Help - Search - Members - Calendar
Full Version: jiwsxh39.exe and Combo Fix log
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
Yoshi
Nov 12 2008, 11:37 AM
Hello Evryone :)
Mr.LoPhatPhuud...i saw a topic, and im infected with jiwsxh39.exe
ComboFix Log...
I followed the method upto creating the log, what to do next?


THIS IS THE COMBOFIX LOG

ComboFix 08-11-11.01 - Shuvo 2008-11-12 17:05:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1329 [GMT 6:00]
Running from: c:\documents and settings\Shuvo\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\documents and settings\All Users\Application Data\Starware317
c:\documents and settings\All Users\Application Data\Starware317\buttons\FindIt.bmp
c:\documents and settings\All Users\Application Data\Starware317\buttons\FindItHot.bmp
c:\documents and settings\All Users\Application Data\Starware317\buttons\findithotxp.png
c:\documents and settings\All Users\Application Data\Starware317\buttons\finditxp.png
c:\documents and settings\All Users\Application Data\Starware317\buttons\Highlight.bmp
c:\documents and settings\All Users\Application Data\Starware317\buttons\HighlightHot.bmp
c:\documents and settings\All Users\Application Data\Starware317\buttons\highlighthotxp.png
c:\documents and settings\All Users\Application Data\Starware317\buttons\highlightxp.png
c:\documents and settings\All Users\Application Data\Starware317\buttons\logo.bmp
c:\documents and settings\All Users\Application Data\Starware317\buttons\logoxp.bmp
c:\documents and settings\All Users\Application Data\Starware317\buttons\Reference.bmp
c:\documents and settings\All Users\Application Data\Starware317\buttons\ReferenceHot.bmp
c:\documents and settings\All Users\Application Data\Starware317\buttons\referencehotxp.png
c:\documents and settings\All Users\Application Data\Starware317\buttons\referencexp.png
c:\documents and settings\All Users\Application Data\Starware317\buttons\smiley.bmp
c:\documents and settings\All Users\Application Data\Starware317\buttons\smileyxp.png
c:\documents and settings\All Users\Application Data\Starware317\buttons\Weather.bmp
c:\documents and settings\All Users\Application Data\Starware317\buttons\weatherhotxp.png
c:\documents and settings\All Users\Application Data\Starware317\buttons\weatherxp.png
c:\documents and settings\All Users\Application Data\Starware317\contexts\Error.xml
c:\documents and settings\All Users\Application Data\Starware317\contexts\Related.xml
c:\documents and settings\All Users\Application Data\Starware317\contexts\Travel.xml
c:\documents and settings\All Users\Application Data\Starware317\Games\images\active\Games0.bmp
c:\documents and settings\All Users\Application Data\Starware317\images\clear.bmp
c:\documents and settings\All Users\Application Data\Starware317\images\cloudy.bmp
c:\documents and settings\All Users\Application Data\Starware317\images\foggy.bmp
c:\documents and settings\All Users\Application Data\Starware317\images\mcloud.bmp
c:\documents and settings\All Users\Application Data\Starware317\images\nclear.bmp
c:\documents and settings\All Users\Application Data\Starware317\images\ncloudy.bmp
c:\documents and settings\All Users\Application Data\Starware317\images\nfoggy.bmp
c:\documents and settings\All Users\Application Data\Starware317\images\nmcloud.bmp
c:\documents and settings\All Users\Application Data\Starware317\images\nnoicon.bmp
c:\documents and settings\All Users\Application Data\Starware317\images\noicon.bmp
c:\documents and settings\All Users\Application Data\Starware317\images\npcloud.bmp
c:\documents and settings\All Users\Application Data\Starware317\images\nrain.bmp
c:\documents and settings\All Users\Application Data\Starware317\images\ntstorm.bmp
c:\documents and settings\All Users\Application Data\Starware317\images\pcloud.bmp
c:\documents and settings\All Users\Application Data\Starware317\images\walertXP.bmp
c:\documents and settings\All Users\Application Data\Starware317\Movies\images\active\Movies0.bmp
c:\documents and settings\All Users\Application Data\Starware317\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
c:\documents and settings\All Users\Application Data\Starware317\SimpleUpdate\ProductMessagingConfig.xml
c:\documents and settings\All Users\Application Data\Starware317\SimpleUpdate\ProductMessagingConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware317\SimpleUpdate\SimpleUpdateConfig.xml
c:\documents and settings\All Users\Application Data\Starware317\SimpleUpdate\SimpleUpdateConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware317\SimpleUpdate\TimerManagerConfig.xml
c:\documents and settings\All Users\Application Data\Starware317\SimpleUpdate\TimerManagerConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware317\Tem2856.tmp
c:\documents and settings\All Users\Application Data\Starware317\Tem2F5F.tmp
c:\documents and settings\All Users\Application Data\Starware317\U23DD4380.exe
c:\documents and settings\All Users\Application Data\Starware317\U23DDF099.exe
c:\documents and settings\All Users\Documents\Adobe PDF\Data\Desktop_.ini
c:\documents and settings\All Users\Documents\Adobe PDF\Desktop_.ini
c:\documents and settings\All Users\Documents\Adobe PDF\Example Files\Desktop_.ini
c:\documents and settings\All Users\Documents\Adobe PDF\Extras\Desktop_.ini
c:\documents and settings\All Users\Documents\Adobe PDF\Settings\Desktop_.ini
c:\documents and settings\All Users\Documents\Adobe PDF\Startup\Desktop_.ini
c:\documents and settings\All Users\Documents\Monolith Productions\Desktop_.ini
c:\documents and settings\All Users\Documents\Monolith Productions\FEAR\Custom\CompressedArch\Desktop_.ini
c:\documents and settings\All Users\Documents\Monolith Productions\FEAR\Custom\Desktop_.ini
c:\documents and settings\All Users\Documents\Monolith Productions\FEAR\Desktop_.ini
c:\documents and settings\All Users\Documents\Monolith Productions\FEAR\Profiles\Desktop_.ini
c:\documents and settings\All Users\Documents\Monolith Productions\FEAR\Save\Desktop_.ini
c:\documents and settings\All Users\Documents\Monolith Productions\FEAR\Save\Profile001\Desktop_.ini
c:\documents and settings\All Users\Documents\Monolith Productions\FEAR\Save\Profile001\SinglePlayer\Checkpoint\Desktop_.ini
c:\documents and settings\All Users\Documents\Monolith Productions\FEAR\Save\Profile001\SinglePlayer\Checkpoint\Working\Desktop_.ini
c:\documents and settings\All Users\Documents\Monolith Productions\FEAR\Save\Profile001\SinglePlayer\Desktop_.ini
c:\documents and settings\All Users\Documents\Monolith Productions\FEAR\Save\Profile001\SinglePlayer\QuickSave\Desktop_.ini
c:\documents and settings\All Users\Documents\Monolith Productions\FEAR\Save\Profile001\SinglePlayer\QuickSave\Working\Desktop_.ini
c:\documents and settings\All Users\Documents\Monolith Productions\FEAR\Save\Profile001\SinglePlayer\Reload\Desktop_.ini
c:\documents and settings\All Users\Documents\Monolith Productions\FEAR\Save\Profile001\SinglePlayer\Reload\Working\Desktop_.ini
c:\documents and settings\All Users\Documents\Monolith Productions\FEAR\Save\Profile001\SinglePlayer\Slot01\Desktop_.ini
c:\documents and settings\All Users\Documents\Monolith Productions\FEAR\Save\Profile001\SinglePlayer\Slot01\Working\Desktop_.ini
c:\documents and settings\All Users\Documents\Monolith Productions\FEAR\Save\Profile001\SinglePlayer\Slot02\Desktop_.ini
c:\documents and settings\All Users\Documents\Monolith Productions\FEAR\Save\Profile001\SinglePlayer\Slot02\Working\Desktop_.ini
c:\documents and settings\All Users\Documents\Monolith Productions\FEAR\Save\Profile001\SinglePlayer\Working\Desktop_.ini
c:\documents and settings\All Users\Documents\Monolith Productions\FEAR\ServerOptions\Desktop_.ini
c:\documents and settings\All Users\Documents\Monolith Productions\FEARPreSale\Desktop_.ini
c:\documents and settings\All Users\Documents\My Music\01.Adnan sami\Desktop_.ini
c:\documents and settings\All Users\Documents\My Music\Desktop_.ini
c:\documents and settings\All Users\Documents\My Pictures\Desktop_.ini
c:\documents and settings\All Users\Documents\My Pictures\Sample Pictures\Desktop_.ini
c:\documents and settings\All Users\Documents\My Videos\Desktop_.ini
c:\documents and settings\Guest\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\documents and settings\Shuvo\Application Data\Starware317
c:\documents and settings\Shuvo\Application Data\Starware317\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Shuvo\Application Data\Starware317\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Shuvo\Application Data\Starware317\Configurator\Configurator.xml
c:\documents and settings\Shuvo\Application Data\Starware317\Configurator\Configurator.xml.backup
c:\documents and settings\Shuvo\Application Data\Starware317\ErrorSearch\ErrorSearchOptions.xml
c:\documents and settings\Shuvo\Application Data\Starware317\ErrorSearch\ErrorSearchOptions.xml.backup
c:\documents and settings\Shuvo\Application Data\Starware317\Games\GamesOptions.xml
c:\documents and settings\Shuvo\Application Data\Starware317\Games\GamesOptions.xml.backup
c:\documents and settings\Shuvo\Application Data\Starware317\Layouts\PreferencesLayout.xml
c:\documents and settings\Shuvo\Application Data\Starware317\Layouts\PreferencesLayout.xml.backup
c:\documents and settings\Shuvo\Application Data\Starware317\Layouts\ToolbarLayout.xml
c:\documents and settings\Shuvo\Application Data\Starware317\Layouts\ToolbarLayout.xml.backup
c:\documents and settings\Shuvo\Application Data\Starware317\Layouts\WeatherLayout.xml
c:\documents and settings\Shuvo\Application Data\Starware317\Layouts\WeatherLayout.xml.backup
c:\documents and settings\Shuvo\Application Data\Starware317\Manager\ManagerOptions.xml
c:\documents and settings\Shuvo\Application Data\Starware317\Manager\ManagerOptions.xml.backup
c:\documents and settings\Shuvo\Application Data\Starware317\Movies\MoviesOptions.xml
c:\documents and settings\Shuvo\Application Data\Starware317\Movies\MoviesOptions.xml.backup
c:\documents and settings\Shuvo\Application Data\Starware317\Reference\ReferenceOptions.xml
c:\documents and settings\Shuvo\Application Data\Starware317\Reference\ReferenceOptions.xml.backup
c:\documents and settings\Shuvo\Application Data\Starware317\RelatedSearch\RelatedSearchOptions.xml
c:\documents and settings\Shuvo\Application Data\Starware317\RelatedSearch\RelatedSearchOptions.xml.backup
c:\documents and settings\Shuvo\Application Data\Starware317\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
c:\documents and settings\Shuvo\Application Data\Starware317\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
c:\documents and settings\Shuvo\Application Data\Starware317\SearchMatch\SearchMatchOptions.xml
c:\documents and settings\Shuvo\Application Data\Starware317\SearchMatch\SearchMatchOptions.xml.backup
c:\documents and settings\Shuvo\Application Data\Starware317\SmileyTown\SmileyTownOptions.xml
c:\documents and settings\Shuvo\Application Data\Starware317\SmileyTown\SmileyTownOptions.xml.backup
c:\documents and settings\Shuvo\Application Data\Starware317\Tem2AB5.tmp
c:\documents and settings\Shuvo\Application Data\Starware317\Tem7B0.tmp
c:\documents and settings\Shuvo\Application Data\Starware317\TemFEB.tmp
c:\documents and settings\Shuvo\Application Data\Starware317\Toolbar\TBProductsOptions.xml
c:\documents and settings\Shuvo\Application Data\Starware317\Toolbar\TBProductsOptions.xml.backup
c:\documents and settings\Shuvo\Application Data\Starware317\ToolbarLogo\ToolbarLogoOptions.xml
c:\documents and settings\Shuvo\Application Data\Starware317\ToolbarLogo\ToolbarLogoOptions.xml.backup
c:\documents and settings\Shuvo\Application Data\Starware317\ToolbarSearch\ToolbarSearchOptions.xml
c:\documents and settings\Shuvo\Application Data\Starware317\ToolbarSearch\ToolbarSearchOptions.xml.backup
c:\documents and settings\Shuvo\Application Data\Starware317\TravelSearch\TravelSearchOptions.xml
c:\documents and settings\Shuvo\Application Data\Starware317\TravelSearch\TravelSearchOptions.xml.backup
c:\documents and settings\Shuvo\Application Data\Starware317\Weather\AlertArchive.xml
c:\documents and settings\Shuvo\Application Data\Starware317\Weather\WeatherOptions.xml
c:\documents and settings\Shuvo\Application Data\Starware317\Weather\WeatherOptions.xml.backup
c:\documents and settings\Shuvo\Favorites\Cheap - No chance for spammers - Online.url
c:\documents and settings\Shuvo\Favorites\Search Online.url
c:\documents and settings\Shuvo\Favorites\SMS TRAP.url
c:\documents and settings\Shuvo\Favorites\VIP -- Look for another playground --.url
c:\documents and settings\Shuvo\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\documents and settings\Shuvo\Start Menu\Cheap - No chance for spammers - Online.url
c:\documents and settings\Shuvo\Start Menu\Search Online.url
c:\documents and settings\Shuvo\Start Menu\SMS TRAP.url
c:\documents and settings\Shuvo\Start Menu\VIP -- Look for another playground --.url
c:\program files\FunWebProducts
c:\program files\Starware317
c:\program files\Starware317\bin\Starware317.dll
c:\program files\Starware317\brand.bmp
c:\program files\Starware317\icons\star_16.ico
c:\program files\Starware317\icons\Thumbs.db
c:\program files\Starware317\Starware317Config.xml
c:\program files\Starware317\Starware317Uninstall.exe
c:\program files\Starware317\Thumbs.db
c:\recycler\ADAPT_Installer.exe
c:\windows\Downloaded Program Files\setup.inf
c:\windows\IE4 Error Log.txt
c:\windows\k.txt
c:\windows\system32\amvo.exe
c:\windows\system32\amvo0.dll
c:\windows\system32\c.ico
c:\windows\system32\m.ico
c:\windows\system32\p.ico
c:\windows\system32\s.ico
c:\windows\system32\svohost.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_oreans32


((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.

2008-11-12 16:15 . 2008-07-12 09:00 103,421 -r-hs---- C:\jiwsxh39.exe
2008-11-12 10:07 . 2008-11-12 10:07 69,632 --a------ c:\windows\system32\dzhoil.dll
2008-11-12 09:41 . 2008-11-12 09:41 <DIR> d-------- c:\program files\River Past
2008-11-12 09:41 . 2008-11-12 09:41 <DIR> d-------- c:\program files\Common Files\River Past
2008-11-12 09:41 . 2008-11-12 09:41 <DIR> d-------- c:\documents and settings\Shuvo\Application Data\River Past G5
2008-11-12 09:41 . 2008-11-12 09:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\River Past G5
2008-11-12 09:41 . 2008-11-12 09:41 163,468 --a------ c:\windows\Audio Converter Uninstaller.exe
2008-11-12 09:20 . 2005-02-27 21:48 356,352 --a------ c:\windows\system32\RealMediaSplitter.ax
2008-11-11 14:24 . 2008-11-11 14:24 688 --a------ c:\windows\eReg.dat
2008-11-11 10:59 . 2008-11-11 10:59 <DIR> d-------- c:\program files\The Specialists
2008-11-11 10:53 . 2008-11-11 10:53 0 --a------ c:\windows\cfgedit.INI
2008-11-08 18:07 . 2008-11-12 14:33 14 --a------ c:\windows\system32\getfile.dat
2008-11-08 17:56 . 2008-11-08 17:56 <DIR> d-------- c:\program files\Softwin
2008-11-08 17:56 . 2008-11-08 17:56 <DIR> d-------- c:\program files\Common Files\Softwin
2008-11-06 00:53 . 2008-11-12 17:12 <DIR> d-------- c:\documents and settings\LocalService\Application Data\WTablet
2008-11-06 00:40 . 2008-11-06 00:40 <DIR> d-------- c:\program files\Konami
2008-11-04 04:00 . 2008-11-04 04:04 331 --a------ c:\windows\fpf.INI
2008-11-04 03:44 . 2008-11-04 04:09 <DIR> d-------- c:\documents and settings\Shuvo\Application Data\photodb
2008-11-04 02:33 . 2008-11-04 02:33 13 --a------ c:\windows\system32\mrphbks.ini
2008-11-04 00:34 . 2008-11-04 00:34 <DIR> d-------- c:\program files\KSAFone
2008-11-02 03:46 . 2008-11-02 03:46 <DIR> d-------- c:\documents and settings\Shuvo\Incomplete
2008-10-31 05:29 . 2008-10-31 05:29 0 --a------ c:\windows\system32\REN14B1.tmp
2008-10-31 05:29 . 2008-10-31 05:29 0 --a------ c:\windows\system32\REN14B0.tmp
2008-10-31 05:29 . 2008-10-31 05:29 0 --a------ c:\windows\system32\REN14AF.tmp
2008-10-31 05:28 . 2008-10-31 05:29 <DIR> d-------- c:\program files\Java
2008-10-31 00:03 . 2008-11-12 17:12 <DIR> d-------- c:\documents and settings\Shuvo\Application Data\WTablet
2008-10-31 00:03 . 2007-09-07 11:07 2,684,200 --a------ c:\windows\system32\PenTablet.cpl
2008-10-31 00:03 . 2007-09-07 11:04 1,380,680 --a------ c:\windows\system32\PenTablet.znc
2008-10-31 00:03 . 2007-07-30 14:44 30,248 --a------ c:\windows\system32\drivers\wisdpen.sys
2008-10-30 23:57 . 2008-10-30 23:57 <DIR> d-------- c:\program files\Norton PC Checkup
2008-10-30 23:57 . 2007-02-15 16:11 11,440 --a------ c:\windows\system32\drivers\WacomVKHid.sys
2008-10-30 23:45 . 2008-10-30 23:45 <DIR> d-------- c:\windows\system32\WTablet
2008-10-30 23:45 . 2007-02-16 10:30 12,848 --a------ c:\windows\system32\drivers\wacomvhid.sys
2008-10-30 23:45 . 2007-02-16 11:12 11,312 --a------ c:\windows\system32\drivers\wacommousefilter.sys
2008-10-30 23:44 . 2008-10-31 00:03 <DIR> d-------- c:\program files\Tablet
2008-10-30 23:44 . 2007-09-07 11:16 1,373,480 --a------ c:\windows\system32\Pen_Tablet.exe
2008-10-30 23:44 . 2007-09-07 10:55 181,544 --a------ c:\windows\system32\Wintab32.dll
2008-10-30 23:44 . 2007-09-07 11:09 128,296 --a------ c:\windows\system32\Pen_Tablet.dll
2008-10-30 23:41 . 2008-10-30 23:41 <DIR> d-------- c:\program files\mIRC
2008-10-30 23:41 . 2008-10-31 00:06 <DIR> d-------- c:\documents and settings\Shuvo\Application Data\mIRC
2008-10-30 23:27 . 2008-10-30 23:27 <DIR> d-------- c:\program files\Uniblue
2008-10-30 23:27 . 2008-10-30 23:27 <DIR> d-------- c:\documents and settings\Shuvo\Application Data\Uniblue
2008-10-30 23:27 . 2008-10-30 23:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2008-10-30 23:17 . 2008-10-30 23:27 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-10-30 23:07 . 2008-10-30 23:07 <DIR> d-------- c:\program files\P2P_Energy
2008-10-30 23:07 . 2008-11-04 03:54 <DIR> d-------- c:\program files\MP3Torpedo
2008-10-30 23:07 . 2008-10-30 23:07 <DIR> d-------- c:\program files\Conduit
2008-10-30 23:07 . 2008-11-02 04:19 <DIR> d-------- c:\documents and settings\Shuvo\Application Data\MP3Torpedo
2008-10-30 05:41 . 2008-10-30 05:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\IsolatedStorage
2008-10-30 05:31 . 2008-10-30 05:31 <DIR> d-------- c:\program files\TerraSofta
2008-10-26 22:42 . 2008-10-26 22:43 <DIR> d-------- c:\windows\system32\Adobe
2008-10-26 04:44 . 2008-10-26 04:44 0 --a------ c:\windows\system32\REN6CD1.tmp
2008-10-26 04:44 . 2008-10-26 04:44 0 --a------ c:\windows\system32\REN6CD0.tmp
2008-10-26 04:44 . 2008-10-26 04:44 0 --a------ c:\windows\system32\REN6CCF.tmp
2008-10-26 04:36 . 2008-10-26 04:36 0 --a------ c:\windows\system32\REN6B66.tmp
2008-10-26 04:36 . 2008-10-26 04:36 0 --a------ c:\windows\system32\REN6B65.tmp
2008-10-26 04:36 . 2008-10-26 04:36 0 --a------ c:\windows\system32\REN6B64.tmp
2008-10-25 16:28 . 2008-10-25 16:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-10-24 02:16 . 2008-10-24 02:16 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-23 00:36 . 2008-10-23 00:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-10-22 04:06 . 2008-10-22 04:06 <DIR> d-------- c:\program files\Bandwidth Monitor Pro
2008-10-21 18:26 . 2008-10-21 18:28 <DIR> d-------- c:\program files\Common Files\Alias Shared
2008-10-21 18:26 . 2008-10-21 18:28 <DIR> d-------- c:\program files\Alias
2008-10-20 22:43 . 2008-11-12 17:14 <DIR> d-------- c:\program files\Steam
2008-10-19 03:19 . 2008-10-19 03:19 <DIR> d-------- c:\windows\.jagex_cache_32
2008-10-19 03:19 . 2008-10-24 03:53 30 --a------ c:\documents and settings\Shuvo\jagex_runescape_preferences.dat
2008-10-17 02:28 . 2008-10-17 02:28 <DIR> dr-h----- c:\documents and settings\Shuvo\Application Data\SecuROM
2008-10-16 22:11 . 2008-10-16 22:11 <DIR> d-------- c:\program files\Windows Live
2008-10-16 20:34 . 2008-10-16 20:34 <DIR> d-------- c:\program files\Team JPN
2008-10-14 00:10 . 2008-10-14 00:10 <DIR> d-------- c:\documents and settings\Shuvo\Application Data\TopLang
2008-10-13 07:13 . 2008-11-06 00:37 <DIR> d-------- C:\Downloads
2008-10-13 04:56 . 2008-10-13 19:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-10-13 04:56 . 2008-10-13 04:56 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Nero
2008-10-13 04:56 . 2008-10-13 04:56 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InstallShield
2008-10-13 04:55 . 2008-10-13 04:55 345,433 --a------ C:\You can no longer access the CD drive or the DVD drive, or you receive an error message after you remove a CD recording program or a DVD recording program in Windows XP error code 31.mht
2008-10-13 04:34 . 2008-10-13 04:34 0 --a------ c:\windows\Irremote.ini
2008-10-13 03:17 . 2008-10-16 22:11 <DIR> d-------- c:\program files\Messenger Plus! Live
2008-10-13 02:53 . 2008-11-02 04:11 <DIR> d-------- c:\documents and settings\Shuvo\Application Data\Free Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 10:53 --------- d-----w c:\documents and settings\Shuvo\Application Data\MxBoost
2008-11-12 09:57 --------- d-----w c:\documents and settings\Shuvo\Application Data\uTorrent
2008-11-12 03:42 --------- d-----w c:\program files\Combined Community Codec Pack
2008-11-11 09:34 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-11 09:32 --------- d-----w c:\documents and settings\All Users\Application Data\Firefly Studios
2008-11-11 04:53 --------- d-----w c:\program files\Eset
2008-11-06 00:00 --------- d-----w c:\documents and settings\Shuvo\Application Data\IMVU
2008-11-05 23:57 --------- d-----w c:\program files\IMVU
2008-11-03 14:11 --------- d-----w c:\program files\Apple Software Update
2008-10-31 10:22 --------- d-----w c:\documents and settings\Shuvo\Application Data\InstallShield
2008-10-30 17:57 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-22 18:36 --------- d-----w c:\program files\Yahoo!
2008-10-21 18:07 --------- d-----w c:\program files\DivX
2008-10-20 08:47 --------- d-----w c:\program files\Maxthon2
2008-10-17 08:29 --------- d-----w c:\program files\Xvid
2008-10-16 17:28 --------- d-----w c:\documents and settings\Shuvo\Application Data\BearShare
2008-10-16 16:11 --------- d-----w c:\program files\MSN Messenger
2008-10-16 13:48 --------- d-----w c:\program files\Free Download Manager
2008-10-16 13:48 --------- d-----w c:\program files\AIMTunes
2008-10-16 13:42 --------- d-----w c:\program files\Common Files\Adobe
2008-10-14 11:11 18,030 ----a-w c:\windows\system32\drivers\DeskLock.sys
2008-10-10 12:43 --------- d-----w c:\documents and settings\Shuvo\Application Data\Nero
2008-10-10 12:41 --------- d-----w c:\program files\Common Files\Nero
2008-10-10 12:39 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-09-26 23:27 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-09-26 20:55 --------- d-----w c:\program files\Advanced Speed Typing
2008-09-26 20:54 --------- d-----w c:\program files\Windows Journal - Vista
2008-09-26 18:13 --------- d-----w c:\documents and settings\Shuvo\Application Data\TMNT
2008-09-23 20:26 --------- d-----w c:\program files\Ubisoft
2008-09-22 17:38 --------- d-----w c:\documents and settings\Shuvo\Application Data\Codemasters
2008-09-22 17:22 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-22 16:10 --------- d-----w c:\program files\CAPCOM
2008-09-16 17:04 --------- d-----w c:\program files\Electronic Arts
2008-09-08 19:31 152,920 ----a-w c:\windows\system32\vghd.scr
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2008-09-15 06:47 1784856 --a------ c:\program files\P2P_Energy\tbP2P_.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E49CE891-CD83-4841-8CC9-6E284D7978D0}]
2007-02-13 15:10 233472 --a------ c:\program files\BearShare Applications\MediaBar\1.bin\BEARSMBR.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-07-28 16:46 160496 --a------ c:\program files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E49CE899-CD83-4841-8CC9-6E284D7978D0}"= "c:\program files\BearShare Applications\MediaBar\1.bin\BEARSMBR.DLL" [2007-02-13 233472]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2008-09-15 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E49CE899-CD83-4841-8CC9-6E284D7978D0}"= "c:\program files\BearShare Applications\MediaBar\1.bin\BEARSMBR.DLL" [2007-02-13 233472]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{e49ce899-cd83-4841-8cc9-6e284d7978d0}]
[HKEY_CLASSES_ROOT\TypeLib\{E49CE890-CD83-4841-8CC9-6E284D7978D0}]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2007-12-13 22:02 96552 --a------ c:\program files\Nero\Nero 7\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-24 94208]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-07-27 405583]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-07 4670968]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-19 50528]
"Steam"="c:\program files\steam\steam.exe" [2008-10-20 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2004-08-04 16384]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2004-08-04 271872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-03-14 5525504]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2005-02-02 20:01 270336]
"CrossMenu"="c:\program files\Toshiba\CrossMenu\CrossMenu.exe" [2005-04-04 798720]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-04 118784]
"TosRotation"="c:\program files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe" [2005-04-04 266240]
"TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2005-04-05 118784]
"TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2005-04-05 77824]
"TMESBS.EXE"="c:\program files\TOSHIBA\TME3\TMESBS32.EXE" [2003-10-28 77824]
"TAcelMgr"="c:\program files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe" [2005-04-04 86016]
"TSkrMain"="c:\program files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe" [2005-04-04 45056]
"DpUtil"="c:\program files\TOSHIBA\DualPointUtility\TEDTray.exe" [2003-12-19 155648]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 49152]
"TAudEffect"="c:\program files\TOSHIBA\TAudEffect\TAudEff.exe" [2005-01-14 340032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-12-12 180269]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-12-12 917504]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-10-19 286720]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-12-13 2048808]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-12-13 1082152]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"BDMCon"="c:\progra~1\Softwin\BITDEF~1\bdmcon.exe" [2005-08-03 360448]
"BDOESRV"="c:\program files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 90112]
"BDNewsAgent"="c:\progra~1\Softwin\BITDEF~1\bdnagent.exe" [2005-06-09 9728]
"BDSwitchAgent"="c:\progra~1\Softwin\BITDEF~1\bdswitch.exe" [2005-04-06 33280]
"nwiz"="nwiz.exe" [2005-03-14 c:\windows\system32\nwiz.exe]
"000StTHK"="000StTHK.exe" [2001-06-24 01:28 24576 c:\windows\system32\000StTHK.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 c:\windows\agrsmmsg.exe]
"TFNF5"="TFNF5.exe" [2004-06-28 c:\windows\system32\TFNF5.exe]
"TPSMain"="TPSMain.exe" [2005-04-06 c:\windows\system32\TPSMain.exe]
"TPSODDCtl"="TPSODDCtl.exe" [2005-04-06 c:\windows\system32\TPSODDCtl.exe]
"TFncKy"="TFncKy.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-04-26 423184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Bandwidth Monitor Pro"="c:\progra~1\BANDWI~1\Bandwidth Monitor Pro.exe" [2005-02-16 225280]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
IMVU.lnk - c:\program files\IMVU\IMVUClient.exe [2008-06-21 49408]

c:\documents and settings\Shuvo\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-06-24 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2004-08-04 18:00 47104 c:\program files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 08:41 11776 c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2004-08-04 18:00 30208 c:\windows\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"VIDC.3iv2"= c:\progra~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.VP60"= c:\progra~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= c:\progra~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= c:\progra~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= c:\progra~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= c:\progra~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.FFDS"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"msacm.ac3acm"= c:\progra~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= c:\progra~1\K-LITE~1\codecs\l3codecp.acm
"MSACM.CEGSM"= mobilev.acm
"VIDC.MJPG"= c:\progra~1\MAINCO~1\PVR\mcmjpg32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\River Past\\Audio Converter\\AudioConverter.exe"=

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2004-12-28 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2004-11-13 6144]
R1 oxser;OX16C95x Serial port driver;c:\windows\system32\DRIVERS\oxser.sys [2004-03-25 49792]
R1 TMEI3E;TMEI3E;c:\windows\system32\Drivers\TMEI3E.SYS [2004-06-16 5888]
R2 FILESpy;FILESpy;c:\program files\Softwin\BitDefender9\filespy.sys [2005-07-28 14081]
R2 maya65docserver;Maya 6.5 Documentation Server;c:\program files\Alias\Maya6.5\docs\wrapper.exe [2004-07-16 126976]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [2007-12-13 50984]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-09-07 1373480]
R2 Tmesbs;Tmesbs32;c:\program files\TOSHIBA\TME3\Tmesbs32.exe [2003-10-28 77824]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-05 24652]
R3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2004-05-13 32640]
R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\DRIVERS\TBtnKey.sys [2002-09-13 8832]
R3 wacommousefilter;Wacom Mouse Filter Driver;c:\windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver;c:\windows\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
R3 WacomVKHid;Virtual Keyboard Driver;c:\windows\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
R3 WISDPen;Wacom Penabled MiniDriver;c:\windows\system32\DRIVERS\wisdpen.sys [2007-07-30 30248]
S2 Bandwidth Monitor Pro;Bandwidth Monitor Pro;c:\progra~1\BANDWI~1\Bandwidth Monitor Pro.exe [2005-02-16 225280]
S3 memcard;PCMCIA Memory Card Driver;c:\windows\system32\DRIVERS\memcard.sys [2001-08-17 8320]
S3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\DRIVERS\TEchoCan.sys [2005-01-13 410112]
S3 TMicAry;Toshiba Audio Effect with MicArray;c:\windows\system32\DRIVERS\TMicAry.sys [2004-02-04 138240]
S3 VNic;ULan Network Driver Module;c:\windows\system32\DRIVERS\VNic.sys [2005-04-29 50532]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2004-08-04 13568]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ac487ec-5d61-11dd-a2c4-00166f0b5da4}]
\Shell\AutoRun\command - D:\fun.exe
\Shell\explore\Command - D:\fun.exe
\Shell\open\Command - D:\fun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57b509ab-4979-11dc-a1fd-00166f0b5da4}]
\Shell\AutoRun\command - D:\RavMon.exe
\Shell\explore\Command - D:\RavMon.exe -e
\Shell\open\Command - D:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57b509ac-4979-11dc-a1fd-00166f0b5da4}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a0811e2-fa34-11db-a1ba-00166f0b5da4}]
\Shell\Auto\command - D:\setup.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a081232-fa34-11db-a1ba-00166f0b5da4}]
\Shell\Auto\command - setup.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d515f091-3fe3-11dd-a2af-00166f0b5da4}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2007-03-11 c:\windows\Tasks\ATB - Ecstasy.job
- c:\my stuff\Music\1st\My Music\Atb\ATB - Ecstasy.MP3 []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe
HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe
HKCU-Run-RemoveIT Pro XT - c:\program files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
HKLM-Run-snpstd - c:\windows\vsnpstd.exe
HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKLM-Run-RRT-Auto - d:\programs\RRT.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
HKU-Default-Run-TabletWizard - c:\windows\help\wizard.hta


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Shuvo\Application Data\Mozilla\Firefox\Profiles\ros1ire8.default\
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 17:13:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\system32\Crypserv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Alias\Maya6.5\docs\jre\bin\java.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\ThpSrv.exe
c:\program files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
c:\program files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
c:\program files\Softwin\BitDefender9\vsserv.exe
c:\windows\system32\wisptis.exe
c:\windows\system32\tabbtnu.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Microsoft Shared\Ink\TCServer.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\Toshiba\TOSHIBA Controls\TFncKy.exe
c:\program files\Toshiba\TME3\TMETEMnu.exe
c:\windows\system32\ThpSrv.exe
c:\program files\Softwin\BitDefender9\bdnagent.exe
c:\program files\Softwin\BitDefender9\bdswitch.exe
c:\program files\AIM6\aolsoftware.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-11-12 17:25:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-12 11:25:44

Pre-Run: 5,177,786,368 bytes free
Post-Run: 12,659,589,120 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /forceresetreg /usepmtimer

531
Yoshi
Nov 12 2008, 11:58 AM
The HijackThis Log-


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:56:21, on 12/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Alias\Maya6.5\docs\wrapper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...OeoARwN/QK6zBM=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: BearShareMediaBar BHO - {E49CE891-CD83-4841-8CC9-6E284D7978D0} - C:\Program Files\BearShare Applications\MediaBar\1.bin\BEARSMBR.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: BearShare Media Bar - {E49CE899-CD83-4841-8CC9-6E284D7978D0} - C:\Program Files\BearShare Applications\MediaBar\1.bin\BEARSMBR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TosRotation] "C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
O4 - HKLM\..\Run: [TSkrMain] C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [ThpSrv] c:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Shuvo\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://justdeadtoreply.spaces.live.com//Ph...ad/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bandwidth Monitor Pro - Pro²soft - C:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya6.5\docs\wrapper.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 17999 bytes





THANKS AGAIN, :)
THANKS AGAIN, :)
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.