Hi I just recently scanned my computer with Ad-Aware SE due to pop-ups coming up saying I have been infected, from programs not even on my computer, and I have found a Win32.Trojandownloader.zlob in my computers registary. I deleted it but it keeps coming back . I know there is other posts about this topic but I didn't understand them. Below I have posted a Hijack This log and a Ad-Aware log. I am running Ad-Aware SE Build 1.06r1.



Logfile of HijackThis v1.99.1
Scan saved at 12:49:41, on 14/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MMediaCodec\isamonitor.exe
C:\Program Files\MMediaCodec\pmsngr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\MMediaCodec\isamini.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe
C:\Program Files\blueyonder\PCguard\Rps.exe
C:\Program Files\Western Digital Technologies\NetCenter EasyLink\WDEzLink.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\MMediaCodec\pmmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Documents and Settings\Ashley\Desktop\Malicious Software Removal.exe
d:\d802393cd733826d86\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Ashley\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\MMediaCodec\isaddon.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9FE3E5EF-3C17-48C8-B798-933771FBCF02} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program Files\MMediaCodec\iesplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCguardadvisor.exe] "C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe"
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\blueyonder\PCguard\Rps.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [WD NetCenter EasyLink] C:\Program Files\Western Digital Technologies\NetCenter EasyLink\WDEzLink.exe -s
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Info Display.LNK = C:\Program Files\Medion Info Display\MdionLCM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toysrus.co.uk/
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.com/exchange/lots/telepo...ty4LotTeleX.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbue32 - winbue32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - (no file)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


[color=#3333FF]


Ad-Aware SE Build 1.06r1
Logfile Created on:14 October 2006 13:15:12
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R126 12.10.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):19 total references
Win32.Trojandownloader.Zlob(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


14-10-2006 13:15:12 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Ashley\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-316843357-2820600743-1359460995-1010\software\ahead\nero wave editor\recent file list
Description : list of recently used files in nero wave editor


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-316843357-2820600743-1359460995-1010\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-316843357-2820600743-1359460995-1010\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-316843357-2820600743-1359460995-1010\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-316843357-2820600743-1359460995-1010\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-316843357-2820600743-1359460995-1010\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-316843357-2820600743-1359460995-1010\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-316843357-2820600743-1359460995-1010\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-316843357-2820600743-1359460995-1010\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-316843357-2820600743-1359460995-1010\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-316843357-2820600743-1359460995-1010\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


MRU List Object Recognized!
Location: : S-1-5-21-316843357-2820600743-1359460995-1010\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-316843357-2820600743-1359460995-1010\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-316843357-2820600743-1359460995-1010\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-316843357-2820600743-1359460995-1010\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 760
ThreadCreationTime : 14-10-2006 11:11:40
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1116
ThreadCreationTime : 14-10-2006 11:11:46
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1140
ThreadCreationTime : 14-10-2006 11:11:48
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1184
ThreadCreationTime : 14-10-2006 11:11:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1196
ThreadCreationTime : 14-10-2006 11:11:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1376
ThreadCreationTime : 14-10-2006 11:11:49
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1428
ThreadCreationTime : 14-10-2006 11:11:49
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1728
ThreadCreationTime : 14-10-2006 11:11:49
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [fws.exe]
FilePath : C:\Program Files\blueyonder\PCguard\
ProcessID : 1764
ThreadCreationTime : 14-10-2006 11:11:49
BasePriority : Normal
FileVersion : 5.5.1.4542
ProductVersion : 5.5.1.4542
ProductName : Radialpoint Security Services 5.5.1
CompanyName : Radialpoint Inc.
FileDescription : Radialpoint 5.5.1
InternalName : Radialpoint Client
LegalCopyright : Copyright © 2002-2006
LegalTrademarks : Radialpoint Inc.
OriginalFilename : Freedom.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1844
ThreadCreationTime : 14-10-2006 11:11:50
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1904
ThreadCreationTime : 14-10-2006 11:11:50
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 896
ThreadCreationTime : 14-10-2006 11:11:50
BasePriority : Normal
FileVersion : 9.35
ProductVersion : 9.35
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 916
ThreadCreationTime : 14-10-2006 11:11:51
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 924
ThreadCreationTime : 14-10-2006 11:11:51
BasePriority : Normal
FileVersion : 9.35
ProductVersion : 9.35
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:15 [cdantsrv.exe]
FilePath : C:\WINDOWS\system32\DRIVERS\
ProcessID : 152
ThreadCreationTime : 14-10-2006 11:12:00
BasePriority : Normal
FileVersion : 3.24.010
ProductVersion : 3.24.010 Windows NT 2001/10/10
ProductName : CD-Secure/CD-Compress Windows NT
CompanyName : C-Dilla Ltd
FileDescription : C-Dilla RTS Service
InternalName : CDANTSRV
LegalCopyright : Copyright © Macrovision 1993-2001
OriginalFilename : CDANTSRV.EXE
Comments : StringFileInfo: U.S. English

#:16 [clcapsvc.exe]
FilePath : C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\
ProcessID : 232
ThreadCreationTime : 14-10-2006 11:12:00
BasePriority : Normal
FileVersion : 4.05.2225
ProductVersion : 4.05.2225
ProductName : CLCapSvc Module
FileDescription : CLCapSvc Module
InternalName : CLCapSvc
LegalCopyright : Copyright 2004
OriginalFilename : CLCapSvc.EXE

#:17 [clmlserver.exe]
FilePath : C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\
ProcessID : 256
ThreadCreationTime : 14-10-2006 11:12:00
BasePriority : Normal
FileVersion : 2, 1, 0, 2221
ProductVersion : 2, 1, 0, 2221
ProductName : Cyberlink Media Library Server
CompanyName : Cyberlink
FileDescription : NT CLMLServer
InternalName : NT CLMLServer
LegalCopyright : Copyright c 2004
OriginalFilename : CLMLServer.exe

#:18 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 432
ThreadCreationTime : 14-10-2006 11:12:00
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:19 [lssrvc.exe]
FilePath : C:\Program Files\Common Files\LightScribe\
ProcessID : 528
ThreadCreationTime : 14-10-2006 11:12:00
BasePriority : Normal
FileVersion : 1.4.39.1
ProductName : LightScribe
CompanyName : Hewlett-Packard Company
LegalCopyright : © Copyright 2003-2005 Hewlett-Packard Development Company, LP
OriginalFilename : LSSrvc.exe

#:20 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 584
ThreadCreationTime : 14-10-2006 11:12:00
BasePriority : Normal
FileVersion : 6.14.10.8421
ProductVersion : 6.14.10.8421
ProductName : NVIDIA Driver Helper Service, Version 84.21
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 84.21
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:21 [richvideo.exe]
FilePath : C:\Program Files\CyberLink\Shared Files\
ProcessID : 608
ThreadCreationTime : 14-10-2006 11:12:00
BasePriority : Normal
FileVersion : 1.1.0808
ProductVersion : 1.1.0808
ProductName : RichVideo Module
FileDescription : RichVideo Module
InternalName : RichVideo
LegalCopyright : Copyright 2004
OriginalFilename : RichVideo.EXE

#:22 [wmpnetwk.exe]
FilePath : C:\Program Files\Windows Media Player\
ProcessID : 1628
ThreadCreationTime : 14-10-2006 11:12:00
BasePriority : Normal
FileVersion : 11.0.5705.5043 (WMP_11.060824-1905)
ProductVersion : 11.0.5705.5043
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Media Player Network Sharing Service
InternalName : Windows Media Player Network Sharing Service
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WMPNetwk.exe

#:23 [clsched.exe]
FilePath : C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\
ProcessID : 1104
ThreadCreationTime : 14-10-2006 11:12:01
BasePriority : Normal
FileVersion : 4.05.2225
ProductVersion : 4.05.2225
ProductName : CLSched Module
FileDescription : CLSched Module
InternalName : CLSched
LegalCopyright : Copyright 2004
OriginalFilename : CLSched.EXE

#:24 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1672
ThreadCreationTime : 14-10-2006 11:12:02
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:25 [isamonitor.exe]
FilePath : C:\Program Files\MMediaCodec\
ProcessID : 2124
ThreadCreationTime : 14-10-2006 11:12:04
BasePriority : Normal


#:26 [pmsngr.exe]
FilePath : C:\Program Files\MMediaCodec\
ProcessID : 2136
ThreadCreationTime : 14-10-2006 11:12:04
BasePriority : Normal


#:27 [rthdcpl.exe]
FilePath : C:\WINDOWS\
ProcessID : 2152
ThreadCreationTime : 14-10-2006 11:12:04
BasePriority : Normal
FileVersion : 2.0.0.8
ProductVersion : 2.0.0.8
ProductName : Realtek HD Audio Sound Effect Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek HD Audio Control Panel
LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.
OriginalFilename : RTHDCPL.EXE

#:28 [cmucreye.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2180
ThreadCreationTime : 14-10-2006 11:12:04
BasePriority : Normal
FileVersion : 1, 0, 0, 41
ProductVersion : 1, 0, 0, 41
ProductName : CmCardMonitor Application
FileDescription : CmCardMonitor MFC Application
InternalName : CmCardMonitor
LegalCopyright : Copyright © 2006
OriginalFilename : CmWatch.EXE
Comments : Xp sp1 icon sometime Do Not Appear

#:29 [mdionlcm.exe]
FilePath : C:\Program Files\Medion Info Display\
ProcessID : 2208
ThreadCreationTime : 14-10-2006 11:12:04
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 10, 11, 0, 2005
ProductName : Dritek System Inc. MdionLCM
CompanyName : Dritek System Inc.
FileDescription : LCM Controller for Medion
InternalName : MdionLCM
LegalCopyright : Copyright © 2005
OriginalFilename : MdionLCM.exe

#:30 [mhotkey.exe]
FilePath : C:\WINDOWS\
ProcessID : 2220
ThreadCreationTime : 14-10-2006 11:12:04
BasePriority : Normal
FileVersion : 3, 0, 0, 8
ProductVersion : 3, 0, 0, 0
ProductName : Multimedia Keyboard Driver
FileDescription : Multimedia Keyboard Driver
InternalName : Multimedia Hotkey Driver
LegalCopyright : Copyright © 2004.
OriginalFilename : mHotkey.res

#:31 [cnyhkey.exe]
FilePath : C:\WINDOWS\
ProcessID : 2228
ThreadCreationTime : 14-10-2006 11:12:04
BasePriority : Normal
FileVersion : 2, 2, 0, 0
ProductVersion : 2, 2, 0, 0
ProductName : Chicony Multimedia Driver
CompanyName : Chicony
FileDescription : Chicony Multimedia Driver
InternalName : Multimedia Hotkey Driver
LegalCopyright : Copyright © 2001 Chicony
OriginalFilename : mHotkey.res

#:32 [isamini.exe]
FilePath : C:\Program Files\MMediaCodec\
ProcessID : 2240
ThreadCreationTime : 14-10-2006 11:12:04
BasePriority : Normal


#:33 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2288
ThreadCreationTime : 14-10-2006 11:12:04
BasePriority : Normal
FileVersion : 0.1.0.3427
ProductVersion : 0.1.0.3427
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:34 [pdvdserv.exe]
FilePath : C:\Program Files\Home Cinema\PowerDVD\
ProcessID : 2296
ThreadCreationTime : 14-10-2006 11:12:04
BasePriority : Realtime
FileVersion : 6.00.1027
ProductVersion : 6.00.1027
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright © CyberLink Corp. 1997-2004
OriginalFilename : PDVDSERV.EXE

#:35 [pcmservice.exe]
FilePath : C:\Program Files\Home Cinema\PowerCinema\
ProcessID : 2304
ThreadCreationTime : 14-10-2006 11:12:04
BasePriority : Realtime
FileVersion : 4, 5, 0, 0
ProductVersion : 4, 5, 0, 0
ProductName : Cyberlink PowerCinema
CompanyName : CyberLink Corp.
FileDescription : CyberLink PowerCinema Resident Program
InternalName : CyberLink PowerCinema Resident Program
LegalCopyright : Copyright © 2005 CyberLink Corp.
OriginalFilename : PCMService.exe

#:36 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2324
ThreadCreationTime : 14-10-2006 11:12:04
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:37 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2340
ThreadCreationTime : 14-10-2006 11:12:05
BasePriority : Normal
FileVersion : 7.1
ProductVersion : QuickTime 7.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:38 [pcguardadvisor.exe]
FilePath : C:\Program Files\blueyonder\PCguard advisor\
ProcessID : 2352
ThreadCreationTime : 14-10-2006 11:12:05
BasePriority : Normal
FileVersion : 1.3.22.4490
ProductVersion : 1.3.22.4490
ProductName : PCguard advisor
CompanyName : blueyonder
FileDescription : blueyonder PCguard advisor
InternalName : Client Gateway
LegalCopyright : Copyright © 2005
LegalTrademarks : Radialpoint Inc.

#:39 [rps.exe]
FilePath : C:\Program Files\blueyonder\PCguard\
ProcessID : 2360
ThreadCreationTime : 14-10-2006 11:12:05
BasePriority : Normal
FileVersion : 5.5.1.4542
ProductVersion : 5.5.1.4542
ProductName : PCguard
CompanyName : blueyonder
FileDescription : blueyonder PCguard
InternalName : Radialpoint Client
LegalCopyright : Copyright © 2002-2006
LegalTrademarks : Radialpoint Inc.
OriginalFilename : Freedom.exe

#:40 [wdezlink.exe]
FilePath : C:\Program Files\Western Digital Technologies\NetCenter EasyLink\
ProcessID : 2380
ThreadCreationTime : 14-10-2006 11:12:05
BasePriority : Normal
FileVersion : 0, 1, 0, 9
ProductVersion : 0, 1, 0, 9
ProductName : WD NetCenter EasyLink
CompanyName : Western Digital Technologies
FileDescription : WD NetCenter EasyLink™
InternalName : WDEzLink
LegalCopyright : Copyright © 2005, Western Digital Technologies
OriginalFilename : WDEzLink.exe

#:41 [wcescomm.exe]
FilePath : C:\Program Files\Microsoft ActiveSync\
ProcessID : 2388
ThreadCreationTime : 14-10-2006 11:12:05
BasePriority : Normal
FileVersion : 4.1.4841.0
ProductVersion : 4.1.4841
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : ActiveSync Connection Manager
InternalName : wcescomm
LegalCopyright : Copyright © 1995-2004 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : WCESCOMM.EXE

#:42 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2408
ThreadCreationTime : 14-10-2006 11:12:05
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:43 [googletoolbarnotifier.exe]
FilePath : C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\
ProcessID : 2444
ThreadCreationTime : 14-10-2006 11:12:05
BasePriority : Normal
FileVersion : 1, 0, 720, 3640
ProductVersion : 1, 0, 720, 3640
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright © 2005-2006
OriginalFilename : GoogleToolbarNotifier.exe

#:44 [wmpnscfg.exe]
FilePath : C:\Program Files\Windows Media Player\
ProcessID : 2464
ThreadCreationTime : 14-10-2006 11:12:05
BasePriority : Normal
FileVersion : 11.0.5705.5043 (WMP_11.060824-1905)
ProductVersion : 11.0.5705.5043
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Media Player Network Sharing Service Configuration Application
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WMPNSCFG.EXE

#:45 [pmmon.exe]
FilePath : C:\Program Files\MMediaCodec\
ProcessID : 2532
ThreadCreationTime : 14-10-2006 11:12:05
BasePriority : Normal


#:46 [rapimgr.exe]
FilePath : C:\PROGRA~1\MI3AA1~1\
ProcessID : 2640
ThreadCreationTime : 14-10-2006 11:12:06
BasePriority : Normal
FileVersion : 4.1.4841.0
ProductVersion : 4.1.4841
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : ActiveSync RAPI Manager
InternalName : rapimgr
LegalCopyright : Copyright © 1995-2004 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : rapimgr.exe

#:47 [soffice.exe]
FilePath : C:\Program Files\OpenOffice.org 2.0\program\
ProcessID : 2980
ThreadCreationTime : 14-10-2006 11:12:07
BasePriority : Normal
FileVersion : 1.09.9027
ProductVersion : 1.09.9027
CompanyName : OpenOffice.org
FileDescription : OpenOffice.org 2.0
InternalName : SOFFICE
LegalCopyright : Copyright © 2005 by Sun Microsystems, Inc.
OriginalFilename : SOFFICE.EXE

#:48 [soffice.bin]
FilePath : C:\Program Files\OpenOffice.org 2.0\program\
ProcessID : 2992
ThreadCreationTime : 14-10-2006 11:12:07
BasePriority : Normal
FileVersion : 1.09.9027
ProductVersion : 1.09.9027
CompanyName : OpenOffice.org
FileDescription : OpenOffice.org 2.0
InternalName : SOFFICE
LegalCopyright : Copyright © 2005 by Sun Microsystems, Inc.
OriginalFilename : SOFFICE.EXE

#:49 [x10nets.exe]
FilePath : C:\PROGRA~1\COMMON~1\X10\Common\
ProcessID : 3176
ThreadCreationTime : 14-10-2006 11:12:10
BasePriority : Realtime
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : x10 Module
CompanyName : X10
FileDescription : X10 Module
InternalName : x10
LegalCopyright : Copyright 1999 X10
OriginalFilename : x10.exe

#:50 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3984
ThreadCreationTime : 14-10-2006 11:12:13
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:51 [dvpapi.exe]
FilePath : C:\Program Files\Common Files\Command Software\
ProcessID : 664
ThreadCreationTime : 14-10-2006 11:13:52
BasePriority : Normal


#:52 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2776
ThreadCreationTime : 14-10-2006 11:40:47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:53 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 3788
ThreadCreationTime : 14-10-2006 11:50:16
BasePriority : Normal


#:54 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1552
ThreadCreationTime : 14-10-2006 12:11:38
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{202a961f-23ae-42b1-9505-ffe3c818d717}

Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{202a961f-23ae-42b1-9505-ffe3c818d717}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 21


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
<STOP>

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21
13:18:38 Scan stopped by user

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:03:25.563
Objects scanned:110712
Objects identified:2
Objects ignored:0
New critical objects:2

Doesn't Matter Problem Resovled. I used SmitFraud.