Thread: flashing shield, alternates with blue question mark and red x, balloon pops up
View Single Post
Old 01-11-2008, 02:42 AM   #8 (permalink)
dhult
Registered User
 
Join Date: Jan 2008
Posts: 13
OS: winxp


Re: flashing shield, alternates with blue question mark and red x, balloon pops up
Thank you again for all the help. I still can not open windows normally and I get an error when i tried to download SP2. But i don't see the shield anymore! Here are the new logs....

ComboFix 08-01-09.2 - Owner 2008-01-12 3:08:14.3 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.0.1252.1.1033.18.137 [GMT -6:00]
Running from: C:\Documents and Settings\Owner.PRINCETO-F4EVBC\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner.PRINCETO-F4EVBC\Desktop\CFScript.txt

FILE
C:\WINDOWS\Registration\nurs.bak1
C:\WINDOWS\Registration\nurs.bak2
C:\WINDOWS\systeldd32.dll
C:\WINDOWS\system32\cjbougsy.ini
C:\WINDOWS\System32\ftsrch.exe
C:\WINDOWS\System32\inetcomm.exe
C:\WINDOWS\System32\ir41_qcx.exe
C:\WINDOWS\system32\rrutv.bak2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Qtbwnj
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AOLArt.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\BlueStreak.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\DataTracking.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\GifReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\LensFlares.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Mts2Reader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\ObjectMovie.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPAudio.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPExtras.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\ZoomView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetastreamID.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
C:\Program Files\Viewpoint\Viewpoint Media Player\NewClassID.ini
C:\WINDOWS\Registration\nurs.bak1
C:\WINDOWS\Registration\nurs.bak2
C:\WINDOWS\systeldd32.dll
C:\WINDOWS\system32\cjbougsy.ini
C:\WINDOWS\system32\rrutv.bak2

.
((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))
.

2008-01-10 02:22 . 2008-01-10 02:22 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-10 01:45 . 2008-01-10 01:45 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2008-01-07 22:40 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-07 22:10 . 2008-01-08 01:22 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-07 22:10 . 2008-01-07 22:10 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-07 22:10 . 2008-01-07 22:10 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-07 22:10 . 2008-01-07 22:10 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-07 22:10 . 2008-01-07 22:10 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-07 19:47 . 2008-01-07 19:47 <DIR> d-------- C:\ie-spyad_zo
2008-01-07 19:21 . 2008-01-07 19:27 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-07 18:15 . 2008-01-07 18:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-01-06 15:26 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 14:54 . 2008-01-06 15:22 <DIR> d-------- C:\Program Files\InfeStop
2008-01-06 14:54 . 2008-01-06 14:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InfeStop.com
2008-01-05 21:45 . 2008-01-05 21:45 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-01-05 21:21 . 2008-01-05 21:21 <DIR> d-------- C:\Deckard
2008-01-04 23:33 . 2008-01-06 15:21 <DIR> d-------- C:\Program Files\Spy-Rid
2008-01-04 23:33 . 2008-01-04 23:33 <DIR> d-------- C:\Documents and Settings\Owner.PRINCETO-F4EVBC\Application Data\spy-rid.com
2008-01-02 02:10 . 2008-01-07 18:18 <DIR> d-------- C:\Program Files\EasySpywareCleaner
2008-01-02 02:10 . 2008-01-02 02:10 <DIR> d-------- C:\Documents and Settings\Owner.PRINCETO-F4EVBC\Application Data\EasySpywareCleaner.com
2007-12-28 20:37 . 2007-12-28 20:37 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot
2007-12-28 18:27 . 2007-12-28 18:27 <DIR> d-------- C:\WINDOWS\Favorites
2007-12-28 17:02 . 2007-12-28 17:02 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot
2007-12-28 17:02 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-12-28 17:02 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-12-28 17:02 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-12-28 17:02 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-12-28 17:01 . 2007-12-28 17:01 <DIR> d-------- C:\Program Files\Webroot
2007-12-28 17:01 . 2007-12-28 17:01 <DIR> d-------- C:\Documents and Settings\Owner.PRINCETO-F4EVBC\Application Data\Webroot
2007-12-28 17:01 . 2007-12-28 17:01 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Webroot
2007-12-28 17:01 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2007-12-28 17:00 . 2007-12-28 19:39 164 --a------ C:\install.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-08 07:04 --------- d-----w C:\Program Files\QuickTime
2008-01-08 06:58 --------- d-----w C:\Program Files\iTunes
2008-01-08 06:57 --------- d-----w C:\Program Files\Ipovalue
2008-01-08 06:23 --------- d-----w C:\Program Files\Google
2007-12-29 02:28 --------- d-----w C:\Program Files\6cqqsf0r
2007-11-29 20:02 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-11-27 19:43 34,545 ----a-w C:\sysvqna.exe
2007-11-27 19:11 --------- d-----w C:\Program Files\iConcepts Music Express
2007-11-27 19:10 --------- d-----w C:\Program Files\NStorm
2007-11-27 07:38 4,300,414 ----a-w C:\WINDOWS\java\Packages\3BBB13J7.ZIP
2007-11-27 07:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2007-11-27 07:03 --------- d-----w C:\Program Files\EmpirePokerMaster
2007-11-27 06:53 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-11-26 19:21 --------- d-----w C:\Documents and Settings\Owner.PRINCETO-F4EVBC\Application Data\AVG7
2007-11-20 18:12 --------- d-----w C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2007-11-17 02:35 --------- d-----w C:\Program Files\Cool
2007-11-12 08:13 --------- d-----w C:\Program Files\Gateway
2007-11-12 07:15 --------- d-----w C:\Program Files\MySpace
2007-11-12 07:04 --------- d-----w C:\Program Files\FastStone Photo Resizer
2006-07-14 13:27 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2004-06-13 17:04 449 ----a-w C:\Documents and Settings\Owner.PRINCETO-F4EVBC\UpdateReg.reg
.

((((((((((((((((((((((((((((( snapshot_2008-01-10_ 2.49.07.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-10 08:42:19 245,760 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-12 09:08:01 245,760 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-10 08:42:19 12,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-12 09:08:01 12,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-10 08:42:19 241,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-12 09:08:01 241,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-10 08:42:20 12,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-12 09:08:01 12,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-10 08:42:20 5,570,560 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-12 09:08:01 5,570,560 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-10 08:42:20 40,960 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-12 09:08:01 40,960 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-10 08:42:27 253,952 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-01-12 09:08:08 253,952 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 14:00 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-30 04:30 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-07-10 03:25 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-07-10 03:13 114688]
"GWMDMMSG"="GWMDMMSG.exe" [2002-05-06 18:12 65536 C:\WINDOWS\GWMDMMSG.exe]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-09-02 20:25 675840]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-17 23:20 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-04-07 12:02 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36 36975]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40 5367608]
"SDFix"="C:\DOCUME~1\OWNER~1.PRI\Desktop\SDFix\RunThis.bat /second" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SDFix"="C:\DOCUME~1\OWNER~1.PRI\Desktop\SDFix\RunThis.bat /second" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qkihlbti]
qkihlbti.dll 2007-12-06 14:08 36928 C:\WINDOWS\system32\qkihlbti.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

S0 ccfzlgyh;ccfzlgyh;C:\WINDOWS\System32\drivers\cyjrngpt.da_ []
S1 drmProc;drmProc;C:\WINDOWS\System32\drivers\mskntmgr.sys [2005-10-20 12:56]
S2 NMSSvc;Intel(R) NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 13:36]
S3 iscFlash;iscFlash;C:\WINDOWS\SYSTEM32\DRIVERS\iscflash.sys []
S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\System32\drivers\NMSCFG.SYS [2002-05-03 13:36]
S4 svcpack;svcpack;C:\WINDOWS\System32\svcpack.exe []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 03:20:32
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\qkihlbti.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2600.0000]
-> C:\WINDOWS\system32\qkihlbti.dll
.
Completion time: 2008-01-12 3:23:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-12 09:23:03
ComboFix2.txt 2008-01-10 08:49:27
ComboFix3.txt 2008-01-08 00:11:23


Logfile of HijackThis v1.99.1
Scan saved at 3:36:00 AM, on 1/12/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Owner.PRINCETO-F4EVBC\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [SDFix] C:\DOCUME~1\OWNER~1.PRI\Desktop\SDFix\RunThis.bat /second
O4 - HKLM\..\RunOnce: [SDFix] C:\DOCUME~1\OWNER~1.PRI\Desktop\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1199756174781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1200130152984
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: qkihlbti - C:\WINDOWS\SYSTEM32\qkihlbti.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
dhult is offline