Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Error - gasfkyccofnjsu.dll


  • This topic is locked This topic is locked
13 replies to this topic

#1 pculter

pculter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 28 September 2009 - 10:22 AM

Ever since I used Malwarebytes to remove the Windows Police Pro malware, everytime I try and open any program, I get the following error in a Windows pop up box:

The application or DLL globalroot\systemroot\system32\gasfkyccofnjsu.dll is not a valid Windows image. Please check this against your installation diskette.
After I click OK on the window, the program seeems to open up perfectly fine.

Garmanma asked me to create the following System Engineer Repair Log and post in this forum.

Thanking you in advance,
Paul


CODE
2009-09-26,23:45:22

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Running Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan
Scheduled Tasks
Windows Security Update Check
API HOOK
Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows Component Publisher]
<H/PC Connection Agent><"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<Shockwave Updater><C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; Zune 3.0)" -"http://www.cartoonnetwork.com/games/scooby/bayouscooby/index.html"> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<cctray><"C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"> [(Verified)CA]
<CAVRID><"C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"> [(Verified)CA]
<capfupgrade><C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe> [(Verified)CA]
<capfasem><C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe> [(Verified)CA]
<cafwc><C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl> [(Verified)CA]
<Broadcom Wireless Manager UI><C:\WINDOWS\system32\WLTRAY.exe> [Dell Inc.]
<igfxtray><C:\WINDOWS\system32\igfxtray.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<igfxpers><C:\WINDOWS\system32\igfxpers.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SigmatelSysTrayApp><stsystra.exe> [SigmaTel, Inc.]
<dvd43><C:\Program Files\dvd43\dvd43_tray.exe> []
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.]
<iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)Apple Inc.]
<Zune Launcher><"c:\Program Files\Zune\ZuneLauncher.exe"> [(Verified)Microsoft Corporation]
<Malwarebytes Anti-Malware (reboot)><"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript> [(Verified)Malwarebytes Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><C:\WINDOWS\system32\webcheck.dll> [(Verified)Microsoft Windows]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Component Publisher]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
<WinlogonNotify: igfxcui><igfxdev.dll> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
<WinlogonNotify: PFW><UmxWnp.Dll> [(Verified)CA]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<Internet Explorer Version Update><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
<Browser Customizations><"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\KB910393]
<KB910393><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{407408d4-94ed-4d86-ab69-a7f649d112ee}]
<Media Center><%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\system32\logon.scr> [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Aim6><; > [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<DLA><; C:\WINDOWS\System32\DLA\DLACTRLW.EXE> [Sonic Solutions]
<DVDLauncher><; "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"> [CyberLink Corp.]
<Easy Dock><; > [N/A]
<ehTray><; C:\WINDOWS\ehome\ehtray.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<H/PC Connection Agent><; "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<hcsystray><; > [N/A]
<ISUSPM Startup><; c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup> [InstallShield Software Corporation]
<ISUSScheduler><; "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start> [InstallShield Software Corporation]
<iTunesHelper><; "C:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)Apple Inc.]
<KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k> [File is missing]
<medicsp2><; C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2> [(Verified)"SupportSoft, Inc."]
<NoteBurner><; > [N/A]
<QuickTime Task><; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.]
<SunJavaUpdateSched><; C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe> [Sun Microsystems, Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<swg><; > [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Zune Launcher><; "c:\Program Files\Zune\ZuneLauncher.exe"> [(Verified)Microsoft Corporation]

==================================
Startup Folders
N/A

==================================
Services
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
<"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple Inc.>
[Bonjour Service / Bonjour Service][Running/Auto Start]
<"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Inc.>
[CaCCProvSP / CaCCProvSP][Running/Manual Start]
<"C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe"><CA, Inc.>
[CAISafe / CAISafe][Running/Auto Start]
<C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe><Computer Associates International, Inc.>
[CopySafe Helper Service / CSHelper][Running/Auto Start]
<C:\WINDOWS\system32\CSHelper.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[iPod Service / iPod Service][Running/Manual Start]
<"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[CA Pest Patrol Realtime Protection Service / ITMRTSVC][Running/Auto Start]
<"C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe"><CA, Inc.>
[MHN / MHN][Stopped/Manual Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\mhn.dll><Microsoft Corporation>
[PPCtlPriv / PPCtlPriv][Running/Manual Start]
<"C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe"><CA, Inc.>
[SupportSoft Sprocket Service (medicsp2) / sprtsvc_medicsp2][Running/Auto Start]
<C:\Program Files\twc\medicsp2\bin\sprtsvc.exe /service /p medicsp2><SupportSoft, Inc.>
[HIPS Event Manager / UmxAgent][Running/Auto Start]
<"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe"><CA>
[HIPS Configuration Interpreter / UmxCfg][Running/Auto Start]
<"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe"><CA>
[HIPS Firewall Helper / UmxFwHlp][Running/Auto Start]
<"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe"><CA>
[HIPS Policy Manager / UmxPol][Running/Auto Start]
<"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe"><CA>
[VET Message Service / VETMSGNT][Running/Auto Start]
<C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe><CA, Inc.>
[Dell Wireless WLAN Tray Service / wltrysvc][Running/Auto Start]
<C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe><N/A>
[Lavasoft Ad-Aware Service / aawservice][Running/Auto Start]
<"C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"><Lavasoft>

==================================
Drivers
[Dell Wireless WLAN Card Driver / BCM43XX][Running/Manual Start]
<system32\DRIVERS\bcmwl5.sys><Broadcom Corporation>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
<system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[CDAVFS / CDAVFS][Stopped/Manual Start]
<system32\DRIVERS\CDAVFS.sys><N/A>
[DLABOIOM / DLABOIOM][Running/Auto Start]
<System32\DLA\DLABOIOM.SYS><Sonic Solutions>
[DLACDBHM / DLACDBHM][Running/System Start]
<System32\Drivers\DLACDBHM.SYS><Sonic Solutions>
[DLADResN / DLADResN][Running/Auto Start]
<System32\DLA\DLADResN.SYS><Sonic Solutions>
[DLAIFS_M / DLAIFS_M][Running/Auto Start]
<System32\DLA\DLAIFS_M.SYS><Sonic Solutions>
[DLAOPIOM / DLAOPIOM][Running/Auto Start]
<System32\DLA\DLAOPIOM.SYS><Sonic Solutions>
[DLAPoolM / DLAPoolM][Running/Auto Start]
<System32\DLA\DLAPoolM.SYS><Sonic Solutions>
[DLARTL_N / DLARTL_N][Running/System Start]
<System32\Drivers\DLARTL_N.SYS><Sonic Solutions>
[DLAUDFAM / DLAUDFAM][Running/Auto Start]
<System32\DLA\DLAUDFAM.SYS><Sonic Solutions>
[DLAUDF_M / DLAUDF_M][Running/Auto Start]
<System32\DLA\DLAUDF_M.SYS><Sonic Solutions>
[DRVMCDB / DRVMCDB][Running/Boot Start]
<\SystemRoot\System32\Drivers\DRVMCDB.SYS><Sonic Solutions>
[DRVNDDM / DRVNDDM][Running/Auto Start]
<System32\Drivers\DRVNDDM.SYS><Sonic Solutions>
[dvd43llh / dvd43llh][Running/Manual Start]
<System32\DRIVERS\dvd43llh.sys><RIF>
[GEAR ASPI Filter Driver / GEARAspiWDM][Running/Manual Start]
<System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows ® Server 2003 DDK provider>
[HSF_DPV / HSF_DPV][Running/Manual Start]
<system32\DRIVERS\HSX_DPV.sys><Conexant Systems, Inc.>
[HSXHWAZL / HSXHWAZL][Running/Manual Start]
<system32\DRIVERS\HSXHWAZL.sys><Conexant Systems, Inc.>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[KmxAgent / KmxAgent][Running/System Start]
<System32\DRIVERS\kmxagent.sys><CA>
[KmxCF / KmxCF][Running/Auto Start]
<System32\DRIVERS\KmxCF.sys><CA>
[KmxCfg / KmxCfg][Running/Manual Start]
<System32\DRIVERS\kmxcfg.sys><CA>
[KmxFile / KmxFile][Running/System Start]
<System32\DRIVERS\KmxFile.sys><CA>
[KmxFw / KmxFw][Running/System Start]
<System32\DRIVERS\kmxfw.sys><CA>
[KmxSbx / KmxSbx][Running/Auto Start]
<System32\DRIVERS\KmxSbx.sys><CA>
[KmxStart / KmxStart][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\kmxstart.sys><CA>
[mdmxsdk / mdmxsdk][Running/Auto Start]
<system32\DRIVERS\mdmxsdk.sys><Conexant>
[MHN driver / MHNDRV][Stopped/Manual Start]
<system32\DRIVERS\mhndrv.sys><Microsoft Corporation>
[ntcdrdrv / ntcdrdrv][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\ntcdrdrv.sys><N/A>
[ZTekWare Original CD Emulator Service / OCDE][Stopped/Boot Start]
<\SystemRoot\System32\Drivers\OCDE.sys><N/A>
[OMCI / OMCI][Running/System Start]
<\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS><Dell Computer Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[rimmptsk / rimmptsk][Running/Manual Start]
<system32\DRIVERS\rimmptsk.sys><REDC>
[rimsptsk / rimsptsk][Running/Manual Start]
<system32\DRIVERS\rimsptsk.sys><REDC>
[Ricoh xD-Picture Card Driver / rismxdp][Running/Manual Start]
<system32\DRIVERS\rixdptsk.sys><REDC>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SigmaTel High Definition Audio CODEC / STHDA][Running/Manual Start]
<system32\drivers\sthda.sys><SigmaTel, Inc.>
[Conexant Setup API / UIUSys][Stopped/Manual Start]
<system32\DRIVERS\UIUSYS.SYS><N/A>
[Apple Mobile USB Driver / USBAAPL][Stopped/Manual Start]
<System32\Drivers\usbaapl.sys><Apple, Inc.>
[winachsf / winachsf][Running/Manual Start]
<system32\DRIVERS\HSX_CNXT.sys><Conexant Systems, Inc.>

==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
{243B17DE-77C7-46BF-B94B-0B5F309A0E64} <C:\Program Files\Microsoft Money\System\mnyside.dll, Microsoft Corporation>
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\System32\DLA\DLASHX_W.DLL, Sonic Solutions>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[]
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} <, >
[Java Plug-in]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Create Mobile Favorite]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MICROS~4\INetRepl.dll, (Signed) Microsoft Corporation>
[Create Mobile Favorite]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MICROS~4\INetRepl.dll, (Signed) Microsoft Corporation>
[]
{85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A>
[]
{E023F504-0C5A-4750-A1E7-A9046DEA8A21} <C:\Program Files\Microsoft Money\System\mnyside.dll, Microsoft Corporation>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>
[Facebook Photo Uploader 5 Control]
{0CCA191D-13A6-4E29-B746-314DEE697D83} <C:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx, (Signed) The Facebook>
[]
{0DB074F0-617E-4EE9-912C-2965CF2AA5A4} <C:\Program Files\Virtual Earth 3D\SentinelVirtualEarth3D.dll, (Signed) Microsoft Corporation.>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\Adobe\Director\SwDir.dll, (Signed) Adobe Systems, Inc.>
[Symantec AntiVirus scanner]
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} <C:\WINDOWS\Downloaded Program Files\avsniff.dll, (Signed) Symantec Corporation>
[Snapfish Activia]
{406B5949-7190-4245-91A9-30A17DE16AD0} <C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx, Snapfish>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\DOWNLO~1\oscan82.ocx, BitDefender>
[Oracle JInitiator 1.1.8.18]
{5e2a3510-4371-11d6-b64c-00c04faedb18} <C:\Program Files\Oracle\JInitiator 1.1.8.19\bin\beans.ocx, Oracle Corporation>
[Windows Live Safety Center Base Module]
{5ED80217-570B-4DA9-BF44-BE107C0EC166} <C:\WINDOWS\Downloaded Program Files\wlscBase.dll, (Signed) Microsoft Corporation>
[Symantec RuFSI Utility Class]
{644E432F-49D3-41A1-8DD5-E099162EEEC5} <C:\WINDOWS\Downloaded Program Files\rufsi.dll, (Signed) Symantec Corporation>
[Groove Control]
{77E32299-629F-43C6-AB77-6A1E6D7663F6} <C:\WINDOWS\Downloaded Program Files\GrooveAX.dll, (Signed) The Groove Alliance>
[Facebook Photo Uploader 5 Control]
{8100D56A-5661-482C-BEE8-AFECE305D968} <C:\WINDOWS\Downloaded Program Files\PhotoUploader55.ocx, (Signed) The Facebook>
[Java Plug-in]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[]
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[cpbrkpie Control]
{9522B3FB-7A2B-4646-8AF6-36E7F593073C} <C:\WINDOWS\COUPON~1.OCX, (Signed) >
[InetDownload Class]
{A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} <C:\WINDOWS\Downloaded Program Files\WMDownload.dll, Approach Inc.>
[View22RTE Class]
{BCBC9371-595D-11D4-A96D-00105A1CEF6C} <C:\WINDOWS\Downloaded Program Files\View22RTE.dll, View22>
[Java Plug-in]
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_06]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[CTAdjust Class]
{DE22A7AB-A739-4C58-AD52-21F9CD6306B7} <C:\WINDOWS\Downloaded Program Files\clearadjust.dll, >
[]
{01111C00-3E00-11D2-8470-0060089874ED} <, >
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>
[MetaStreamCtl Class]
{03F998B2-0E00-11D3-A498-00104B6EB52E} <C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll, Viewpoint Corporation>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[Facebook Photo Uploader 5 Control]
{0CCA191D-13A6-4E29-B746-314DEE697D83} <C:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx, (Signed) The Facebook>
[ArtistScope Control]
{0CD74ED1-A8A0-43CF-91C6-FB5C10B93460} <C:\PROGRA~1\INTERN~1\plugins\ARTIST~1.OCX, (Signed) ArtistScope>
[]
{0DB074F0-617E-4EE9-912C-2965CF2AA5A4} <C:\Program Files\Virtual Earth 3D\SentinelVirtualEarth3D.dll, (Signed) Microsoft Corporation.>
[InformationCardSigninHelper Class]
{19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, (Signed) Microsoft Corporation>
[MetaStreamCtl Class]
{1B00725B-C455-4DE6-BFB6-AD540AD427CD} <C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll, Viewpoint Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[Shockwave ActiveX Control]
{233C1507-6A77-46A4-9443-F871F945D258} <C:\WINDOWS\system32\Adobe\Director\SwDir.dll, (Signed) Adobe Systems, Inc.>
[]
{243B17DE-77C7-46BF-B94B-0B5F309A0E64} <C:\Program Files\Microsoft Money\System\mnyside.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XSL Template]
{2933BF94-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Symantec AntiVirus scanner]
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} <C:\WINDOWS\Downloaded Program Files\avsniff.dll, (Signed) Symantec Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <, >
[]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <, >
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, (Signed) Microsoft Corporation>
[SentinelProxy Class]
{3BB1D69B-A780-4BE1-876E-F3D488877135} <C:\Program Files\Virtual Earth 3D\SentinelVirtualEarth3DProxy.dll, (Signed) Microsoft Corporation>
[QuickTime Object]
{4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>
[Snapfish Activia]
{406B5949-7190-4245-91A9-30A17DE16AD0} <C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx, Snapfish>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[EPUImageControl Class]
{4C39376E-FA9D-4349-BACC-D305C1750EF3} <C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll, (Signed) eBay, Inc.>
[Microsoft Terminal Services Client Control (redist)]
{4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
{4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Glassbook Detecter Class]
{4F878398-E58A-11D3-BEE9-00C04FA0D6BA} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\GbDetect.dll, Adobe Systems Incorporated>
[]
{549F957E-2F89-11D6-8CFE-00C04F52B225} <, >
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[isInstalled Class]
{5852F5ED-8BF4-11D4-A245-0080C6F74284} <C:\Program Files\Java\jre1.5.0_06\bin\JavaWebStart.dll, Sun Microsystems, Inc.>
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\System32\DLA\DLASHX_W.DLL, Sonic Solutions>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\DOWNLO~1\oscan82.ocx, BitDefender>
[Oracle JInitiator 1.1.8.18]
{5E2A3510-4371-11D6-B64C-00C04FAEDB18} <C:\Program Files\Oracle\JInitiator 1.1.8.19\bin\beans.ocx, Oracle Corporation>
[Windows Live Safety Center Base Module]
{5ED80217-570B-4DA9-BF44-BE107C0EC166} <C:\WINDOWS\Downloaded Program Files\wlscBase.dll, (Signed) Microsoft Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[Symantec RuFSI Utility Class]
{644E432F-49D3-41A1-8DD5-E099162EEEC5} <C:\WINDOWS\Downloaded Program Files\rufsi.dll, (Signed) Symantec Corporation>
[Microsoft Shell UI Helper]
{64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[DivXBrowserPlugin Object]
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} <C:\Program Files\DivX\DivX Web Player\npdivx32.dll, DivX,Inc.>
[Microsoft.MapPoint.MapControl3D.MapControl]
{68BFC611-B963-4E8C-B0FE-0DD4FB832796} <mscoree.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
{7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
{7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Facebook Photo Uploader 5 Control]
{8100D56A-5661-482C-BEE8-AFECE305D968} <C:\WINDOWS\Downloaded Program Files\PhotoUploader55.ocx, (Signed) The Facebook>
[]
{85D1F590-48F4-11D9-9669-0800200C9A66} <, >
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[XML DOM Document 4.0]
{88D969C0-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 4.0]
{88D969C1-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XSL Template 4.0]
{88D969C3-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XML HTTP 4.0]
{88D969C5-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
{88D96A05-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 6.0]
{88D96A06-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XSL Template 6.0]
{88D96A08-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XML HTTP 6.0]
{88D96A0A-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[]
{8A0019EB-51FA-4AE5-A40B-C0496BBFC739} <, >
[Java Plug-in]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Safety Center Control Module]
{8E5C8BEE-1887-414C-8AC9-7C3951F28476} <C:\Program Files\Windows Live Safety Center\wlscCtrl.dll, (Signed) Microsoft Corporation>
[Microsoft Terminal Services Client Control (redist)]
{9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
{94148DB5-B42D-4915-95DA-2CBB4F7095BF} <, >
[cpbrkpie Control]
{9522B3FB-7A2B-4646-8AF6-36E7F593073C} <C:\WINDOWS\COUPON~1.OCX, (Signed) >
[CDIGStreamClientInfo Object]
{AAF15A90-F3EC-4FEE-9A00-F65B25B83D05} <C:\Program Files\DIGStream\locator.dll, Walt Disney Internet Group>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[]
{C02226EB-A5D7-4B1F-BD7E-635E46C2288D} <, >
[EPUImageControl Class]
{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} <C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll, (Signed) eBay, Inc.>
[Adobe Acrobat Control for ActiveX]
{CA8A9780-280D-11CF-A24D-444553540000} <C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\pdf.ocx, (Signed) Adobe Systems Incorporated>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Microsoft Url Search Hook]
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[Msxml]
{CFC399AF-D876-11D0-9C10-00C04FC99C8E} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[iTunesDetector Class]
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} <C:\Program Files\iTunes\ITDetector.ocx, (Signed) Apple Inc.>
[CTAdjust Class]
{DE22A7AB-A739-4C58-AD52-21F9CD6306B7} <C:\WINDOWS\Downloaded Program Files\clearadjust.dll, >
[QuickTimeCheck Class]
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, (Signed) Apple Inc.>
[Microsoft Silverlight]
{DFEAF541-F3E1-4C24-ACAC-99C30715084A} <c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll, (Signed) Microsoft Corporation>
[]
{E023F504-0C5A-4750-A1E7-A9046DEA8A21} <, >
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[]
{E3E02F12-2ADB-478C-8742-5F0819F9F0F4} <"C:\Documents and Settings\Ann\Application Data\Move Networks\ie_bin\qsp2ie071303000006.dll", N/A>
[]
{e473a65c-8087-49a3-affd-c5bc4a10669b} <"C:\Documents and Settings\Ann\Application Data\Move Networks\ie_bin\qsp2ie071303000006.dll", N/A>
[WebViewFolderIcon Class]
{E5DF9D10-3B52-11D1-83E8-00A0C90DC849} <C:\WINDOWS\system32\webvw.dll, (Signed) Microsoft Corporation>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Scripting.Dictionary]
{EE09B103-97E0-11CF-978F-00A02463E06F} <C:\WINDOWS\system32\scrrun.dll, (Signed) Microsoft Corporation>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Free Threaded XML DOM Document 3.0]
{F5078F33-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XSL Template 3.0]
{F5078F36-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Free Threaded XML DOM Document]
{F6D90F12-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[]
{fc345d4c-b8f4-4674-bff7-3c37d2e535ee} <"C:\Documents and Settings\Ann\Application Data\Move Networks\ie_bin\qsp2ie071303000006.dll", N/A>
[]
{fd6484ed-ebe3-4c3d-938a-8238003b41b7} <"C:\Documents and Settings\Ann\Application Data\Move Networks\ie_bin\qsp2ie071303000006.dll", N/A>
[]
{FDD3B846-8D59-4FFB-8758-209B6AD74ACC} <, >

==================================
Running Processes
[PID: 876 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 940 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 964 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\UmxWnp.Dll] [CA, 6, 0, 0, 5]
[C:\WINDOWS\System32\BCMLogon.dll] [Broadcom Corporation, 4.10.47.3]
[C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll] [CA, Inc., 1.1.0.26]
[PID: 1008 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll] [CA, Inc., 1.1.0.26]
[PID: 1020 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\VetRedir.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\WINDOWS\system32\ISafeIf.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[PID: 1216 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll] [CA, Inc., 1.1.0.26]
[PID: 1280 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\VetRedir.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\WINDOWS\system32\ISafeIf.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Inc., 1,0,5,11]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll] [CA, Inc., 1.1.0.26]
[PID: 1320 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\VetRedir.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\WINDOWS\system32\ISafeIf.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Inc., 1,0,5,11]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll] [CA, Inc., 1.1.0.26]
[PID: 1360 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll] [CA, Inc., 1.1.0.26]
[PID: 1408 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\VetRedir.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\WINDOWS\system32\ISafeIf.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll] [CA, Inc., 1.1.0.26]
[PID: 1504 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Inc., 1,0,5,11]
[PID: 1796 / SYSTEM][C:\WINDOWS\System32\WLTRYSVC.EXE] [N/A, ]
[PID: 1808 / SYSTEM][C:\WINDOWS\System32\bcmwltry.exe] [Dell Inc., 4.10.47.3]
[C:\WINDOWS\System32\bcm1xsup.dll] [N/A, ]
[C:\WINDOWS\System32\bcmwlpkt.dll] [CACE Technologies, 3, 1, 0, 27]
[C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\atl71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\wltrynt.dll] [Broadcom Corporation, 4.10.47.3]
[PID: 1856 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\system32\custmon32.dll] [N/A, ]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Inc., 1,0,5,11]
[C:\WINDOWS\system32\icm32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[PID: 1868 / SYSTEM][C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe] [CA, 1.0.2.183]
[C:\Program Files\CA\SharedComponents\HIPSEngine\UmxXmlSd.dll] [CA, 1.2.0.202]
[C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPthEx.dll] [CA, 1.0.0.32]
[PID: 1908 / SYSTEM][C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe] [CA, 6.5.5.6]
[C:\WINDOWS\system32\VetRedir.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\WINDOWS\system32\ISafeIf.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[PID: 1964 / SYSTEM][C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe] [CA, 6.0.0.47]
[PID: 1996 / SYSTEM][C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe] [CA, 6, 0, 1, 202]
[C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwCli.dll] [CA, 6.5.4.7]
[PID: 1224 / Ann][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll] [Malwarebytes Corporation, 1, 2, 0, 0]
[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\avshlext.dll] [CA, Inc., Version 8.4.0.28]
[C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.1.2003110300]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Inc., 1,0,5,11]
[C:\WINDOWS\system32\VetRedir.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\WINDOWS\system32\ISafeIf.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4446]
[C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3.0.0.4446]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4446]
[C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 3.0.0.4446]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4446]
[PID: 1456 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll] [CA, Inc., 1.1.0.26]
[PID: 1400 / Ann][C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe] [CA, Inc., Version 9.1.0.38]
[C:\Program Files\CA\CA Internet Security Suite\ccpriv.dll] [Computer Associates International, Inc., Version 3.2.1.19]
[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrm.dll] [CA, Inc., Version 3.2.1.21]
[C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafwProduct.dll] [CA, Inc., Version 9.1.0.38]
[C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafwResource.dll] [CA, Inc., Version 9.1.0.38]
[C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafwImages.dll] [CA, Inc., Version 9.1.0.38]
[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrmRes.dll] [CA, Inc., Version 3.2.1.19]
[C:\Program Files\CA\SharedComponents\HIPSEngine\UmxEventCli.dll] [CA, 1, 0, 0, 40]
[PID: 1568 / SYSTEM][C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe] [Apple Inc., 2.12.33.0]
[C:\WINDOWS\system32\VetRedir.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\WINDOWS\system32\ISafeIf.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[PID: 1588 / SYSTEM][C:\Program Files\Bonjour\mDNSResponder.exe] [Apple Inc., 1,0,5,11]
[C:\WINDOWS\system32\VetRedir.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\WINDOWS\system32\ISafeIf.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[PID: 1616 / SYSTEM][C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafServ.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\WINDOWS\system32\iSafProd.dll] [CA, Inc., Version 8.4.0.28]
[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\Arclib.dll] [CA, Inc., 8.1.4.0]
[C:\WINDOWS\system32\ISafeIf.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\WINDOWS\system32\VetRedir.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafeEngine.dll] [CA, Inc., Version 31.6.0.0]
[PID: 1672 / SYSTEM][C:\WINDOWS\system32\CSHelper.exe] [N/A, ]
[C:\WINDOWS\system32\CSInstru.dll] [Art Dept (nsw) Pty Ltd, 3, 1, 2, 5]
[PID: 1960 / SYSTEM][C:\WINDOWS\eHome\ehRecvr.exe] [Microsoft Corporation, 5.1.2715.2773 (xpsp(wmbla).051011-0745)]
[C:\WINDOWS\system32\sbe.dll] [, ]
[C:\WINDOWS\system32\quartz.dll] [, ]
[C:\WINDOWS\system32\devenum.dll] [, ]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[PID: 188 / SYSTEM][C:\WINDOWS\eHome\ehSched.exe] [(Verified) Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1239)]
[C:\WINDOWS\system32\VetRedir.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\WINDOWS\system32\ISafeIf.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[PID: 332 / SYSTEM][C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\Common Files\Scanner\ppctl.dll] [CA, 5.6.9.5]
[PID: 640 / SYSTEM][C:\Program Files\twc\medicsp2\bin\sprtsvc.exe] [SupportSoft, Inc., 6,9,2018,0]
[C:\Program Files\twc\medicsp2\bin\sprtsched.dll] [SupportSoft, Inc., 6,9,2018,0]
[C:\Program Files\twc\medicsp2\bin\sprtsync.dll] [SupportSoft, Inc., 6,9,2018,0]
[C:\Program Files\twc\medicsp2\bin\LIBEAY32.dll] [The OpenSSL Project, http://www.openssl.org/, 0.9.8b]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Inc., 1,0,5,11]
[C:\WINDOWS\system32\VetRedir.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\WINDOWS\system32\ISafeIf.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[PID: 728 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\VetRedir.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\WINDOWS\system32\ISafeIf.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll] [CA, Inc., 1.1.0.26]
[PID: 796 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll] [CA, Inc., 1.1.0.26]
[PID: 676 / SYSTEM][C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe] [CA, Inc., Version 8.4.0.28]
[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\DriverIf.dll] [CA, Inc., Version 8.4.0.28]
[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetNtMsg.dll] [CA, Inc., Version 8.4.0.28]
[C:\WINDOWS\system32\ISafeIf.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\WINDOWS\system32\VetRedir.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[PID: 1604 / SYSTEM][c:\WINDOWS\system32\ZuneBusEnum.exe] [Microsoft Corporation, 3.1.620.0 (ZUNE_DORADO_V3.01_RTM(pegblder).081110-1150)]
[C:\WINDOWS\system32\VetRedir.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\WINDOWS\system32\ISafeIf.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[PID: 2128 / LOCAL SERVICE][C:\WINDOWS\ehome\mcrdsvc.exe] [Microsoft Corporation, 4.1.2710.2732 (xpsp(wmbla).050805-1239)]
[C:\WINDOWS\system32\VetRedir.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\WINDOWS\system32\ISafeIf.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[PID: 2588 / Ann][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[PID: 2628 / Ann][C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe] [CA, Inc., Version 3.2.1.19]
[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrm.dll] [CA, Inc., Version 3.2.1.21]
[C:\Program Files\CA\CA Internet Security Suite\ccissImg.dll] [CA, Inc., Version 3.2.1.19]
[C:\Program Files\CA\CA Internet Security Suite\ccissPrd.dll] [CA, Inc., Version 3.2.1.19]
[C:\Program Files\CA\CA Internet Security Suite\ccissRes.dll] [CA, Inc., Version 3.2.1.19]
[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrmRes.dll] [CA, Inc., Version 3.2.1.19]
[C:\Program Files\CA\CA Internet Security Suite\cctray\cafwsystrayapi.dll] [CA, Inc., Version 9.1.0.38]
[C:\Program Files\CA\CA Internet Security Suite\cctray\cctrayaspyplugin.dll] [CA, Inc., 9, 0, 0, 9]
[C:\Program Files\CA\CA Internet Security Suite\cctray\cctrayavplugin.dll] [CA, Inc., Version 8.4.0.28]
[C:\Program Files\CA\CA Internet Security Suite\cctray\cctrayissplugin.dll] [CA, Inc., Version 3.2.1.20]
[C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafwProduct.dll] [CA, Inc., Version 9.1.0.38]
[C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafwResource.dll] [CA, Inc., Version 9.1.0.38]
[C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafwImages.dll] [CA, Inc., Version 9.1.0.38]
[C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\ePFBPLMA.dll] [CA, Inc., Version 9.1.0.38]
[C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\caAspyConst.dll] [CA, Inc., 9.1.0.22]
[C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\caAspyResource.dll] [CA, Inc., 9.1.0.22]
[C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\caAspyImages.dll] [CA, Inc., 9.1.0.22]
[C:\Program Files\CA\CA Internet Security Suite\caaspyinterface.dll] [CA, Inc., 9.1.0.22]
[C:\Program Files\CA\CA Internet Security Suite\ccpriv.dll] [Computer Associates International, Inc., Version 3.2.1.19]
[C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAISSLicMod.dll] [CA, 1, 0, 0, 4]
[C:\Program Files\CA\CA Internet Security Suite\EZAVLIC.DLL] [CA, Inc., Version 3.2.1.19]
[C:\WINDOWS\system32\ISafeIf.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\driverif.dll] [CA, Inc., Version 8.4.0.28]
[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\caavProduct.dll] [CA, Inc., Version 8.4.0.28]
[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\caavResource.dll] [CA, Inc., Version 8.4.0.28]
[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\caavImages.dll] [CA, Inc., Version 8.4.0.28]
[C:\WINDOWS\system32\VetRedir.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\Program Files\CA\CA Internet Security Suite\calic.dll] [CA, Inc., Version 3.2.1.19]
[C:\Program Files\CA\CA Internet Security Suite\License.dll] [N/A, ]
[C:\Program Files\CA\CA Internet Security Suite\caissresource.dll] [CA, Inc., Version 3.2.1.19]
[C:\Program Files\CA\CA Internet Security Suite\caISSImages.dll] [CA, Inc., Version 3.2.1.19]
[C:\Program Files\CA\CA Internet Security Suite\caISSProduct.dll] [CA, Inc., Version 3.2.1.19]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Inc., 1,0,5,11]
[C:\Program Files\CA\CA Internet Security Suite\CCUpdIf.dll] [CA, Inc., Version 3.2.1.19]
[PID: 2744 / Ann][C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe] [CA, Inc., Version 8.4.0.28]
[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrm.dll] [CA, Inc., Version 3.2.1.21]
[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\caavProduct.dll] [CA, Inc., Version 8.4.0.28]
[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\caavResource.dll] [CA, Inc., Version 8.4.0.28]
[C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\caavImages.dll] [CA, Inc., Version 8.4.0.28]
[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrmRes.dll] [CA, Inc., Version 3.2.1.19]
[PID: 2932 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\system32\VetRedir.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\WINDOWS\system32\ISafeIf.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[PID: 3040 / Ann][C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe] [CA, Inc., Version 9.1.0.38]
[C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\ePFBPLASE.dll] [CA, Inc., Version 9.1.0.38]
[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrm.dll] [CA, Inc., Version 3.2.1.21]
[C:\Program Files\CA\CA Internet Security Suite\ccpriv.dll] [Computer Associates International, Inc., Version 3.2.1.19]
[C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafwProduct.dll] [CA, Inc., Version 9.1.0.38]
[C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafwResource.dll] [CA, Inc., Version 9.1.0.38]
[C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafwImages.dll] [CA, Inc., Version 9.1.0.38]
[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrmRes.dll] [CA, Inc., Version 3.2.1.19]
[C:\Program Files\CA\SharedComponents\HIPSEngine\UmxEventCli.dll] [CA, 1, 0, 0, 40]
[C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPthEx.dll] [CA, 1.0.0.32]
[C:\WINDOWS\system32\VetRedir.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\WINDOWS\system32\ISafeIf.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[PID: 3308 / SYSTEM][C:\WINDOWS\system32\dllhost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll] [CA, Inc., 1.1.0.26]
[PID: 3320 / Ann][C:\WINDOWS\system32\WLTRAY.exe] [Dell Inc., 4.10.47.3]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\atl71.dll] [Microsoft Corporation, 7.10.3077.0]
[PID: 3448 / Ann][C:\WINDOWS\system32\igfxpers.exe] [Intel Corporation, 3.0.0.4446]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4446]
[PID: 3552 / Ann][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.4446]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4446]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4446]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4446]
[PID: 3616 / Ann][C:\WINDOWS\stsystra.exe] [SigmaTel, Inc., 1.0.4995.1 nd446 cp1]
[C:\WINDOWS\system32\STLang.dll] [SigmaTel, Inc., 1.1.4991.0 nd229 cp1]
[C:\WINDOWS\system32\stacapi.dll] [SigmaTel, Inc., 1.0.4995.1 nd446 cp1]
[PID: 3676 / Ann][C:\Program Files\dvd43\dvd43_tray.exe] [, 3.9.0.0]
[PID: 3868 / Ann][C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAPPActiveProtection.exe] [CA, Inc., 9, 1, 0, 2]
[C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\ITMRTAPI.dll] [CA, Inc., 1.1.0.32]
[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrm.dll] [CA, Inc., Version 3.2.1.21]
[C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\caAspyConst.dll] [CA, Inc., 9.1.0.22]
[C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\caAspyResource.dll] [CA, Inc., 9.1.0.22]
[C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\caAspyImages.dll] [CA, Inc., 9.1.0.22]
[C:\Program Files\CA\CA Internet Security Suite\ccGUIFrmRes.dll] [CA, Inc., Version 3.2.1.19]
[C:\Program Files\CA\CA Internet Security Suite\ccpriv.dll] [Computer Associates International, Inc., Version 3.2.1.19]
[C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAISSLicMod.dll] [CA, 1, 0, 0, 4]
[C:\Program Files\CA\CA Internet Security Suite\EZAVLIC.DLL] [CA, Inc., Version 3.2.1.19]
[C:\Program Files\CA\CA Internet Security Suite\calic.dll] [CA, Inc., Version 3.2.1.19]
[C:\Program Files\CA\CA Internet Security Suite\License.dll] [N/A, ]
[C:\Program Files\Common Files\Scanner\ppctl.dll] [CA, 5.6.9.5]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll] [CA, Inc., 1.1.0.26]
[PID: 3876 / SYSTEM][C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe] [CA, Inc., 9.1.0.9]
[C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\ITMRTAPI.dll] [CA, Inc., 1.1.0.32]
[PID: 3928 / Ann][C:\Program Files\iTunes\iTunesHelper.exe] [Apple Inc., 8.0.2.20]
[C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL] [Apple Inc., 8.0.2.20]
[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Inc., 8.0.2.20]
[C:\Program Files\QuickTime\QTSystem\QuickTime.qts] [Apple Inc., 7.5.5 (990.7)]
[C:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll] [Apple Inc., 185.11.0.10]
[C:\WINDOWS\system32\VetRedir.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\WINDOWS\system32\ISafeIf.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[PID: 532 / Ann][C:\WINDOWS\system32\igfxsrvc.exe] [Intel Corporation, 3.0.0.4446]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4446]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.4446]
[PID: 636 / SYSTEM][C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe] [CA, Inc., Version 3.2.1.19]
[PID: 1884 / Ann][C:\Program Files\Zune\ZuneLauncher.exe] [Microsoft Corporation, 3.1.620.0 (ZUNE_DORADO_V3.01_RTM(pegblder).081110-1150)]
[PID: 2496 / Ann][C:\Program Files\Messenger\msmsgs.exe] [Microsoft Corporation, 4.7.3001]
[PID: 1740 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll] [CA, Inc., 1.1.0.26]
[PID: 2596 / Ann][C:\Program Files\Microsoft ActiveSync\wcescomm.exe] [Microsoft Corporation, 4.5.5096.0]
[C:\WINDOWS\system32\VetRedir.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\WINDOWS\system32\ISafeIf.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[PID: 3356 / SYSTEM][C:\Program Files\iPod\bin\iPodService.exe] [Apple Inc., 8.0.2.20]
[C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL] [Apple Inc., 8.0.2.20]
[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Inc., 8.0.2.20]
[PID: 496 / Ann][C:\PROGRA~1\MICROS~4\rapimgr.exe] [Microsoft Corporation, 4.5.5096.0]
[C:\WINDOWS\system32\VetRedir.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\WINDOWS\system32\ISafeIf.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[PID: 772 / Ann][C:\WINDOWS\system32\wscntfy.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]
[PID: 1128 / SYSTEM][C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe] [Lavasoft, 7,1,0,12]
[C:\Program Files\Lavasoft\Ad-Aware\CEAPI.dll] [Lavasoft, 7,1,0,13]
[C:\Program Files\Lavasoft\Ad-Aware\PKArchive85u.dll] [PKWARE, Inc., 8.4.1045.0]
[PID: 364 / Ann][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Inc., 1,0,5,11]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4446]
[C:\WINDOWS\system32\VetRedir.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\WINDOWS\system32\ISafeIf.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[PID: 3496 / Ann][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAHook.dll] [CA, Inc., 1.1.0.26]
[C:\Program Files\CA\SharedComponents\PPRT\bin\CAServer.dll] [CA, Inc., 1.1.0.26]
[C:\WINDOWS\system32\VetRedir.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\WINDOWS\system32\ISafeIf.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Inc., 1,0,5,11]
[C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.1.2003110300]
[C:\Program Files\Microsoft Money\System\mnyside.dll] [Microsoft Corporation, 11.00.0716]
[C:\Program Files\Microsoft Money\System\misstub.dll] [Microsoft Corporation, 11.00.0716]
[C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll] [Sun Microsystems, Inc., 5.0.60.5]
[C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx] [Adobe Systems, Inc., 10,0,22,87]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4446]
[C:\Program Files\QuickTime\QTPlugin.ocx] [Apple Inc., 7.5.5 (990.7)]
[C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.qtx] [Apple Inc., 7.5.5 (990.7)]
[C:\Program Files\QuickTime\QTSystem\QuickTime.qts] [Apple Inc., 7.5.5 (990.7)]
[C:\Program Files\QuickTime\QTSystem\CoreVideo.qtx] [Apple Computer, Inc., 7.5.5 (990.7)]
[C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.qtx] [Apple Inc., 7.5.5 (990.7)]
[C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.qtx] [Apple Inc., 7.5.5 (990.7)]
[C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.qtx] [Apple Inc., 7.6.4]
[C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.qtx] [Apple Inc., 7.5.5 (990.7)]
[C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.qtx] [Apple Inc., 7.5.5 (990.7)]
[C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.qtx] [Apple Inc., 7.5.5 (990.7)]
[C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.qtx] [Apple Inc., 7.5.5 (990.7)]
[C:\Program Files\QuickTime\QTSystem\QuickTimeH264.qtx] [Apple Inc., 7.5.5 (990.7)]
[C:\Program Files\QuickTime\QTSystem\QuickTimeImage.qtx] [Apple Inc., 7.5.5 (990.7)]
[C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.qtx] [Apple Inc., 7.5.5 (990.7)]
[C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.qtx] [Apple Inc., 7.5.5 (990.7)]
[C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.qtx] [Apple Inc., 7.5.5 (990.7)]
[C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.qtx] [Apple Inc., 7.5.5 (990.7)]
[C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.qtx] [Apple Inc., 7.5.5 (990.7)]
[C:\Program Files\QuickTime\QTSystem\QuickTimeQD3D.qtx] [Apple Inc., 7.5.5 (990.7)]
[C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.qtx] [Apple Inc., 7.5.5 (990.7)]
[C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.qtx] [Apple Inc., 7.5.5 (990.7)]
[C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.qtx] [Apple Inc., 7.5.5 (990.7)]
[C:\Program Files\QuickTime\QTSystem\QuickTimeVR.qtx] [Apple Inc., 7.5.5 (990.7)]
[PID: 3916 / Ann][C:\Documents and Settings\Ann\Desktop\Sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.8.1.1279]
[PID: 820 / Ann][C:\Documents and Settings\Ann\Desktop\Sreng2\SREad9d75ef.EXE] [Smallfrogs Studio, 2.8.1.1279]
[C:\Documents and Settings\Ann\Desktop\Sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Inc., 1,0,5,11]
[C:\WINDOWS\system32\VetRedir.dll] [Computer Associates International, Inc., Version 8.0.8.0]
[C:\WINDOWS\system32\ISafeIf.dll] [Computer Associates International, Inc., Version 8.0.8.0]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
CA ISafe LSP over [MSAFD Tcpip [TCP/IP]]
C:\WINDOWS\system32\VetRedir.dll(Computer Associates International, Inc., CA ISafe LSP DLL)
CA ISafe LSP over [MSAFD Tcpip [UDP/IP]]
C:\WINDOWS\system32\VetRedir.dll(Computer Associates International, Inc., CA ISafe LSP DLL)
CA ISafe LSP over [MSAFD Tcpip [RAW/IP]]
C:\WINDOWS\system32\VetRedir.dll(Computer Associates International, Inc., CA ISafe LSP DLL)
CA ISafe LSP
C:\WINDOWS\system32\VetRedir.dll(Computer Associates International, Inc., CA ISafe LSP DLL)

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1808, C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1672, C:\WINDOWS\SYSTEM32\CSHELPER.EXE]
Special Privileges Enabled: SeSystemtimePrivilege [PID = 1672, C:\WINDOWS\SYSTEM32\CSHELPER.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3320, C:\WINDOWS\SYSTEM32\WLTRAY.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3616, C:\WINDOWS\STSYSTRA.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3676, C:\PROGRAM FILES\DVD43\DVD43_TRAY.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3916, C:\DOCUMENTS AND SETTINGS\ANN\DESKTOP\SRENG2\SRENGLDR.EXE]

==================================
Scheduled Tasks
[Enabled] CAAntiSpywareScan_Daily as Ann at 4 24 PM.job
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAAntiSpyware.exe
[Enabled] AppleSoftwareUpdate.job
C:\Program Files\Apple Software Update\SoftwareUpdate.exe

==================================
Windows Security Update Check
KB892130, Windows Genuine Advantage Validation Tool (KB892130)
KB925766, Update Rollup for Windows XP Media Center Edition 2005 (KB925766)
KB925850, Windows Media Player 11 (for Windows Media Center Edition 2005)
KB940157, Windows Search 4.0 for Windows XP (KB940157)
KB943729, Group Policy Preference Client Side Extensions for Windows XP (KB943729)
KB909520, Microsoft Base Smart Card Cryptographic Service Provider Package: x86 (KB909520)
KB909520, Zune Software 4.0
KB909520, Windows Live Essentials
KB931125, Update for Root Certificates [September 2009] (KB931125)

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:25 PM

Posted 28 September 2009 - 11:56 AM

Hi, pculter :(

Welcome.

Please read and follow all these instructions very carefully.

Download the enclosed folder. [attachment=32154:IastorSearch.zip]Save and extract its contents to the desktop. Once extract it, click on the RunMe.bat and post the resulting report. This scan will take a considerable amount of time. Be patient.

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

=====================================================================


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • If you receive a message that Combofix has detected the presence of rootkit activity and needs to reboot, kindly write down on paper the list of files present in the message before continuing, and post it in your next reply.
  • Install the Recovery Console upon request.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 pculter

pculter
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 28 September 2009 - 06:40 PM

----a-w 871,040 2005-04-25 15:28:14 C:\WINDOWS\dell\iastor\iastor.sys

Entries: 1 (1)
Directories: 0 Files: 1
Bytes: 871,040 Blocks: 1,702

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:25 PM

Posted 28 September 2009 - 07:36 PM

Hi, pculter :(

I will need to see the reports requested. Also:

1. Launch Notepad, and copy/paste the contents of the quote box below into a new Notepad file. Save it with file name options.txt and save as file type: all files to your desktop.

RegSearch Options File

[Search]
gasfkyccofnjsu.dll

[Exclude]

[Options]
Filter=KVDLUI



2. Download Registry Search to your desktop.
  • Right click on the compressed RegSearch folder, and choose "Extract All". In the box that pops open, click "Next", then "Next" again, and then "Finish". You now have another RegSearch folder on your desktop.
  • Open the new folder, and double click on regsearch.exe
  • Click "Import" in the lower left corner and browse to the options.txt file that you just saved on your desktop. Do not choose the one in the RegSearch folder itself.
  • Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
  • Please reply here with the entire contents of the Notepad file from RegSearch.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 pculter

pculter
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 28 September 2009 - 08:33 PM

ComboFix 09-09-28.01 - Ann 09/28/2009 21:09.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.549 [GMT -4:00]
Running from: c:\documents and settings\Ann\Desktop\ComboFix.exe
AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common
c:\program files\Common\_helper.sig
c:\program files\Shared
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Installer\391c618.msp
c:\windows\Installer\391c619.msp
c:\windows\kb913800.exe
c:\windows\system32\gasfkyccofnjsu.dll
c:\windows\system32\gasfkykvlfrsbk.dat
c:\windows\system32\gasfkyvaixbdle.dll
c:\windows\system32\gasfkywvfxglra.dll
c:\windows\system32\gasfkyxgaehvkc.dat
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_gasfkysakxoxwy
-------\Service_gasfkysakxoxwy


((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.

2009-09-28 23:52 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-28 23:52 . 2009-09-28 23:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 23:52 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-28 23:21 . 2009-09-29 00:45 -------- d-----w- c:\program files\mldoep
2009-09-24 04:27 . 2009-09-24 04:27 -------- d-----w- c:\documents and settings\Ann\Application Data\Malwarebytes
2009-09-24 04:27 . 2009-09-24 04:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-24 04:08 . 2009-09-24 04:08 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-14 13:24 . 2009-09-14 13:24 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-13 14:35 . 2009-09-13 14:35 -------- d-sh--w- c:\documents and settings\Ann\PrivacIE
2009-09-13 14:33 . 2009-09-13 14:33 -------- d-sh--w- c:\documents and settings\Ann\IETldCache
2009-09-13 14:22 . 2009-09-13 14:22 -------- d-----w- c:\windows\ie8updates
2009-09-13 14:17 . 2009-09-13 14:18 -------- dc-h--w- c:\windows\ie8
2009-09-13 14:14 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-13 14:13 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-13 14:13 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-08 20:07 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 01:21 . 2008-05-25 03:52 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2009-09-29 01:21 . 2008-05-25 03:52 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2009-09-29 01:21 . 2008-05-25 03:52 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2009-09-29 01:21 . 2008-05-25 03:52 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2009-09-29 01:21 . 2008-05-25 03:52 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2009-09-29 01:21 . 2008-05-25 03:52 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2009-09-29 01:21 . 2008-05-25 03:52 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2009-09-29 01:21 . 2008-05-25 03:52 300058 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2009-09-28 01:20 . 2006-09-09 15:28 56 --sh--r- c:\windows\system32\AC63E6BEDF.sys
2009-09-28 01:20 . 2006-09-09 15:28 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-26 02:39 . 2008-04-04 00:27 -------- d-----w- c:\program files\Coupons
2009-09-25 22:57 . 2007-07-11 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-25 21:53 . 2007-07-11 19:25 -------- d-----w- c:\program files\Lavasoft
2009-09-25 21:53 . 2007-07-11 19:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-24 03:47 . 2008-07-30 23:00 -------- d-----w- c:\documents and settings\Ann\Application Data\wootalyzer
2009-09-12 20:49 . 2006-08-17 23:41 -------- d-----w- c:\documents and settings\Ann\Application Data\AdobeUM
2009-09-09 12:39 . 2009-03-17 01:10 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-27 02:04 . 2006-08-16 03:53 35152 ----a-w- c:\documents and settings\Ann\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-23 23:42 . 2006-09-28 02:53 -------- d-----w- c:\program files\PokerStars.NET
2009-08-22 07:12 . 2009-08-22 07:12 -------- d-----w- c:\program files\MSBuild
2009-08-22 07:11 . 2009-08-22 07:11 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 09:01 . 2004-08-10 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-23 02:08 . 2008-07-13 04:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-17 19:01 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-10 11:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-10 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-31 177392]
"CAVRID"="c:\program files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2009-07-31 230664]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"medicsp2"="c:\program files\twc\medicsp2\bin\sprtcmd.exe" [2007-03-07 198184]
"QOELOADER"="c:\program files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-05-24 14088]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 17:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Ann^Start Menu^Programs^Startup^RCA Detective.lnk]
path=c:\documents and settings\Ann\Start Menu\Programs\Startup\RCA Detective.lnk
backup=c:\windows\pss\RCA Detective.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 7:08 PM 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 7:08 PM 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 7:08 PM 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 7:08 PM 115216]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 7:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 7:08 PM 66576]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [2/21/2008 9:14 PM 202280]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/18/2007 10:24 AM 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 10:24 AM 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 7:10 PM 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 7:08 PM 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe [8/16/2007 9:10 PM 189704]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S0 OCDE;ZTekWare Original CD Emulator Service;c:\windows\system32\Drivers\OCDE.sys --> c:\windows\system32\Drivers\OCDE.sys [?]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2/14/2009 12:00 AM 266240]
S3 CDAVFS;CDAVFS;c:\windows\system32\DRIVERS\CDAVFS.sys --> c:\windows\system32\DRIVERS\CDAVFS.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-09-16 c:\windows\Tasks\CAAntiSpywareScan_Daily as Ann at 4 24 PM.job
- c:\program files\CA\eTrust EZ Armor\eTrust PestPatrol\CAAntiSpyware.exe [2007-08-17 01:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\windows\system32\VetRedir.dll
DPF: {5e2a3510-4371-11d6-b64c-00c04faedb18}
FF - ProfilePath - c:\documents and settings\Ann\Application Data\Mozilla\Firefox\Profiles\mi8pro22.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKCU-Run-swg - (no file)
HKLM-Run-Easy Dock - (no file)
HKLM-Run-hcsystray - (no file)
HKLM-Run-NoteBurner - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-28 21:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1092)
c:\windows\system32\UmxWnp.Dll
c:\windows\System32\BCMLogon.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(1344)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(1788)
c:\windows\system32\WININET.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\CA\eTrust EZ Armor\eTrust EZ Antivirus\vetmsg.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\CA\eTrust EZ Armor\eTrust PestPatrol\CAPPActiveProtection.exe
.
**************************************************************************
.
Completion time: 2009-09-29 21:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-29 01:30

Pre-Run: 3,125,342,208 bytes free
Post-Run: 4,202,164,224 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

304 --- E O F --- 2009-09-14 11:05

#6 pculter

pculter
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 28 September 2009 - 08:40 PM

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman 2005
; Version: 2.0.6.0

; Results at 9/28/2009 9:36:28 PM for strings:
; 'gasfkyccofnjsu.dll'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:25 PM

Posted 28 September 2009 - 11:18 PM

Hi, pculter :(

From the contents of your post, it seems that you have been the victim of a Backdoor.Trojan

Backdoor.Trojan is a generic detection for a group of Trojan horse programs that open a back door and allow a remote attacker to have unauthorized access to the compromised computer.

Please refer to the following article.

http://www.dslreports.com/faq/10063

We wont ask a member to reformat the computer, but you should have that in mind. If you still making financial transactions with your computer, I would suggest you contact all financial institutions you deal with and change your password using another computer.

Lets check for remnants:

Please run the F-Secure Online Scanner

Note: You must use Internet Explorer for this scan!
  • Accept the License Agreement.
  • Once the ActiveX installs click Full System Scan
  • Once the download completes, the scan will begin automatically.
  • The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy and paste the entire report in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 pculter

pculter
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 29 September 2009 - 06:13 PM

I went to the website via the link and followed the instructions and clicked start in Internet Explorer. After 2 1/2 hours, nothing happened.

#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:25 PM

Posted 29 September 2009 - 08:26 PM

AS an alternate scan, Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Attention! Kaspersky Online Scanner 7.0 may fail to start if another anti-virus program is already installed and running on your computer. Please deactivate the anti-virus software installed on your computer prior to starting Kaspersky Online Scanner 7.0.

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 16.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u16-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Make sure the C:\Program Files\JAVA folder is removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u16-windows-i586.exe and select "Run as an Administrator.")

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 pculter

pculter
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 30 September 2009 - 07:21 PM

I followed the directions, ran the Kaspersky Web Scanner twice, but no log was created. The end result after the scan was complete was that it said NO THREAT FOUND.

#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:25 PM

Posted 30 September 2009 - 11:49 PM

Hi, pculter :(

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK..

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Follow these steps to uninstall Combofix
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

    Posted Image
Create a Restore point (If the above process fails to do so):
  • Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
  • In the System Restore dialog box, click Create a restore point, and then click Next.
  • Type a description for your restore point, such as "After Cleanup", then click Create.
How is the computer doing?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 pculter

pculter
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 01 October 2009 - 05:54 PM

Computer seems to be working fine now.

I did type in the ComboFix /u and it told me that the file was not found. Is this an issue?

Paul

#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:25 PM

Posted 01 October 2009 - 08:24 PM

Computer seems to be working fine now.

I did type in the ComboFix /u and it told me that the file was not found. Is this an issue?

Paul

Perhaps you remove the one saved in c:\documents and settings\Ann\Desktop\ComboFix.exe

If you still have that copy, run it as follows:

"c:\documents and settings\Ann\Desktop\ComboFix.exe" /u

Include the quotation marks and there is a space between " and /u.

It is necessary to run that command to remove the quarantined items and tools.

The following is a list of free tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - A useful tool which can search and annhilate bad files that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills bad files that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep bad files from installing on your system.
  • ZonedOut + IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • ATF! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those bad files that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes! Posted Image

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:25 PM

Posted 04 October 2009 - 07:23 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users