here is the virus total scan:
virus total
File windrv.sys_ received on 08.15.2008 00:40:18 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/36 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.8.15.0 2008.08.14 -
AntiVir 7.8.1.19 2008.08.14 -
Authentium 5.1.0.4 2008.08.14 -
Avast 4.8.1195.0 2008.08.14 -
AVG 8.0.0.161 2008.08.14 -
BitDefender 7.2 2008.08.15 -
CAT-QuickHeal 9.50 2008.08.14 -
ClamAV 0.93.1 2008.08.14 -
DrWeb 4.44.0.09170 2008.08.14 -
eSafe 7.0.17.0 2008.08.14 -
eTrust-Vet 31.6.6033 2008.08.15 -
Ewido 4.0 2008.08.14 -
F-Prot 4.4.4.56 2008.08.14 -
F-Secure 7.60.13501.0 2008.08.14 -
Fortinet 3.14.0.0 2008.08.14 -
GData 2.0.7306.1023 2008.08.14 -
Ikarus T3.1.1.34.0 2008.08.14 -
K7AntiVirus 7.10.415 2008.08.14 -
Kaspersky 7.0.0.125 2008.08.15 -
McAfee 5361 2008.08.14 -
Microsoft 1.3807 2008.08.15 -
NOD32v2 3357 2008.08.14 -
Norman 5.80.02 2008.08.14 -
Panda 9.0.0.4 2008.08.14 -
PCTools 4.4.2.0 2008.08.14 -
Prevx1 V2 2008.08.15 -
Rising 20.57.32.00 2008.08.14 -
Sophos 4.32.0 2008.08.14 -
Sunbelt 3.1.1542.1 2008.08.13 -
Symantec 10 2008.08.15 -
TheHacker 6.3.0.3.046 2008.08.13 -
TrendMicro 8.700.0.1004 2008.08.14 -
VBA32 3.12.8.3 2008.08.14 -
ViRobot 2008.8.14.1337 2008.08.14 -
VirusBuster 4.5.11.0 2008.08.14 -
Webwasher-Gateway 6.6.2 2008.08.14 -
Additional information
File size: 1152 bytes
MD5...: 85be02fbdf9f4405d291fcc3941555ee
SHA1..: ec4d631c77cb4562234e935bc97de7ad526a1193
SHA256: b74544d0070e181962a2f2ebbd809fb6ecb2aa8ef86f3b3ca94dfe7ba636d1ed
SHA512: 9477a44066ad37780b6863e074f9e8714c105a32c6f34d17553a9e66bac2c80e
685d177a100d2d648a9d6fe0250968c6b13b60ac28662b412ae09f684ff87ee9
PEiD..: -
PEInfo: -
here is the combofix one:
ComboFix 08-08-13.05 - Master Le 2008-08-14 18:48:02.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1039 [GMT -4:00]
Running from: C:\Users\Master Le\Downloads\ComboFix.exe
Command switches used :: C:\Users\Master Le\Documents\CFScript.txt
* Created a new restore point
FILE ::
C:\ProgramData\DUMBBOOKBOOK.hfued
C:\ProgramData\mapi heart ace.5svxqb
C:\Windows\Tasks\AdwareAlert Scheduled Scan.job
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Common Files\Symantec Shared
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
C:\ProgramData\DUMBBOOKBOOK.hfued
C:\ProgramData\each new axis love
C:\ProgramData\mapi heart ace.5svxqb
C:\Windows\Tasks\AdwareAlert Scheduled Scan.job
.
((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))
.
2008-08-14 11:04 . 2008-08-14 11:07 <DIR> d-------- C:\Users\All Users\SITEguard
2008-08-14 11:04 . 2008-08-14 11:07 <DIR> d-------- C:\ProgramData\SITEguard
2008-08-14 11:03 . 2008-08-14 11:10 <DIR> d-------- C:\Users\All Users\STOPzilla!
2008-08-14 11:03 . 2008-08-14 11:10 <DIR> d-------- C:\ProgramData\STOPzilla!
2008-08-14 11:03 . 2008-08-14 11:03 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-08-11 20:25 . 2008-08-11 20:26 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-08-11 19:37 . 2008-08-11 19:37 <DIR> d-------- C:\Program Files\QS
2008-08-11 19:21 . 2008-08-11 19:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-11 18:37 . 2008-08-11 18:37 1,152 --a------ C:\Windows\System32\windrv.sys
2008-08-11 18:25 . 2008-08-11 18:36 <DIR> d-------- C:\Users\Master Le\AppData\Roaming\Download Manager
2008-08-11 18:25 . 2005-09-23 07:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-08-07 04:37 . 2008-08-07 04:37 <DIR> d-------- C:\Program Files\Speed Gear
2008-08-07 04:37 . 2008-08-08 18:31 67 --a------ C:\Windows\SpeedGear.INI
2008-08-04 10:44 . 2008-08-11 12:52 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-08-02 19:46 . 2008-08-02 19:46 <DIR> d-------- C:\Program Files\Sierra Online
2008-08-02 07:53 . 2008-08-02 07:53 <DIR> d-------- C:\Program Files\OptiNet
2008-07-31 22:21 . 2008-07-31 22:21 <DIR> d-------- C:\Deckard
2008-07-31 07:48 . 2008-03-07 22:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-31 07:48 . 2008-03-08 00:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-07-31 07:46 . 2008-04-23 00:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-07-31 07:46 . 2008-04-23 00:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-07-31 07:46 . 2008-04-23 00:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-07-31 07:46 . 2008-04-23 00:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-07-31 00:32 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-07-31 00:31 . 2008-07-31 00:31 <DIR> d-------- C:\Program Files\Panda Security
2008-07-30 22:20 . 2008-07-30 22:20 <DIR> d-------- C:\ijji
2008-07-30 22:19 . 2008-07-30 23:32 <DIR> d--h----- C:\Users\Master Le\AppData\Roaming\ijjigame
2008-07-26 00:30 . 2008-07-26 00:30 <DIR> d-------- C:\Users\Master Le\temp
2008-07-18 21:13 . 2008-07-25 00:37 <DIR> d-------- C:\Users\All Users\Yahoo!
2008-07-18 21:13 . 2008-07-25 00:37 <DIR> d-------- C:\ProgramData\Yahoo!
2008-07-16 00:50 . 2008-08-14 16:15 316,557,365 --a------ C:\Windows\MEMORY.DMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 22:48 25,899,808 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-08-14 22:33 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-08-14 21:27 348,428 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-08-11 23:03 --------- d---a-w C:\ProgramData\TEMP
2008-08-08 14:50 --------- d-----w C:\ProgramData\WildTangent
2008-08-06 17:21 96,976 ----a-w C:\Windows\system32\drivers\klin.dat
2008-08-02 23:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-31 11:57 --------- d-----w C:\Program Files\Windows Mail
2008-07-30 22:19 --------- d-----w C:\Users\Master Le\AppData\Roaming\TeamViewer
2008-07-30 21:04 27,715 ----a-w C:\Users\Master Le\AppData\Roaming\nvModes.dat
2008-07-25 04:37 --------- d-----w C:\Users\Master Le\AppData\Roaming\Yahoo!
2008-07-24 09:55 87,855 ----a-w C:\Windows\system32\drivers\klick.dat
2008-07-24 05:28 --------- d-----w C:\Program Files\LimeWire
2008-07-20 10:52 --------- d-----w C:\Program Files\Rhapsody
2008-07-20 05:56 --------- d-----w C:\Program Files\Vongo
2008-07-19 01:12 --------- d-----w C:\Program Files\Yahoo!
2008-07-09 05:08 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-07-09 05:07 --------- d-----w C:\Program Files\DivX
2008-07-09 05:07 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-25 15:18 174 --sha-w C:\Program Files\desktop.ini
2008-06-25 15:01 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-25 15:01 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-25 15:01 --------- d-----w C:\Program Files\Windows Journal
2008-06-25 15:01 --------- d-----w C:\Program Files\Windows Defender
2008-06-25 15:01 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-25 15:01 --------- d-----w C:\Program Files\Windows Calendar
2008-06-25 14:27 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-25 14:27 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-22 11:52 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-06-19 05:38 --------- d-----w C:\Users\Master Le\AppData\Roaming\SUPERAntiSpyware.com
2008-06-19 05:38 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-19 05:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-18 17:52 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-06-15 03:44 --------- d-----w C:\Program Files\MSN Messenger
2008-06-15 03:37 --------- d-----w C:\ProgramData\WLInstaller
2008-06-11 00:07 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-06-11 00:07 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-06-11 00:07 129,784 ------w C:\Windows\System32\PxAFS.DLL
2008-06-11 00:04 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-05-22 22:18 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-01-07 01:35 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-07 01:35 32 ----a-w C:\ProgramData\ezsid.dat
2007-10-09 05:37 397,312 --sha-w C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16480_none_ef1b6bb652cf8744\WinMail.exe
.
((((((((((((((((((((((((((((( snapshot@2008-08-14_17.42.22.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-14 22:47:50 6,217,728 ----a-w C:\Windows\ERDNT\Hiv-backup\SCHEMA.DAT
- 2008-08-14 21:32:09 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-14 22:51:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-14 22:51:20 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-08-14 21:15:58 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-14 22:13:52 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-14 21:15:58 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-14 22:13:52 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-14 21:15:58 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-14 22:13:52 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-14 20:22:07 101,350 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-08-14 21:35:50 101,350 ----a-w C:\Windows\System32\perfc009.dat
- 2008-08-14 20:22:07 595,684 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-08-14 21:35:51 595,684 ----a-w C:\Windows\System32\perfh009.dat
- 2008-07-31 18:24:23 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-08-14 21:37:42 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-07-31 12:02:43 121,394,608 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-08-14 21:41:16 129,004,906 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2007-10-09 05:33:04 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16711_none_f9a209f56e9f2db7\ieapfltr.dat
+ 2007-10-09 05:33:04 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20868_none_f9fc992a87df0a97\ieapfltr.dat
+ 2008-01-19 07:34:31 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18099_none_644a1fedae5fe8d1\ieui.dll
+ 2006-11-02 08:48:55 84,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.18049_none_798eed5458a4f83c\INETRES.dll
+ 2008-01-19 07:34:22 28,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129adec4a9f41\FwRemoteSvr.dll
+ 2008-01-19 07:36:07 272,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129adec4a9f41\polstore.dll
+ 2008-01-19 07:36:55 61,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129adec4a9f41\winipsec.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-19 16:28 171448]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-17 19:27 9117696]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 16:43 729088]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 02:05 1045800]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 10:37 174872]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 21:11 176128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 14:12 17920]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-15 00:38 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-15 00:38 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 13:50 4390912 C:\Windows\RtHDVCpl.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-17 19:27 9117696]
C:\Users\Master Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2339531438-166551111-2034887889-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FD8CC398-C3F7-41BE-98A5-C6A62BB10958}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{13C9E86B-54AE-4A87-A2EF-44ED2B50EF5F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{220513BC-B2BE-4FA0-BAC9-60F5F7F74726}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{5A90CF99-4F43-41A7-BD63-833D156B1E88}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{95383F02-9BF8-4FFB-9917-671A202B8E80}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{CD4068D7-B5D6-4E40-BF0F-A5E33A97304B}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{94F144FD-51FF-47FC-9888-47B9EB6EBB2C}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D4E92348-BAF7-45C0-8F15-C60F4331067A}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F03EBEA6-16B0-45AC-BFB6-B06BA544D646}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{463360B5-9168-4A8C-99C2-D408F72A831A}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E765488D-9ED2-41D0-B75C-BA2891DE6579}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{4F907416-8D18-410E-9B55-C0A761CBA4AA}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{A48032D2-C7CB-4971-8FD4-B665D0826CD9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D54103D6-00BB-4CB1-9D76-542D3097F653}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D7188C76-240E-4127-9F4C-86FADE94EE0A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{607FBC2A-5F96-4378-8E9A-A06B40C8FB1D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{07F9FE6E-A56E-4DA7-A876-5028FC74BE5C}"= Disabled:UDP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{FDEB3E67-ED1B-482E-912B-D80EA04ECD81}"= TCP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"TCP Query User{49993D46-3BC6-49FC-9ECC-D6E538198FE0}C:\\program files\\sierra online\\freestyle street basketball(tm)\\freestyle.exe"= UDP:C:\program files\sierra online\freestyle street basketball(tm)\freestyle.exe:FreeStyle
"UDP Query User{01695722-C416-4ECB-9264-36332CBE5639}C:\\program files\\sierra online\\freestyle street basketball(tm)\\freestyle.exe"= TCP:C:\program files\sierra online\freestyle street basketball(tm)\freestyle.exe:FreeStyle
"{9B11F0D0-468A-4CD6-8C25-E75F0A0FA1D4}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B1F8CE63-83C5-42AF-B61E-051E2645C681}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{B7050A20-75FB-49F4-8D33-04046AF9E12D}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{4BF9D4D5-F3CB-4ABE-B0FC-C022DA7F237D}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"{EF3646A8-5E7F-4F5C-AFA3-B0000D963096}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A9B4D74B-5EB3-4995-9299-5DC56DDD6EAF}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{9A501247-9799-458F-9348-E343B91ECDE2}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{991E3513-38C6-4885-84B1-D6211023E9AB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{66E14813-EF68-4119-9BF4-4858BC919C1F}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C056D20E-7FC0-4CAC-965A-4EE6AC5F9522}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{584F02FE-90B1-4CF3-8E1B-7F3D9243376F}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{9CBEBEE7-AFC2-45BF-83E1-96ADA0E3AA32}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{60557793-FA9C-49E1-A394-4C80AAD27E30}C:\\users\\master le\\documents\\my received files\\stubinstaller.exe"= UDP:C:\users\master le\documents\my received files\stubinstaller.exe:stubinstaller.exe
"UDP Query User{373CE528-38C7-444D-A76D-2EED85DCD9C2}C:\\users\\master le\\documents\\my received files\\stubinstaller.exe"= TCP:C:\users\master le\documents\my received files\stubinstaller.exe:stubinstaller.exe
"{436FA3FE-1F13-4A5F-AA49-2A7139AB40D4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24]
R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2008-01-19 03:33]
R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2008-01-19 03:33]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-03-28 19:04]
S3 hcw85bda;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2006-12-01 18:41]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-08-14 18:51:24
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-14 18:53:53
ComboFix-quarantined-files.txt 2008-08-14 22:53:30
ComboFix2.txt 2008-08-14 21:44:29
Pre-Run: 55,062,233,088 bytes free
Post-Run: 55,067,123,712 bytes free
261 --- E O F --- 2008-08-08 19:58:25
here is the online Eset scanner one:
# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3357 (20080814)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=7b983c4d664f9042b2119595667044fb
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-08-15 02:22:26
# local_time=2008-08-14 10:22:26 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.0.6001 NT Service Pack 1
# scanned=1008122
# found=4
# scan_time=8487
C:\Program Files\Speed Gear\cooper.dll probably a variant of Win32/Genetik trojan 533DAF22961358183FF0AF7D5997A6E0
D:\MASTERLE-PC\Backup Set 2007-11-11 181907\Backup Files 2007-12-22 190003\Backup files 1.zip probably a variant of Win32/Agent trojan 2065E9FEE045C401AC264DADA1A217A4
D:\MASTERLE-PC\Backup Set 2007-11-11 181907\Backup Files 2007-12-22 190003\Backup files 1.zip »ZIP »C\Users\Master Le\Documents\Downloads\ALCOHOL 120% 1.9.6 + CRACK.rar probably a variant of Win32/Agent trojan 00000000000000000000000000000000
D:\MASTERLE-PC\Backup Set 2007-11-11 181907\Backup Files 2007-12-22 190003\Backup files 1.zip »ZIP »C\Users\Master Le\Documents\Downloads\ALCOHOL 120% 1.9.6 + CRACK.rar »RAR »ALCOHOL 120 1.9.6 + CRACK\Alcohol.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000
here is my new hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:42 PM, on 8/14/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder -
http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -
http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary...t.cab56907.cab
O20 - AppInit_DLLs: APSHook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 10475 bytes
thanks so much for helping