 9.1.0.38]

	[C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafwResource.dll]  [CA, Inc., Version 9.1.0.38]

	[C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafwImages.dll]  [CA, Inc., Version 9.1.0.38]

	[C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\ePFBPLMA.dll]  [CA, Inc., Version 9.1.0.38]

	[C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\caAspyConst.dll]  [CA, Inc., 9.1.0.22]

	[C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\caAspyResource.dll]  [CA, Inc., 9.1.0.22]

	[C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\caAspyImages.dll]  [CA, Inc., 9.1.0.22]

	[C:\Program Files\CA\CA Internet Security Suite\caaspyinterface.dll]  [CA, Inc., 9.1.0.22]

	[C:\Program Files\CA\CA Internet Security Suite\ccpriv.dll]  [Computer Associates International, Inc., Version 3.2.1.19]

	[C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAISSLicMod.dll]  [CA, 1, 0, 0, 4]

	[C:\Program Files\CA\CA Internet Security Suite\EZAVLIC.DLL]  [CA, Inc., Version 3.2.1.19]

	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\driverif.dll]  [CA, Inc., Version 8.4.0.28]

	[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\caavProduct.dll]  [CA, Inc., Version 8.4.0.28]

	[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\caavResource.dll]  [CA, Inc., Version 8.4.0.28]

	[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\caavImages.dll]  [CA, Inc., Version 8.4.0.28]

	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\Program Files\CA\CA Internet Security Suite\calic.dll]  [CA, Inc., Version 3.2.1.19]

	[C:\Program Files\CA\CA Internet Security Suite\License.dll]  [N/A, ]

	[C:\Program Files\CA\CA Internet Security Suite\caissresource.dll]  [CA, Inc., Version 3.2.1.19]

	[C:\Program Files\CA\CA Internet Security Suite\caISSImages.dll]  [CA, Inc., Version 3.2.1.19]

	[C:\Program Files\CA\CA Internet Security Suite\caISSProduct.dll]  [CA, Inc., Version 3.2.1.19]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]

	[C:\Program Files\CA\CA Internet Security Suite\CCUpdIf.dll]  [CA, Inc., Version 3.2.1.19]

[PID: 2744 / Ann][C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe]  [CA, Inc., Version 8.4.0.28]

	[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrm.dll]  [CA, Inc., Version 3.2.1.21]

	[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\caavProduct.dll]  [CA, Inc., Version 8.4.0.28]

	[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\caavResource.dll]  [CA, Inc., Version 8.4.0.28]

	[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\caavImages.dll]  [CA, Inc., Version 8.4.0.28]

	[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrmRes.dll]  [CA, Inc., Version 3.2.1.19]

[PID: 2932 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]

	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

[PID: 3040 / Ann][C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe]  [CA, Inc., Version 9.1.0.38]

	[C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\ePFBPLASE.dll]  [CA, Inc., Version 9.1.0.38]

	[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrm.dll]  [CA, Inc., Version 3.2.1.21]

	[C:\Program Files\CA\CA Internet Security Suite\ccpriv.dll]  [Computer Associates International, Inc., Version 3.2.1.19]

	[C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafwProduct.dll]  [CA, Inc., Version 9.1.0.38]

	[C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafwResource.dll]  [CA, Inc., Version 9.1.0.38]

	[C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafwImages.dll]  [CA, Inc., Version 9.1.0.38]

	[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrmRes.dll]  [CA, Inc., Version 3.2.1.19]

	[C:\Program Files\CA\SharedComponents\HIPSEngine\UmxEventCli.dll]  [CA, 1, 0, 0, 40]

	[C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPthEx.dll]  [CA, 1.0.0.32]

	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

[PID: 3308 / SYSTEM][C:\WINDOWS\system32\dllhost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]

[PID: 3320 / Ann][C:\WINDOWS\system32\WLTRAY.exe]  [Dell Inc., 4.10.47.3]

	[C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]

	[C:\WINDOWS\system32\atl71.dll]  [Microsoft Corporation, 7.10.3077.0]

[PID: 3448 / Ann][C:\WINDOWS\system32\igfxpers.exe]  [Intel Corporation, 3.0.0.4446]

	[C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4446]

[PID: 3552 / Ann][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4446]

	[C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4446]

	[C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4446]

	[C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4446]

[PID: 3616 / Ann][C:\WINDOWS\stsystra.exe]  [SigmaTel, Inc., 1.0.4995.1  nd446 cp1]

	[C:\WINDOWS\system32\STLang.dll]  [SigmaTel, Inc., 1.1.4991.0  nd229 cp1]

	[C:\WINDOWS\system32\stacapi.dll]  [SigmaTel, Inc., 1.0.4995.1  nd446 cp1]

[PID: 3676 / Ann][C:\Program Files\dvd43\dvd43_tray.exe]  [, 3.9.0.0]

[PID: 3868 / Ann][C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAPPActiveProtection.exe]  [CA, Inc., 9, 1, 0, 2]

	[C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\ITMRTAPI.dll]  [CA, Inc., 1.1.0.32]

	[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrm.dll]  [CA, Inc., Version 3.2.1.21]

	[C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\caAspyConst.dll]  [CA, Inc., 9.1.0.22]

	[C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\caAspyResource.dll]  [CA, Inc., 9.1.0.22]

	[C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\caAspyImages.dll]  [CA, Inc., 9.1.0.22]

	[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrmRes.dll]  [CA, Inc., Version 3.2.1.19]

	[C:\Program Files\CA\CA Internet Security Suite\ccpriv.dll]  [Computer Associates International, Inc., Version 3.2.1.19]

	[C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAISSLicMod.dll]  [CA, 1, 0, 0, 4]

	[C:\Program Files\CA\CA Internet Security Suite\EZAVLIC.DLL]  [CA, Inc., Version 3.2.1.19]

	[C:\Program Files\CA\CA Internet Security Suite\calic.dll]  [CA, Inc., Version 3.2.1.19]

	[C:\Program Files\CA\CA Internet Security Suite\License.dll]  [N/A, ]

	[C:\Program Files\Common Files\Scanner\ppctl.dll]  [CA, 5.6.9.5]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]

[PID: 3876 / SYSTEM][C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe]  [CA, Inc., 9.1.0.9]

	[C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\ITMRTAPI.dll]  [CA, Inc., 1.1.0.32]

[PID: 3928 / Ann][C:\Program Files\iTunes\iTunesHelper.exe]  [Apple Inc., 8.0.2.20]

	[C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL]  [Apple Inc., 8.0.2.20]

	[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL]  [Apple Inc., 8.0.2.20]

	[C:\Program Files\QuickTime\QTSystem\QuickTime.qts]  [Apple Inc., 7.5.5 (990.7)]

	[C:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll]  [Apple Inc., 185.11.0.10]

	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

[PID: 532 / Ann][C:\WINDOWS\system32\igfxsrvc.exe]  [Intel Corporation, 3.0.0.4446]

	[C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4446]

	[C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.4446]

[PID: 636 / SYSTEM][C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe]  [CA, Inc., Version 3.2.1.19]

[PID: 1884 / Ann][C:\Program Files\Zune\ZuneLauncher.exe]  [Microsoft Corporation, 3.1.620.0 (ZUNE_DORADO_V3.01_RTM(pegblder).081110-1150)]

[PID: 2496 / Ann][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.3001]

[PID: 1740 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]

[PID: 2596 / Ann][C:\Program Files\Microsoft ActiveSync\wcescomm.exe]  [Microsoft Corporation, 4.5.5096.0]

	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

[PID: 3356 / SYSTEM][C:\Program Files\iPod\bin\iPodService.exe]  [Apple Inc., 8.0.2.20]

	[C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL]  [Apple Inc., 8.0.2.20]

	[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL]  [Apple Inc., 8.0.2.20]

[PID: 496 / Ann][C:\PROGRA~1\MICROS~4\rapimgr.exe]  [Microsoft Corporation, 4.5.5096.0]

	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

[PID: 772 / Ann][C:\WINDOWS\system32\wscntfy.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]

[PID: 1128 / SYSTEM][C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe]  [Lavasoft, 7,1,0,12]

	[C:\Program Files\Lavasoft\Ad-Aware\CEAPI.dll]  [Lavasoft, 7,1,0,13]

	[C:\Program Files\Lavasoft\Ad-Aware\PKArchive85u.dll]  [PKWARE, Inc., 8.4.1045.0]

[PID: 364 / Ann][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]

	[C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4446]

	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

[PID: 3496 / Ann][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll]  [CA, Inc., 1.1.0.26]

	[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll]  [CA, Inc., 1.1.0.26]

	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]

	[C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.1.2003110300]

	[C:\Program Files\Microsoft Money\System\mnyside.dll]  [Microsoft Corporation, 11.00.0716]

	[C:\Program Files\Microsoft Money\System\misstub.dll]  [Microsoft Corporation, 11.00.0716]

	[C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll]  [Sun Microsystems, Inc., 5.0.60.5]

	[C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx]  [Adobe Systems, Inc., 10,0,22,87]

	[C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4446]

	[C:\Program Files\QuickTime\QTPlugin.ocx]  [Apple Inc., 7.5.5 (990.7)]

	[C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.qtx]  [Apple Inc., 7.5.5 (990.7)]

	[C:\Program Files\QuickTime\QTSystem\QuickTime.qts]  [Apple Inc., 7.5.5 (990.7)]

	[C:\Program Files\QuickTime\QTSystem\CoreVideo.qtx]  [Apple Computer, Inc., 7.5.5 (990.7)]

	[C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.qtx]  [Apple Inc., 7.5.5 (990.7)]

	[C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.qtx]  [Apple Inc., 7.5.5 (990.7)]

	[C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.qtx]  [Apple Inc., 7.6.4]

	[C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.qtx]  [Apple Inc., 7.5.5 (990.7)]

	[C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.qtx]  [Apple Inc., 7.5.5 (990.7)]

	[C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.qtx]  [Apple Inc., 7.5.5 (990.7)]

	[C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.qtx]  [Apple Inc., 7.5.5 (990.7)]

	[C:\Program Files\QuickTime\QTSystem\QuickTimeH264.qtx]  [Apple Inc., 7.5.5 (990.7)]

	[C:\Program Files\QuickTime\QTSystem\QuickTimeImage.qtx]  [Apple Inc., 7.5.5 (990.7)]

	[C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.qtx]  [Apple Inc., 7.5.5 (990.7)]

	[C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.qtx]  [Apple Inc., 7.5.5 (990.7)]

	[C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.qtx]  [Apple Inc., 7.5.5 (990.7)]

	[C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.qtx]  [Apple Inc., 7.5.5 (990.7)]

	[C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.qtx]  [Apple Inc., 7.5.5 (990.7)]

	[C:\Program Files\QuickTime\QTSystem\QuickTimeQD3D.qtx]  [Apple Inc., 7.5.5 (990.7)]

	[C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.qtx]  [Apple Inc., 7.5.5 (990.7)]

	[C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.qtx]  [Apple Inc., 7.5.5 (990.7)]

	[C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.qtx]  [Apple Inc., 7.5.5 (990.7)]

	[C:\Program Files\QuickTime\QTSystem\QuickTimeVR.qtx]  [Apple Inc., 7.5.5 (990.7)]

[PID: 3916 / Ann][C:\Documents and Settings\Ann\Desktop\Sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]

[PID: 820 / Ann][C:\Documents and Settings\Ann\Desktop\Sreng2\SREad9d75ef.EXE]  [Smallfrogs Studio, 2.8.1.1279]

	[C:\Documents and Settings\Ann\Desktop\Sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]

	[C:\WINDOWS\system32\VetRedir.dll]  [Computer Associates International, Inc., Version 8.0.8.0]

	[C:\WINDOWS\system32\ISafeIf.dll]  [Computer Associates International, Inc., Version 8.0.8.0]



==================================

File Associations

.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]

.EXE  OK. ["%1" %*]

.COM  OK. ["%1" %*]

.PIF  OK. ["%1" %*]

.REG  OK. [regedit.exe "%1"]

.BAT  OK. ["%1" %*]

.SCR  OK. ["%1" /S]

.CHM  OK. ["C:\WINDOWS\hh.exe" %1]

.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]

.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.LNK  OK. [{00021401-0000-0000-C000-000000000046}]



==================================

Winsock Provider

CA ISafe LSP over [MSAFD Tcpip [TCP/IP]]

	C:\WINDOWS\system32\VetRedir.dll(Computer Associates International, Inc., CA ISafe LSP DLL)

CA ISafe LSP over [MSAFD Tcpip [UDP/IP]]

	C:\WINDOWS\system32\VetRedir.dll(Computer Associates International, Inc., CA ISafe LSP DLL)

CA ISafe LSP over [MSAFD Tcpip [RAW/IP]]

	C:\WINDOWS\system32\VetRedir.dll(Computer Associates International, Inc., CA ISafe LSP DLL)

CA ISafe LSP

	C:\WINDOWS\system32\VetRedir.dll(Computer Associates International, Inc., CA ISafe LSP DLL)



==================================

Autorun.Inf

N/A



==================================

HOSTS File

127.0.0.1	   localhost



==================================

Process Privileges Scan

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1808, C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1672, C:\WINDOWS\SYSTEM32\CSHELPER.EXE]

Special Privileges Enabled: SeSystemtimePrivilege [PID = 1672, C:\WINDOWS\SYSTEM32\CSHELPER.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3320, C:\WINDOWS\SYSTEM32\WLTRAY.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3616, C:\WINDOWS\STSYSTRA.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3676, C:\PROGRAM FILES\DVD43\DVD43_TRAY.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3916, C:\DOCUMENTS AND SETTINGS\ANN\DESKTOP\SRENG2\SRENGLDR.EXE]



==================================

Scheduled Tasks

[Enabled] CAAntiSpywareScan_Daily as Ann at 4 24 PM.job

		C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAAntiSpyware.exe 

[Enabled] AppleSoftwareUpdate.job

		C:\Program Files\Apple Software Update\SoftwareUpdate.exe 



==================================

Windows Security Update Check

KB892130,  Windows Genuine Advantage Validation Tool (KB892130) 

KB925766,  Update Rollup for Windows XP Media Center Edition 2005 (KB925766) 

KB925850,  Windows Media Player 11 (for Windows Media Center Edition 2005) 

KB940157,  Windows Search 4.0 for Windows XP (KB940157) 

KB943729,  Group Policy Preference Client Side Extensions for Windows XP (KB943729) 

KB909520,  Microsoft Base Smart Card Cryptographic Service Provider Package: x86 (KB909520) 

KB909520,  Zune Software 4.0 

KB909520,  Windows Live Essentials 

KB931125,  Update for Root Certificates [September 2009] (KB931125) 



==================================

API HOOK

N/A



==================================

Hidden Process

N/A



==================================


#6 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:07:17 AM

Posted 27 September 2009 - 06:48 PM

Now that you were successful in creating a System Repair Engineer log you need to post it in our HJT forum:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
Give a brief description and tell them that this log was all you could get to run successfully
The HJT team is extremely busy, so be patient and good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users