Jump to content

nhoover

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

 Content Type 

Posts posted by nhoover

    Infected Computer at system32\userinit.exe

    in Resolved Malware Removal Logs

    Posted

    Alright I think I did it right. Used combo fix to load the windows recovery control.

    Thanks again

    here is my new hijack this report

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 11:14:39 AM, on 2/26/2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16791)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\System32\WLTRYSVC.EXE

    C:\WINDOWS\System32\bcmwltry.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

    C:\WINDOWS\eHome\ehRecvr.exe

    C:\WINDOWS\eHome\ehSched.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\PROGRA~1\AVG\AVG8\avgrsx.exe

    C:\Program Files\Canon\CAL\CALMAIN.exe

    C:\WINDOWS\system32\dllhost.exe

    C:\WINDOWS\ehome\ehtray.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\WINDOWS\system32\WLTRAY.exe

    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

    C:\WINDOWS\stsystra.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\WINDOWS\eHome\ehmsas.exe

    C:\PROGRA~1\AVG\AVG8\avgtray.exe

    C:\Program Files\NetWaiting\netWaiting.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\MSN Messenger\MsnMsgr.Exe

    C:\Documents and Settings\Kelly Hughes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    C:\Program Files\Digital Line Detect\DLG.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

    C:\WINDOWS\explorer.exe

    C:\WINDOWS\system32\notepad.exe

    C:\Documents and Settings\Kelly Hughes\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\Kelly Hughes\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061212

    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

    O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,RunDLLEntry

    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kelly Hughes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: Digital Line Detect.lnk = ?

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) - http://www.nintendo.com/consumer/systems/w...a/usbaptest.cab

    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab

    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

    O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v57/bjattack/bja.cab

    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

    O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab

    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://sympatico.zone.msn.com/bingame/chnz...mjolauncher.cab

    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

    O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

    O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

    O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe

    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --

    End of file - 11079 bytes

    here is my combofix log

    ComboFix 09-02-25.02 - Kelly Hughes 2009-02-26 10:44:21.2 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.163 [GMT -7:00]

    Running from: c:\documents and settings\Kelly Hughes\Desktop\ComboFix.exe

    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

    FW: Norton Internet Worm Protection *disabled*

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    ---- Previous Run -------

    .

    c:\windows\system32\init32.exe

    c:\windows\system32\uniq.tll

    c:\windows\system32\win32hlp.cnf

    Infected copy of c:\windows\system32\userinit.exe was found and disinfected

    Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Legacy_PACKET

    -------\Service_UACd.sys

    ((((((((((((((((((((((((( Files Created from 2009-01-26 to 2009-02-26 )))))))))))))))))))))))))))))))

    .

    2009-02-26 09:31 . 2001-08-18 05:00 438,774 --a------ C:\txtsetup.sif

    2009-02-26 09:31 . 2004-08-03 23:00 260,272 --a------ C:\$LDR$

    2009-02-26 09:28 . 2009-02-26 09:32 <DIR> d-------- C:\$WIN_NT$.~LS

    2009-02-26 09:28 . 2009-02-26 09:32 <DIR> d-------- C:\$WIN_NT$.~BT

    2009-02-25 22:21 . 2009-02-25 22:21 <DIR> d-------- c:\program files\Trend Micro

    2009-02-25 20:53 . 2009-02-25 20:53 <DIR> d-------- c:\program files\CCleaner

    2009-02-25 15:35 . 2009-02-25 15:35 <DIR> d-------- c:\documents and settings\Kelly Hughes\Application Data\Malwarebytes

    2009-02-25 15:34 . 2009-02-25 20:44 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

    2009-02-25 15:34 . 2009-02-25 15:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

    2009-02-25 15:34 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

    2009-02-25 15:34 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

    2009-02-17 10:32 . 2009-02-17 10:32 10,520 --a------ c:\windows\system32\avgrsstx.dll

    2009-02-16 06:38 . 2009-02-16 06:38 <DIR> d-------- C:\590cab40124f8aeb1706

    2009-02-13 03:03 . 2009-02-13 03:03 <DIR> d-------- c:\windows\SQL9_KB960089_ENU

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-02-26 17:35 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

    2009-02-25 01:35 --------- d-----w c:\program files\DIGStream

    2009-02-23 05:02 --------- d-----w c:\program files\Dl_cats

    2009-02-17 17:32 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys

    2009-02-13 10:10 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

    2009-02-13 10:05 --------- d-----w c:\program files\Microsoft SQL Server

    2009-01-13 00:59 4,780 ----a-w c:\documents and settings\Kelly Hughes\Application Data\wklnhst.dat

    2009-01-12 04:54 --------- d-----w c:\program files\AVG

    2009-01-12 04:31 --------- d-----w c:\program files\Dell

    2009-01-12 04:31 --------- d-----w c:\program files\Common Files\Symantec Shared

    2009-01-12 04:31 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec

    2009-01-12 04:21 --------- d--h--w c:\documents and settings\Kelly Hughes\Application Data\Gtek

    2009-01-12 04:21 --------- d--h--w c:\documents and settings\Administrator\Application Data\GTek

    2009-01-12 04:18 --------- d--h--w c:\program files\InstallShield Installation Information

    2009-01-12 04:17 --------- d-----w c:\program files\Symantec

    2009-01-12 04:08 --------- d-----w c:\program files\CyberLink

    2009-01-12 04:07 --------- d-----w c:\program files\Common Files\Real

    2009-01-12 04:06 --------- d-----w c:\program files\Yahoo!

    2009-01-12 04:06 --------- d-----w c:\documents and settings\All Users\Application Data\YAHOO

    2009-01-09 02:02 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

    2008-10-23 17:44 88 --sh--r c:\windows\system32\EBBF6A9622.sys

    2008-10-23 17:47 2,828 --sha-w c:\windows\system32\KGyGaAvL.sys

    2008-10-27 22:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102720081028\index.dat

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]

    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

    "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

    "Google Update"="c:\documents and settings\Kelly Hughes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-08 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]

    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]

    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]

    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-29 29744]

    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]

    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-15 267048]

    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720]

    "DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 73728]

    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-17 1601304]

    "SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 c:\windows\stsystra.exe]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\

    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-12 24576]

    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]

    HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

    2009-02-17 10:32 10520 c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Program Files\\Messenger\\msmsgs.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Program Files\\iTunes\\iTunes.exe"=

    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

    "c:\\Program Files\\MSN Messenger\\livecall.exe"=

    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-11 325128]

    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-17 298264]

    R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]

    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2006-12-12 29744]

    S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

    \Shell\AutoRun\command - E:\setup.exe

    .

    Contents of the 'Scheduled Tasks' folder

    2009-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3482559167-1722282797-1090083309-1006.job

    - c:\documents and settings\Kelly Hughes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-08 23:16]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.aol.com/

    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061212

    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

    DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} - hxxp://www.nintendo.com/consumer/systems/wii/en_na/usbaptest.cab

    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-02-26 10:51:40

    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    c:\windows\explorer.exe [1896] 0x84A5E990

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,RunDLLEntry???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(664)

    c:\windows\system32\Ati2evxx.dll

    c:\windows\System32\BCMLogon.dll

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\windows\system32\ati2evxx.exe

    c:\windows\system32\ati2evxx.exe

    c:\windows\system32\WLTRYSVC.EXE

    c:\windows\system32\BCMWLTRY.EXE

    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    c:\windows\ehome\ehrecvr.exe

    c:\windows\ehome\ehSched.exe

    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

    c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    c:\windows\ehome\mcrdsvc.exe

    c:\program files\AVG\AVG8\avgrsx.exe

    c:\program files\Canon\CAL\CALMAIN.exe

    c:\windows\system32\dllhost.exe

    c:\program files\ATI Technologies\ATI.ACE\CLI.exe

    c:\windows\ehome\ehmsas.exe

    c:\windows\system32\rundll32.exe

    c:\windows\system32\wscntfy.exe

    c:\program files\HP\Digital Imaging\bin\hpqgalry.exe

    c:\program files\iPod\bin\iPodService.exe

    c:\program files\ATI Technologies\ATI.ACE\CLI.exe

    c:\program files\Symantec\LiveUpdate\AUPDATE.EXE

    c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    .

    **************************************************************************

    .

    Completion time: 2009-02-26 11:02:46 - machine was rebooted [Kelly Hughes]

    ComboFix-quarantined-files.txt 2009-02-26 18:02:36

    Pre-Run: 23,856,349,184 bytes free

    Post-Run: 23,839,805,440 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

    [boot Loader]

    Timeout=2

    Default=c:\$win_nt$.~bt\BOOTSECT.DAT

    [Operating Systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Setup"

    191 --- E O F --- 2009-02-26 04:08:44

    Infected Computer at system32\userinit.exe

    in Resolved Malware Removal Logs

    Posted

    I'm trying to clean a friends computer and I'm hoping to get some help. I've gone about as far as I can.

    I get a Trojan Horse SHeur2.SEO from AVG and Malware keeps finding the same files as well.

    Thanks ahead of time for any help or insight

    Here is my Malwarebytes Quick Scan Log

    Malwarebytes' Anti-Malware 1.34

    Database version: 1804

    Windows 5.1.2600 Service Pack 3

    2/25/2009 10:36:25 PM

    mbam-log-2009-02-25 (22-36-25).txt

    Scan type: Quick Scan

    Objects scanned: 72381

    Time elapsed: 8 minute(s), 53 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 2

    Folders Infected: 0

    Files Infected: 0

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    (No malicious items detected)

    And My High Jack this log

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 10:22:13 PM, on 2/25/2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16791)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\System32\WLTRYSVC.EXE

    C:\WINDOWS\System32\bcmwltry.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\WINDOWS\Explorer.EXE

    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

    C:\WINDOWS\eHome\ehRecvr.exe

    C:\WINDOWS\eHome\ehSched.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\Program Files\Canon\CAL\CALMAIN.exe

    C:\PROGRA~1\AVG\AVG8\avgrsx.exe

    C:\WINDOWS\ehome\ehtray.exe

    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\WINDOWS\system32\WLTRAY.exe

    C:\WINDOWS\stsystra.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\PROGRA~1\AVG\AVG8\avgtray.exe

    C:\Program Files\NetWaiting\netWaiting.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\MSN Messenger\MsnMsgr.Exe

    C:\Documents and Settings\Kelly Hughes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    C:\Program Files\Digital Line Detect\DLG.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\WINDOWS\eHome\ehmsas.exe

    C:\WINDOWS\system32\dllhost.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

    C:\Program Files\AVG\AVG8\avgscanx.exe

    C:\Program Files\AVG\AVG8\avgcsrvx.exe

    C:\Program Files\AVG\AVG8\avgcsrvx.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Documents and Settings\Kelly Hughes\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\Kelly Hughes\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061212

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061212

    R3 - Default URLSearchHook is missing

    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

    O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - (no file)

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O3 - Toolbar: (no name) - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - (no file)

    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

    O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,RunDLLEntry

    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kelly Hughes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: Digital Line Detect.lnk = ?

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) - http://www.nintendo.com/consumer/systems/w...a/usbaptest.cab

    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab

    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

    O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v57/bjattack/bja.cab

    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

    O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab

    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://sympatico.zone.msn.com/bingame/chnz...mjolauncher.cab

    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

    O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

    O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

    O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe

    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --

    End of file - 11618 bytes

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.