Jump to content

help malwarebytes wont remove two files


Recommended Posts

i have been fighting a virus for about a week and i have tried every thing to remove these 2 files

c:\windows\system32\drivers\mrxdavv.sys

c:\windows\system32\kwave.sys

i got these (or the other way around) through "windows anti virus pro" which is gone now but something keeps reinstalling it,

my computer

amd phenom ii x2 3.1

1 gb ddr3

windows xp pro

service pack 2

Norton antivirus 2010 beta

considering im on a tight budget and the hard drive was given to me with a fresh xp install and no disks i would love to get rid of this

i have tried:

malwarebytes

combofix

a-squared

and coping random data over all free space

here is hijack this log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:31:26 PM, on 8/24/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Pen_Tablet.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe

C:\WINDOWS\system32\Pen_Tablet.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Documents and Settings\tyler\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe

C:\Documents and Settings\tyler\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\tyler\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\tyler\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\tyler\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.0.0.115\IPSBHO.DLL

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe

O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugin/IEGetPlugin.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169835967464

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: getPlus® Installer - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\17.0.0.115\ccSvcHst.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--

End of file - 5718 bytes

Link to post
Share on other sites

Hi. :lol:

Download ComboFix from one of the locations below, and save it to your Desktop as something.exe

Double click something.exe and follow the prompts.

When finished, it shall produce a log for you. Post that log and a HijackThis log in your next reply

Note: Do not mouseclick Combofix's window while its running. That may cause it to stall

Link to post
Share on other sites

ok here they are

ComboFix 09-08-26.05 - tyler 08/26/2009 18:18.4.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.326 [GMT -5:00]

Running from: c:\documents and settings\tyler\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1351 [VPS 090826-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

AV: Sunbelt VIPRE *On-access scanning disabled* (Outdated) {964FCE60-0B18-4D30-ADD6-EB178909041C}

.

((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 )))))))))))))))))))))))))))))))

.

2009-08-25 02:49 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-08-25 02:49 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-08-25 02:49 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-08-25 02:49 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-08-25 02:49 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-08-25 02:49 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-08-25 02:49 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-08-25 02:49 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-08-25 02:49 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe

2009-08-25 02:49 . 2009-08-25 02:49 -------- d-----w- c:\program files\Alwil Software

2009-08-24 21:30 . 2009-08-24 21:31 -------- d-----w- c:\documents and settings\tyler\Local Settings\Application Data\Ahead

2009-08-24 21:16 . 2009-08-24 21:16 -------- d-----w- c:\documents and settings\tyler\Application Data\Ahead

2009-08-24 21:13 . 2009-08-24 21:30 -------- d-----w- c:\program files\Common Files\Ahead

2009-08-24 21:13 . 2009-08-24 21:13 -------- d-----w- c:\program files\Nero

2009-08-24 01:44 . 2009-08-24 01:44 -------- d-----w- c:\documents and settings\tyler\DoctorWeb

2009-08-22 19:10 . 2009-08-25 02:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-22 19:05 . 2009-08-22 19:05 -------- d-----w- c:\documents and settings\tyler\Application Data\Lavasoft

2009-08-22 18:50 . 2009-08-22 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-08-22 18:45 . 2009-08-22 18:45 -------- d---a-w- C:\!KillBox

2009-08-22 15:05 . 2009-08-22 15:05 -------- d-----w- c:\program files\Trend Micro

2009-08-22 02:27 . 2009-08-22 02:27 -------- d-----w- C:\_OTM

2009-08-19 02:53 . 2009-08-19 02:55 -------- d-----w- c:\documents and settings\tyler\Local Settings\Application Data\Tific

2009-08-19 02:53 . 2009-08-19 02:53 -------- d-----w- c:\documents and settings\tyler\Application Data\Tific

2009-08-19 02:53 . 2009-08-19 02:53 -------- d-----w- c:\documents and settings\tyler\Local Settings\Application Data\Symantec

2009-08-19 02:41 . 2009-08-19 02:41 -------- d-----w- c:\program files\Windows Sidebar

2009-08-19 02:41 . 2009-08-26 23:12 -------- d-----w- c:\program files\Norton AntiVirus

2009-08-19 02:41 . 2009-08-26 23:14 -------- d-----w- c:\program files\NortonInstaller

2009-08-19 02:41 . 2009-08-19 02:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\NortonInstaller

2009-08-19 02:01 . 2009-08-19 02:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\Norton

2009-08-17 18:27 . 2009-08-17 18:27 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories

2009-08-17 18:07 . 2009-08-17 18:07 -------- d-----w- c:\program files\XBox 360 Controller for Windows Software

2009-08-17 16:12 . 2009-08-17 16:12 -------- d--h--w- c:\windows\system32\GroupPolicy

2009-08-17 15:50 . 2009-08-17 15:50 -------- d--h--w- c:\windows\PIF

2009-08-17 15:17 . 2009-08-17 15:17 -------- d-----w- c:\documents and settings\tyler\Application Data\Malwarebytes

2009-08-17 15:17 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-17 15:17 . 2009-08-17 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-17 15:17 . 2009-08-17 15:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-17 15:17 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-16 19:58 . 2009-08-16 19:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\Sunbelt

2009-08-16 02:54 . 2009-08-19 02:47 -------- d-----w- c:\program files\a-squared Free

2009-08-10 20:54 . 2009-08-10 20:54 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)

2009-08-10 20:33 . 2009-08-10 20:33 -------- d-----w- C:\Mp3 Output

2009-08-10 20:33 . 2009-06-08 20:33 8676883 ----a-w- c:\windows\system32\mp3Media2.dll

2009-08-10 20:33 . 2009-08-10 20:33 -------- d-----w- c:\program files\Smallvideosoft

2009-08-10 20:12 . 2009-08-10 20:24 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

2009-08-10 20:12 . 2009-08-10 20:24 -------- d-----w- c:\program files\DVDVideoSoft

2009-08-08 20:06 . 2009-08-08 20:06 -------- d-----w- C:\DVDVideoSoft

2009-08-08 18:56 . 2009-08-08 18:56 -------- d-----w- c:\program files\Common Files\xing shared

2009-08-08 18:55 . 2009-08-08 18:55 -------- d-----w- c:\program files\Real

2009-08-08 17:48 . 2002-07-30 22:22 171776 ----a-r- c:\windows\system32\drivers\WMP11V27.sys

2009-08-07 03:59 . 2009-08-08 18:56 -------- d-----w- c:\program files\Common Files\Real

2009-08-07 03:59 . 2009-08-08 18:29 -------- d-----w- c:\program files\Rhapsody

2009-08-06 20:50 . 2009-08-06 20:50 303104 ----a-w- c:\documents and settings\tyler\Application Data\Google\O3D\reporter.exe

2009-08-06 20:50 . 2009-08-06 20:50 462848 ----a-w- c:\documents and settings\tyler\Application Data\Google\O3D\o3d_host.dll

2009-08-06 20:50 . 2009-08-06 20:50 5238784 ----a-w- c:\documents and settings\tyler\Application Data\Mozilla\plugins\npo3dautoplugin.dll

2009-08-06 20:29 . 2009-08-06 20:29 1507328 ----a-w- c:\documents and settings\tyler\Application Data\Mozilla\plugins\O3DExtras\swiftshader_d3d9.dll

2009-08-05 00:18 . 2007-10-23 16:27 110592 ----a-w- c:\documents and settings\tyler\Application Data\U3\temp\cleanup.exe

2009-08-04 21:46 . 2008-05-02 17:41 3493888 ---ha-w- c:\documents and settings\tyler\Application Data\U3\temp\Launchpad Removal.exe

2009-08-04 21:46 . 2009-08-06 03:37 -------- d-----w- c:\documents and settings\tyler\Application Data\U3

2009-08-01 04:52 . 2009-08-01 04:52 -------- d-----w- c:\windows\system32\wbem\Repository

2009-07-31 05:30 . 2009-07-31 05:30 -------- d-----w- c:\program files\Rage

2009-07-31 05:12 . 2009-07-31 05:12 -------- d-----w- c:\program files\Red Storm Entertainment

2009-07-28 20:43 . 2009-07-30 00:19 -------- d-----w- c:\documents and settings\tyler\Local Settings\Application Data\Roblox

2009-07-28 20:30 . 2009-08-08 03:41 -------- d-----w- c:\documents and settings\tyler\Local Settings\Application Data\RobloxDownloads

2009-07-28 20:30 . 2009-08-05 19:45 -------- d-----w- c:\documents and settings\tyler\Local Settings\Application Data\RobloxVersions

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-26 23:12 . 2009-06-18 17:30 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-08-26 22:52 . 2009-05-24 09:07 -------- d-----w- c:\documents and settings\tyler\Application Data\WTablet

2009-08-26 22:17 . 2009-05-27 00:55 -------- d---a-w- c:\documents and settings\LocalService\Application Data\WTablet

2009-08-19 02:55 . 2009-06-18 17:30 -------- d-----r- c:\documents and settings\All Users\Application Data\Symantec

2009-08-16 19:50 . 2009-06-05 22:15 -------- d-----w- c:\program files\vghd

2009-08-08 20:04 . 2009-05-25 23:24 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys

2009-08-08 20:04 . 2009-05-25 23:24 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys

2009-08-08 20:04 . 2009-05-25 23:24 88 --sh--r- c:\documents and settings\All Users\Application Data\5065FC3DDF.sys

2009-08-08 20:04 . 2009-05-25 23:24 88 --sh--r- c:\documents and settings\All Users\Application Data\5065FC3DDF.sys

2009-08-08 18:55 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2009-08-08 18:55 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2009-08-08 17:43 . 2009-05-17 04:47 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-01 05:20 . 2009-05-23 15:12 -------- d-----w- c:\program files\Drawing Hand

2009-08-01 04:56 . 2009-05-16 19:19 -------- d-----w- c:\program files\Linksys

2009-07-31 22:10 . 2007-01-29 18:33 23424 ----a-w- c:\documents and settings\tyler\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-31 17:37 . 2009-05-19 16:20 -------- d-----w- c:\program files\Microsoft Games

2009-07-31 04:09 . 2009-07-05 20:21 -------- d-----w- c:\documents and settings\tyler\Application Data\gtk-2.0

2009-07-26 21:50 . 2009-07-26 21:50 -------- d-----w- c:\program files\Cute Knight Deluxe Demo

2009-07-26 20:32 . 2009-07-26 20:32 -------- d-----w- c:\program files\Common Files\Adobe

2009-07-07 21:54 . 2009-07-06 21:14 -------- d---a-w- c:\documents and settings\tyler\Application Data\BitTorrent

2009-07-07 16:11 . 2009-07-07 16:11 -------- d-----w- c:\program files\Red Orb Entertainment

2009-07-04 19:11 . 2009-07-04 19:11 8 ----a-w- c:\windows\system32\nvModes.dat

2009-07-04 15:59 . 2009-07-04 15:48 -------- d-----w- c:\program files\SimTheme Park

2009-07-04 15:49 . 2009-07-04 15:11 285 ----a-w- c:\windows\EReg072.dat

2009-07-03 19:32 . 2009-07-03 19:32 -------- d-----w- c:\documents and settings\tyler\Application Data\Leadertech

2009-07-03 19:26 . 2009-07-03 19:26 -------- d-----w- c:\program files\Atari

2009-07-03 03:00 . 2009-07-03 02:59 -------- d-----w- c:\program files\GIMP-2.0

2009-06-21 21:12 . 2009-06-21 21:12 262144 ----a-w- c:\windows\system32\wrap_oal.dll

2009-06-21 21:12 . 2003-03-28 03:24 86016 ----a-w- c:\windows\system32\OpenAL32.dll

2009-06-18 17:17 . 2009-06-18 17:17 0 ----a-w- c:\windows\ativpsrm.bin

2009-06-16 02:25 . 2009-06-16 02:25 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-06-16 02:24 . 2009-06-16 02:24 152576 ----a-w- c:\documents and settings\tyler\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

2009-06-15 18:25 . 2009-06-15 18:25 4096 ----a-w- c:\windows\d3dx.dat

2009-06-08 01:56 . 2009-06-08 01:56 286 ----a-w- c:\windows\EReg213.dat

2009-06-05 22:25 . 2009-06-05 22:20 3 ----a-w- c:\windows\sbacknt.bin

2009-06-05 22:15 . 2009-06-05 22:15 152904 ----a-w- c:\windows\system32\vghd.scr

.

((((((((((((((((((((((((((((( SnapShot@2009-08-22_03.39.22 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-26 22:16 . 2009-08-26 22:16 16384 c:\windows\temp\Perflib_Perfdata_55c.dat

+ 2005-02-16 20:18 . 2005-02-16 20:18 90184 c:\windows\system32\NeroCo.dll

- 2007-01-26 18:19 . 2009-08-22 02:40 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2007-01-26 18:19 . 2009-08-22 14:54 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2007-01-26 18:19 . 2009-08-22 14:54 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2007-01-26 18:19 . 2009-08-22 02:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2007-01-26 18:19 . 2009-08-22 14:54 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2007-01-26 18:19 . 2009-08-22 02:40 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-08-24 21:16 . 2009-08-24 21:16 25214 c:\windows\Installer\{3C814DE3-7174-4148-A3E2-43FFC4F21033}\ARPPRODUCTICON.exe

+ 2005-08-15 17:08 . 2005-08-15 17:08 5888 c:\windows\system32\drivers\imagedrv.sys

+ 2005-09-12 21:13 . 2005-09-12 21:13 233472 c:\windows\UNRecode.exe

+ 2005-09-12 21:13 . 2005-09-12 21:13 233472 c:\windows\UNNeroVision.exe

+ 2005-09-12 21:13 . 2005-09-12 21:13 233472 c:\windows\UNNeroShowTime.exe

+ 2005-09-12 21:13 . 2005-09-12 21:13 233472 c:\windows\UNNeroMediaHome.exe

+ 2005-09-12 21:13 . 2005-09-12 21:13 233472 c:\windows\UNNeroBackItUp.exe

+ 2004-07-09 14:43 . 2004-07-09 14:43 364544 c:\windows\system32\TwnLib4.dll

+ 2004-07-26 22:16 . 2004-07-26 22:16 471040 c:\windows\system32\imagXRA7.dll

+ 2004-07-26 22:16 . 2004-07-26 22:16 262144 c:\windows\system32\imagXR7.dll

+ 2004-07-26 22:16 . 2004-07-26 22:16 476320 c:\windows\system32\imagXpr7.dll

+ 2005-08-15 17:08 . 2005-08-15 17:08 127488 c:\windows\system32\drivers\imagesrv.sys

+ 2009-08-22 14:54 . 2009-08-22 15:16 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

+ 2004-07-26 22:16 . 2004-07-26 22:16 1568768 c:\windows\system32\imagX7.dll

+ 2009-08-24 21:16 . 2009-08-24 21:16 3226112 c:\windows\Installer\30b3e.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"Google Update"="c:\documents and settings\tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-11 133104]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-16 148888]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-04 61440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-08 198160]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-12-09 18063872]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Wireless PCI Card Configuration Utility.lnk - c:\program files\Linksys\WMP11 Config Utility\WMP11CFG.exe [2009-8-1 4513280]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowOutboundPacketTooBig"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/24/2009 9:49 PM 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/24/2009 9:49 PM 20560]

R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [5/24/2009 4:06 AM 3032360]

R3 apmbatt;Microsoft APM Legacy Battery Driver;c:\windows\system32\drivers\apmbatt.sys [7/26/2009 7:40 PM 6272]

R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [1/25/2007 6:36 AM 9344]

R3 WMP11V27;Instant Wireless PCI Card V2.7 Driver;c:\windows\system32\drivers\WMP11V27.sys [8/8/2009 12:48 PM 171776]

R4 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.111\Definitions\IPSDefs\20090730.005\IDSxpx86.sys --> c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.111\Definitions\IPSDefs\20090730.005\IDSxpx86.sys [?]

R4 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1100000.073\SYMDS.SYS --> c:\windows\system32\drivers\NAV\1100000.073\SYMDS.SYS [?]

R4 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1100000.073\SYMEFA.SYS --> c:\windows\system32\drivers\NAV\1100000.073\SYMEFA.SYS [?]

S1 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]

S3 atirage;atirage;c:\windows\system32\drivers\atiragem.sys [3/15/2008 4:58 AM 70528]

S3 getPlus® Installer;getPlus® Installer;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/25/2009 4:35 PM 59552]

S3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [6/18/2009 12:28 PM 186880]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [5/24/2009 4:06 AM 15144]

--- Other Services/Drivers In Memory ---

*Deregistered* - BHDrvx86

*Deregistered* - ccHP

*Deregistered* - SRTSPX

.

Contents of the 'Scheduled Tasks' folder

2009-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-839522115-1708537768-1003Core.job

- c:\documents and settings\tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 02:06]

2009-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-839522115-1708537768-1003UA.job

- c:\documents and settings\tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 02:06]

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk

uInternet Connection Wizard,ShellNext = iexplore

IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-26 18:23

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-861567501-839522115-1708537768-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1512)

c:\program files\RocketDock\RocketDock.dll

c:\program files\Windows Media Player\wmpband.dll

c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll

c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll

c:\program files\Common Files\Ahead\Lib\MFC71U.DLL

c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2009-08-26 18:24

ComboFix-quarantined-files.txt 2009-08-26 23:24

ComboFix2.txt 2009-08-24 02:26

ComboFix3.txt 2009-08-22 15:51

ComboFix4.txt 2009-08-22 03:44

Pre-Run: 53,050,580,992 bytes free

Post-Run: 52,994,686,976 bytes free

248 --- E O F --- 2009-05-17 12:10

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:35:03 PM, on 8/26/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Pen_Tablet.exe

C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe

C:\WINDOWS\system32\Pen_Tablet.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\tyler\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\tyler\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\tyler\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\tyler\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe

O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugin/IEGetPlugin.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169835967464

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: getPlus® Installer - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--

End of file - 5624 bytes

Link to post
Share on other sites

1. Please open Notepad

  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Folder::

C:\!KillBox

C:\_OTM

Collect::

d:\FXDrv32.sys

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

  • Combofix.txt
  • A new HijackThis log.

Link to post
Share on other sites

ok here they are again

ComboFix 09-08-27.02 - tyler 08/27/2009 22:05.5.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.377 [GMT -5:00]

Running from: c:\documents and settings\tyler\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\tyler\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1351 [VPS 090827-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

AV: Sunbelt VIPRE *On-access scanning disabled* (Outdated) {964FCE60-0B18-4D30-ADD6-EB178909041C}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\!KillBox

c:\!killbox\Logs\kb.log

C:\_OTM

c:\_otm\MovedFiles\08212009_212735.log

c:\_otm\MovedFiles\08212009_212735.res

c:\_otm\MovedFiles\08212009_213450.log

c:\_otm\MovedFiles\08212009_213450.res

c:\_otm\MovedFiles\08212009_213548.log

c:\_otm\MovedFiles\08212009_213548.res

.

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))

.

2009-08-25 02:49 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-08-25 02:49 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-08-25 02:49 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-08-25 02:49 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-08-25 02:49 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-08-25 02:49 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-08-25 02:49 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-08-25 02:49 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-08-25 02:49 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe

2009-08-25 02:49 . 2009-08-25 02:49 -------- d-----w- c:\program files\Alwil Software

2009-08-24 21:30 . 2009-08-24 21:31 -------- d-----w- c:\documents and settings\tyler\Local Settings\Application Data\Ahead

2009-08-24 21:16 . 2009-08-24 21:16 -------- d-----w- c:\documents and settings\tyler\Application Data\Ahead

2009-08-24 21:13 . 2009-08-24 21:30 -------- d-----w- c:\program files\Common Files\Ahead

2009-08-24 21:13 . 2009-08-24 21:13 -------- d-----w- c:\program files\Nero

2009-08-24 01:44 . 2009-08-24 01:44 -------- d-----w- c:\documents and settings\tyler\DoctorWeb

2009-08-22 19:10 . 2009-08-25 02:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-22 19:05 . 2009-08-22 19:05 -------- d-----w- c:\documents and settings\tyler\Application Data\Lavasoft

2009-08-22 18:50 . 2009-08-22 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-08-22 15:05 . 2009-08-22 15:05 -------- d-----w- c:\program files\Trend Micro

2009-08-19 02:53 . 2009-08-19 02:55 -------- d-----w- c:\documents and settings\tyler\Local Settings\Application Data\Tific

2009-08-19 02:53 . 2009-08-19 02:53 -------- d-----w- c:\documents and settings\tyler\Application Data\Tific

2009-08-19 02:53 . 2009-08-19 02:53 -------- d-----w- c:\documents and settings\tyler\Local Settings\Application Data\Symantec

2009-08-19 02:41 . 2009-08-19 02:41 -------- d-----w- c:\program files\Windows Sidebar

2009-08-19 02:41 . 2009-08-19 02:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\NortonInstaller

2009-08-19 02:01 . 2009-08-27 21:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\Norton

2009-08-17 18:27 . 2009-08-17 18:27 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories

2009-08-17 18:07 . 2009-08-17 18:07 -------- d-----w- c:\program files\XBox 360 Controller for Windows Software

2009-08-17 16:12 . 2009-08-17 16:12 -------- d--h--w- c:\windows\system32\GroupPolicy

2009-08-17 15:50 . 2009-08-17 15:50 -------- d--h--w- c:\windows\PIF

2009-08-17 15:17 . 2009-08-17 15:17 -------- d-----w- c:\documents and settings\tyler\Application Data\Malwarebytes

2009-08-17 15:17 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-17 15:17 . 2009-08-17 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-17 15:17 . 2009-08-17 15:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-17 15:17 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-16 19:58 . 2009-08-16 19:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\Sunbelt

2009-08-16 02:54 . 2009-08-19 02:47 -------- d-----w- c:\program files\a-squared Free

2009-08-10 20:54 . 2009-08-10 20:54 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)

2009-08-10 20:33 . 2009-08-10 20:33 -------- d-----w- C:\Mp3 Output

2009-08-10 20:33 . 2009-06-08 20:33 8676883 ----a-w- c:\windows\system32\mp3Media2.dll

2009-08-10 20:33 . 2009-08-10 20:33 -------- d-----w- c:\program files\Smallvideosoft

2009-08-10 20:12 . 2009-08-10 20:24 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

2009-08-10 20:12 . 2009-08-10 20:24 -------- d-----w- c:\program files\DVDVideoSoft

2009-08-08 20:06 . 2009-08-08 20:06 -------- d-----w- C:\DVDVideoSoft

2009-08-08 18:56 . 2009-08-08 18:56 -------- d-----w- c:\program files\Common Files\xing shared

2009-08-08 18:55 . 2009-08-08 18:55 -------- d-----w- c:\program files\Real

2009-08-08 17:48 . 2002-07-30 22:22 171776 ----a-r- c:\windows\system32\drivers\WMP11V27.sys

2009-08-07 03:59 . 2009-08-08 18:56 -------- d-----w- c:\program files\Common Files\Real

2009-08-07 03:59 . 2009-08-08 18:29 -------- d-----w- c:\program files\Rhapsody

2009-08-06 20:50 . 2009-08-06 20:50 303104 ----a-w- c:\documents and settings\tyler\Application Data\Google\O3D\reporter.exe

2009-08-06 20:50 . 2009-08-06 20:50 462848 ----a-w- c:\documents and settings\tyler\Application Data\Google\O3D\o3d_host.dll

2009-08-06 20:50 . 2009-08-06 20:50 5238784 ----a-w- c:\documents and settings\tyler\Application Data\Mozilla\plugins\npo3dautoplugin.dll

2009-08-06 20:29 . 2009-08-06 20:29 1507328 ----a-w- c:\documents and settings\tyler\Application Data\Mozilla\plugins\O3DExtras\swiftshader_d3d9.dll

2009-08-05 00:18 . 2007-10-23 16:27 110592 ----a-w- c:\documents and settings\tyler\Application Data\U3\temp\cleanup.exe

2009-08-04 21:46 . 2008-05-02 17:41 3493888 ---ha-w- c:\documents and settings\tyler\Application Data\U3\temp\Launchpad Removal.exe

2009-08-04 21:46 . 2009-08-06 03:37 -------- d-----w- c:\documents and settings\tyler\Application Data\U3

2009-08-01 04:52 . 2009-08-01 04:52 -------- d-----w- c:\windows\system32\wbem\Repository

2009-07-31 05:30 . 2009-07-31 05:30 -------- d-----w- c:\program files\Rage

2009-07-31 05:12 . 2009-07-31 05:12 -------- d-----w- c:\program files\Red Storm Entertainment

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-28 02:20 . 2009-07-05 20:21 -------- d-----w- c:\documents and settings\tyler\Application Data\gtk-2.0

2009-08-27 21:03 . 2009-05-24 09:07 -------- d-----w- c:\documents and settings\tyler\Application Data\WTablet

2009-08-27 21:00 . 2009-05-27 00:55 -------- d---a-w- c:\documents and settings\LocalService\Application Data\WTablet

2009-08-26 23:12 . 2009-06-18 17:30 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-08-19 02:55 . 2009-06-18 17:30 -------- d-----r- c:\documents and settings\All Users\Application Data\Symantec

2009-08-16 19:50 . 2009-06-05 22:15 -------- d-----w- c:\program files\vghd

2009-08-08 20:04 . 2009-05-25 23:24 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys

2009-08-08 20:04 . 2009-05-25 23:24 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys

2009-08-08 20:04 . 2009-05-25 23:24 88 --sh--r- c:\documents and settings\All Users\Application Data\5065FC3DDF.sys

2009-08-08 20:04 . 2009-05-25 23:24 88 --sh--r- c:\documents and settings\All Users\Application Data\5065FC3DDF.sys

2009-08-08 18:55 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2009-08-08 18:55 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2009-08-08 17:43 . 2009-05-17 04:47 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-01 05:20 . 2009-05-23 15:12 -------- d-----w- c:\program files\Drawing Hand

2009-08-01 04:56 . 2009-05-16 19:19 -------- d-----w- c:\program files\Linksys

2009-07-31 22:10 . 2007-01-29 18:33 23424 ----a-w- c:\documents and settings\tyler\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-31 17:37 . 2009-05-19 16:20 -------- d-----w- c:\program files\Microsoft Games

2009-07-26 21:50 . 2009-07-26 21:50 -------- d-----w- c:\program files\Cute Knight Deluxe Demo

2009-07-26 20:32 . 2009-07-26 20:32 -------- d-----w- c:\program files\Common Files\Adobe

2009-07-07 21:54 . 2009-07-06 21:14 -------- d---a-w- c:\documents and settings\tyler\Application Data\BitTorrent

2009-07-07 16:11 . 2009-07-07 16:11 -------- d-----w- c:\program files\Red Orb Entertainment

2009-07-04 19:11 . 2009-07-04 19:11 8 ----a-w- c:\windows\system32\nvModes.dat

2009-07-04 15:59 . 2009-07-04 15:48 -------- d-----w- c:\program files\SimTheme Park

2009-07-04 15:49 . 2009-07-04 15:11 285 ----a-w- c:\windows\EReg072.dat

2009-07-03 19:32 . 2009-07-03 19:32 -------- d-----w- c:\documents and settings\tyler\Application Data\Leadertech

2009-07-03 19:26 . 2009-07-03 19:26 -------- d-----w- c:\program files\Atari

2009-07-03 03:00 . 2009-07-03 02:59 -------- d-----w- c:\program files\GIMP-2.0

2009-06-21 21:12 . 2009-06-21 21:12 262144 ----a-w- c:\windows\system32\wrap_oal.dll

2009-06-21 21:12 . 2003-03-28 03:24 86016 ----a-w- c:\windows\system32\OpenAL32.dll

2009-06-18 17:17 . 2009-06-18 17:17 0 ----a-w- c:\windows\ativpsrm.bin

2009-06-16 02:25 . 2009-06-16 02:25 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-06-16 02:24 . 2009-06-16 02:24 152576 ----a-w- c:\documents and settings\tyler\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

2009-06-15 18:25 . 2009-06-15 18:25 4096 ----a-w- c:\windows\d3dx.dat

2009-06-08 01:56 . 2009-06-08 01:56 286 ----a-w- c:\windows\EReg213.dat

2009-06-05 22:25 . 2009-06-05 22:20 3 ----a-w- c:\windows\sbacknt.bin

2009-06-05 22:15 . 2009-06-05 22:15 152904 ----a-w- c:\windows\system32\vghd.scr

.

((((((((((((((((((((((((((((( SnapShot@2009-08-22_03.39.22 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-27 21:00 . 2009-08-27 21:00 16384 c:\windows\temp\Perflib_Perfdata_4f8.dat

+ 2005-02-16 20:18 . 2005-02-16 20:18 90184 c:\windows\system32\NeroCo.dll

- 2007-01-26 18:19 . 2009-08-22 02:40 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2007-01-26 18:19 . 2009-08-22 14:54 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2007-01-26 18:19 . 2009-08-22 14:54 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2007-01-26 18:19 . 2009-08-22 02:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2007-01-26 18:19 . 2009-08-22 14:54 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2007-01-26 18:19 . 2009-08-22 02:40 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-08-24 21:16 . 2009-08-24 21:16 25214 c:\windows\Installer\{3C814DE3-7174-4148-A3E2-43FFC4F21033}\ARPPRODUCTICON.exe

+ 2005-08-15 17:08 . 2005-08-15 17:08 5888 c:\windows\system32\drivers\imagedrv.sys

+ 2005-09-12 21:13 . 2005-09-12 21:13 233472 c:\windows\UNRecode.exe

+ 2005-09-12 21:13 . 2005-09-12 21:13 233472 c:\windows\UNNeroVision.exe

+ 2005-09-12 21:13 . 2005-09-12 21:13 233472 c:\windows\UNNeroShowTime.exe

+ 2005-09-12 21:13 . 2005-09-12 21:13 233472 c:\windows\UNNeroMediaHome.exe

+ 2005-09-12 21:13 . 2005-09-12 21:13 233472 c:\windows\UNNeroBackItUp.exe

+ 2004-07-09 14:43 . 2004-07-09 14:43 364544 c:\windows\system32\TwnLib4.dll

+ 2004-07-26 22:16 . 2004-07-26 22:16 471040 c:\windows\system32\imagXRA7.dll

+ 2004-07-26 22:16 . 2004-07-26 22:16 262144 c:\windows\system32\imagXR7.dll

+ 2004-07-26 22:16 . 2004-07-26 22:16 476320 c:\windows\system32\imagXpr7.dll

+ 2005-08-15 17:08 . 2005-08-15 17:08 127488 c:\windows\system32\drivers\imagesrv.sys

+ 2009-08-22 14:54 . 2009-08-22 15:16 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

+ 2004-07-26 22:16 . 2004-07-26 22:16 1568768 c:\windows\system32\imagX7.dll

+ 2009-08-24 21:16 . 2009-08-24 21:16 3226112 c:\windows\Installer\30b3e.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"Google Update"="c:\documents and settings\tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-11 133104]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-16 148888]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-04 61440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-08 198160]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-12-09 18063872]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Wireless PCI Card Configuration Utility.lnk - c:\program files\Linksys\WMP11 Config Utility\WMP11CFG.exe [2009-8-1 4513280]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowOutboundPacketTooBig"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/24/2009 9:49 PM 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/24/2009 9:49 PM 20560]

R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [5/24/2009 4:06 AM 3032360]

R3 apmbatt;Microsoft APM Legacy Battery Driver;c:\windows\system32\drivers\apmbatt.sys [7/26/2009 7:40 PM 6272]

R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [1/25/2007 6:36 AM 9344]

R3 WMP11V27;Instant Wireless PCI Card V2.7 Driver;c:\windows\system32\drivers\WMP11V27.sys [8/8/2009 12:48 PM 171776]

S1 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]

S3 atirage;atirage;c:\windows\system32\drivers\atiragem.sys [3/15/2008 4:58 AM 70528]

S3 getPlus® Installer;getPlus® Installer;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/25/2009 4:35 PM 59552]

S3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [6/18/2009 12:28 PM 186880]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [5/24/2009 4:06 AM 15144]

.

Contents of the 'Scheduled Tasks' folder

2009-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-839522115-1708537768-1003Core.job

- c:\documents and settings\tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 02:06]

2009-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-839522115-1708537768-1003UA.job

- c:\documents and settings\tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 02:06]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk

uInternet Connection Wizard,ShellNext = iexplore

IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-27 22:09

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-861567501-839522115-1708537768-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(540)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2009-08-28 22:10

ComboFix-quarantined-files.txt 2009-08-28 03:10

ComboFix2.txt 2009-08-26 23:24

ComboFix3.txt 2009-08-24 02:26

ComboFix4.txt 2009-08-22 15:51

ComboFix5.txt 2009-08-28 03:03

Pre-Run: 52,839,071,744 bytes free

Post-Run: 52,780,048,384 bytes free

235 --- E O F --- 2009-05-17 12:10

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:11:02 PM, on 8/27/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Pen_Tablet.exe

C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe

C:\WINDOWS\system32\Pen_Tablet.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\imapi.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe

O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugin/IEGetPlugin.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169835967464

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: getPlus® Installer - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--

End of file - 5279 bytes

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.