Thread: Win32.Trojan.RX
View Single Post
Old 04-26-2007, 02:02 PM   #8 (permalink)
ThePaper88
Registered User
 
Join Date: Apr 2007
Posts: 15
OS: Windows XP


Re: Win32.Trojan.RX
Haha, don't worry about it. I probably should have known it was "move" and not "clean". I can't complain at all because of how wonderfully this is working. A lot of the errors seem to have ceased, I can even get into my Task manager! However it also seems like some settings have reset? For instance my clock is back on the default military time setting; I don't have a problem with this, just thought it was kind of cool how that works. lol

ComboFix seems to make my "AntiVir" program angry; It's accusing it of being a Virus or something.


Quote:
C:\WINDOWS\system32\msnhlp32.dll unregistered successfully.
C:\WINDOWS\system32\msnhlp32.dll moved successfully.
C:\WINDOWS\system32\tmrsrv32.exe moved successfully.
C:\WINDOWS\system32\idleserv.exe moved successfully.
C:\WINDOWS\sysrlb32.exe moved successfully.
C:\WINDOWS\Biprep.exe moved successfully.
C:\WINDOWS\mssvr.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\2020search2.dll
C:\WINDOWS\2020search2.dll NOT unregistered.
C:\WINDOWS\2020search2.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search.dll NOT unregistered.
C:\WINDOWS\2020search.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\bi.dll
C:\WINDOWS\bi.dll NOT unregistered.
C:\WINDOWS\bi.dll moved successfully.
File/Folder C:\WINDOWS\loader.exe not found.
C:\WINDOWS\system32\stfv.bin moved successfully.
C:\WINDOWS\vxddsk.exe moved successfully.
C:\WINDOWS\system32\vxddsk.exe moved successfully.
C:\WINDOWS\satmat.exe moved successfully.
C:\WINDOWS\SUSP.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\MSIXU.DLL
C:\WINDOWS\system32\MSIXU.DLL NOT unregistered.
C:\WINDOWS\system32\MSIXU.DLL moved successfully.
File/Folder C:\WINDOWS\system32\idleserv.exe not found.
C:\WINDOWS\stcloader.exe moved successfully.
C:\WINDOWS\salm.exe moved successfully.
C:\WINDOWS\updatetc.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\saiemod.dll
C:\WINDOWS\saiemod.dll NOT unregistered.
C:\WINDOWS\saiemod.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\cdsm32.dll
C:\WINDOWS\cdsm32.dll NOT unregistered.
C:\WINDOWS\cdsm32.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\mspphe.dll
C:\WINDOWS\mspphe.dll NOT unregistered.
C:\WINDOWS\mspphe.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\flt.dll
C:\WINDOWS\flt.dll NOT unregistered.
C:\WINDOWS\flt.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\bjam.dll
C:\WINDOWS\bjam.dll NOT unregistered.
C:\WINDOWS\bjam.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\7search.dll
C:\WINDOWS\7search.dll NOT unregistered.
C:\WINDOWS\7search.dll moved successfully.
C:\WINDOWS\180ax.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\swin32.dll
C:\WINDOWS\swin32.dll NOT unregistered.
C:\WINDOWS\swin32.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\voiceip.dll
C:\WINDOWS\voiceip.dll NOT unregistered.
C:\WINDOWS\voiceip.dll moved successfully.
File/Folder C:\WINDOWS\system32\tmrsrv32.exe not found.
LoadLibrary failed for C:\WINDOWS\pbar.dll
C:\WINDOWS\pbar.dll NOT unregistered.
C:\WINDOWS\pbar.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\WER8274.DLL
C:\WINDOWS\system32\WER8274.DLL NOT unregistered.
C:\WINDOWS\system32\WER8274.DLL moved successfully.
C:\WINDOWS\system32\user_32.dll unregistered successfully.
C:\WINDOWS\system32\user_32.dll moved successfully.
C:\WINDOWS\system32\gtv_sd.bin moved successfully.
C:\WINDOWS\bokja.exe moved successfully.
File/Folder C:\WINDOWS\system32\msnhlp32.dll not found.
C:\WINDOWS\mgrab.exe moved successfully.
C:\WINDOWS\ul.exe moved successfully.
C:\WINDOWS\system32\692D963F.exe moved successfully.
File/Folder C:\WINDOWS\installer.exe not found.
C:\WINDOWS\system32\bfmoxrnvva_nav.dat moved successfully.
C:\WINDOWS\ifinst27.exe moved successfully.
C:\Program Files\SpyAway moved successfully.

Created on 04-26-2007 15:11:25

Quote:
"The Paper (Host)" - 07-04-26 15:38:15 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\PROGRA~1\MOZILL~1\"


((((((((((((((((((((((((((((((( Files Created from 2007-03-26 to 2007-04-26 ))))))))))))))))))))))))))))))))))


2007-04-26 02:50 <DIR> d-------- C:\DOCUME~1\THEPAP~1\DoctorWeb
2007-04-26 02:48 <DIR> d-------- C:\WINDOWS\CSC
2007-04-25 17:31 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-04-25 16:41 <DIR> d-------- C:\Program Files\CCleaner
2007-04-24 17:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-23 23:31 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-04-23 23:31 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-04-23 23:31 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-04-23 23:31 <DIR> d-------- C:\Program Files\Alwil Software
2007-04-23 06:26 29,696 --a------ C:\WINDOWS\system32\wml.exe
2007-04-23 06:26 28,672 --a------ C:\WINDOWS\wml.exe
2007-04-23 06:26 12 --a------ C:\WINDOWS\system32\sl.bin
2007-04-20 11:55 196,608 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-04-20 11:55 1,040,384 --a------ C:\WINDOWS\system32\libeay32.dll
2007-04-18 09:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-18 09:58 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-18 09:58 <DIR> d-------- C:\DOCUME~1\THEPAP~1\APPLIC~1\Lavasoft
2007-04-09 16:09 <DIR> d-------- C:\DOCUME~1\THEPAP~1\havenROp
2007-04-08 14:18 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-04-08 14:18 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-04-08 14:18 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-04-08 14:18 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-04-08 14:18 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-04-08 14:18 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-04-08 14:18 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-04-08 14:18 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-04-08 14:18 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-04-08 14:18 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-04-08 14:15 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-04-08 13:26 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-04-08 13:18 <DIR> d-------- C:\Program Files\Lineage II
2007-04-03 19:24 <DIR> d-------- C:\DOCUME~1\THEPAP~1\APPLIC~1\Ventrilo
2007-04-03 19:23 <DIR> d-------- C:\Program Files\Ventrilo
2007-04-03 19:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-03 13:43 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-03 13:05 <DIR> d-------- C:\Dell
2007-04-03 12:00 <DIR> d-------- C:\Program Files\ATI Technologies
2007-04-03 11:59 <DIR> d-------- C:\ATI
2007-04-03 10:12 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-04-03 10:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-03 09:02 <DIR> d-------- C:\Program Files\Silkroad
2007-03-28 00:43 <DIR> d-------- C:\Program Files\Neat Image


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. A rootkit scan is required
Rootkit driver pe386 is present. ... attempting disinfection
msguard ...... driver unloaded successfully.

2007-04-26 15:39 -------- d-------- C:\DOCUME~1\THEPAP~1\APPLIC~1\skype
2007-04-18 14:01 -------- d-------- C:\Program Files\mirc
2007-04-08 13:18 -------- d--h----- C:\Program Files\installshield installation information
2007-03-23 17:31 1423 --a------ C:\WINDOWS\mozver.dat
2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-08 06:14 -------- d-------- C:\DOCUME~1\THEPAP~1\APPLIC~1\vlc
2007-03-08 05:28 -------- d-------- C:\Program Files\videolan
2007-01-24 18:58 62 --ahs---- C:\DOCUME~1\THEPAP~1\APPLIC~1\desktop.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIModeChange"="Ati2mdxx.exe"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"CoolSwitch"="C:\\WINDOWS\\system32\\taskswitch.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\Setup]
"Registrando Panda ActiveX"="C:\\WINDOWS\\system32\\regsvr32.exe /s C:\\WINDOWS\\system32\\ActiveScan\\as.dll"
"Registrando Panda Almacen"="C:\\WINDOWS\\system32\\regsvr32.exe /s C:\\WINDOWS\\system32\\ActiveScan\\pavpz.dll"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0


********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-26 15:57:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-26 15:58:27 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-04-26 15:58




Quote:
Logfile of HijackThis v1.99.1
Scan saved at 15:34, on 07-04-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Documents and Settings\The Paper (Host)\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1033
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {EEFBE5D6-FEFF-4CB4-AA26-6A464090CB89} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
ThePaper88 is offline