Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » Someone help me please!

[Fixed] Hijackthis! Logs - Someone help me please! posted in the Security & Safety forums; Hello i think my computer has been infected by spyware/adware/virus. It wont let me access my documetns computer or program fils or anything! This is my Hijack this log. Logfile ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 4 1 2 3 4 >
  #1  
Old 05-27-2008
Bronze Member
  
Join Date: Nov 2007
Posts: 16
PC Experience: Beginner
drakem126 - See this Members User comments on their Profile page
Default Someone help me please!
Hello i think my computer has been infected by spyware/adware/virus. It wont let me access my documetns computer or program fils or anything!
This is my Hijack this log.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:44: VIRUS ALERT!, on 27/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\mrofinu1535.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\antiviirus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\tmp2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\User\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = UltimateCleaner 2007
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QXK Olive - {11B771F0-C8FD-426A-B537-F9AAE4059895} - C:\WINDOWS\boqnrwdmkrs.dll
O2 - BHO: ColorUtility module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Program Files\ColorUtility\ColorUtility.dll
O2 - BHO: 818646 helper - {54192079-8E8A-43D8-BCBC-3874916159AF} - C:\WINDOWS\system32\818646\818646.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BCBEB0EB-744A-4F05-99A5-636B721C318E} - C:\WINDOWS\system32\urqOIyyy.dll
O2 - BHO: (no name) - {D7F3EFFF-D9F6-4FC3-900A-786C611552ED} - C:\WINDOWS\system32\awtrSMdC.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1535.exe 61A847B5BBF7281337983D466188719AB689201522886B092C BD44BD8689220221DD3257
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WinSpywareProtect (ver. 5.1)] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} - https://3msource.3m.com/dana-cached/...niperSetup.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0DA91C8-CCA1-4B7F-B530-1B262CA5ADBD}: NameServer = 192.168.0.1
O20 - Winlogon Notify: urqOIyyy - C:\WINDOWS\SYSTEM32\urqOIyyy.dll
O21 - SSODL: vltdfabw - {B989B16E-90F4-45FD-B0D8-F9F220EEB7D9} - C:\WINDOWS\vltdfabw.dll
O21 - SSODL: vregfwlx - {81235E58-2A35-4F05-A276-A65DA3B25284} - C:\WINDOWS\vregfwlx.dll
O21 - SSODL: PrxSrv - {72585592-3997-48fe-a0f4-180ac788d84c} - C:\WINDOWS\Resources\PrxSrv.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SpIDer Guard for Windows (SPIDERNT) - Doctor Web, Ltd. - C:\PROGRA~1\DrWeb\spidernt.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 8630 bytes


Thanks
  #2  
Old 05-27-2008
valis's Avatar
Senior Security Analyst
My PC
 
Join Date: Jan 2007
Location: texas, USA
Posts: 2,609
PC Experience: PC Illiterate
valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page
Default Re: Someone help me please!
hello drakem. First thing we need to go is get you to the latest version of hijack this. CLICK HERE to download the HijackThis Installer:
  1. Save HJTInstall.exe to your desktop.
  2. Double-click on HJTInstall.exe to run the program.
  3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
  4. Accept the license agreement by clicking the "I Accept" button.
  5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  6. Click "Save log" to save the log file and then the log will open in Notepad.
  7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
  8. Come back here to this thread and paste the log in your next reply.
  9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
You may delete the older version once you have successfully downloaded and installed the latest version of HijackThis v2.0.2.

thanks,

v


__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
  #3  
Old 05-27-2008
Bronze Member
  
Join Date: Nov 2007
Posts: 16
PC Experience: Beginner
drakem126 - See this Members User comments on their Profile page
Default Re: Someone help me please!
Thankyou!!
Here is the new log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07: VIRUS ALERT!, on 27/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\mrofinu1535.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\User\LOCALS~1\Tempboome20.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = UltimateCleaner 2007
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1535.exe 61A847B5BBF7281337983D466188719AB689201522886B092C BD44BD8689220221DD3257
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WinSpywareProtect (ver. 5.1)] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} - https://3msource.3m.com/dana-cached/...niperSetup.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0DA91C8-CCA1-4B7F-B530-1B262CA5ADBD}: NameServer = 192.168.0.1
O21 - SSODL: vltdfabw - {B989B16E-90F4-45FD-B0D8-F9F220EEB7D9} - C:\WINDOWS\vltdfabw.dll
O21 - SSODL: vregfwlx - {81235E58-2A35-4F05-A276-A65DA3B25284} - C:\WINDOWS\vregfwlx.dll
O21 - SSODL: PrxSrv - {72585592-3997-48fe-a0f4-180ac788d84c} - C:\WINDOWS\Resources\PrxSrv.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SpIDer Guard for Windows (SPIDERNT) - Doctor Web, Ltd. - C:\PROGRA~1\DrWeb\spidernt.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 7419 bytes
  #4  
Old 05-27-2008
valis's Avatar
Senior Security Analyst
My PC
 
Join Date: Jan 2007
Location: texas, USA
Posts: 2,609
PC Experience: PC Illiterate
valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page
Default Re: Someone help me please!
okay, you've got a few infections there.You may want to print these out. please close all other applications, start hjt again, click 'perform system scan only', place a tick next to the following and click 'fix checked'

 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1535.exe 61A847B5BBF7281337983D466188719AB689201522886B092C BD44BD8689220221DD3257
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O21 - SSODL: vltdfabw - {B989B16E-90F4-45FD-B0D8-F9F220EEB7D9} - C:\WINDOWS\vltdfabw.dll
O21 - SSODL: vregfwlx - {81235E58-2A35-4F05-A276-A65DA3B25284} - C:\WINDOWS\vregfwlx.dll

Now reboot into safe mode and navigate to and delete the highlighted files/folders:

C:\WINDOWS\mrofinu1535.exe
C:\Program Files\antiviirus.exe
C:\WINDOWS\vltdfabw.dll
C:\WINDOWS\vregfwlx.dll

Reboot, and proceed to the next step.

You also need to replace your Sun java with newest version:

Go to Add/Remove programs and uninstall this:

Java 2 Runtime Environment

Now go here and install the latest version of Java.



Reboot, and post a new log.



thanks,




v


__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
  #5  
Old 05-27-2008
Bronze Member
  
Join Date: Nov 2007
Posts: 16
PC Experience: Beginner
drakem126 - See this Members User comments on their Profile page
Default Re: Someone help me please!
Thanks


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49: VIRUS ALERT!, on 27/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
C:\Program Files\Eroca\Eroca.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = UltimateCleaner 2007
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O3 - Toolbar: atfxqogp - {736569A1-1F42-4ECD-A4E5-2B05341D41FF} - C:\WINDOWS\atfxqogp.dll
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [e89cf492] rundll32.exe "C:\WINDOWS\system32\reujgwkw.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKCU\..\Run: [Eroca] C:\Program Files\Eroca\Eroca.exe
O4 - HKCU\..\Run: [WinSpywareProtect (ver. 5.1)] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} - https://3msource.3m.com/dana-cached/...niperSetup.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0DA91C8-CCA1-4B7F-B530-1B262CA5ADBD}: NameServer = 192.168.0.1
O21 - SSODL: PrxSrv - {72585592-3997-48fe-a0f4-180ac788d84c} - C:\WINDOWS\Resources\PrxSrv.dll
O21 - SSODL: vregfwlx - {75AA28DE-6D26-4A92-8D5A-C0263000C084} - C:\WINDOWS\vregfwlx.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SpIDer Guard for Windows (SPIDERNT) - Doctor Web, Ltd. - C:\PROGRA~1\DrWeb\spidernt.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 6736 bytes
  #6  
Old 05-27-2008
valis's Avatar
Senior Security Analyst
My PC
 
Join Date: Jan 2007
Location: texas, USA
Posts: 2,609
PC Experience: PC Illiterate
valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page
Default Re: Someone help me please!
You may want to print these out. please close all other applications, start hjt again, click 'perform system scan only', place a tick next to the following and click 'fix checked'

O3 - Toolbar: atfxqogp - {736569A1-1F42-4ECD-A4E5-2B05341D41FF} - C:\WINDOWS\atfxqogp.dll
O4 - HKLM\..\Run: [e89cf492] rundll32.exe "C:\WINDOWS\system32\reujgwkw.dll",b
O4 - HKCU\..\Run: [WinSpywareProtect (ver. 5.1)] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} - https://3msource.3m.com/dana-cached/...niperSetup.cab
O21 - SSODL: vregfwlx - {75AA28DE-6D26-4A92-8D5A-C0263000C084} - C:\WINDOWS\vregfwlx.dll (file missing)

Go to start > run > appwiz.cpl and remove the following, if present:

WinSpywareProtect

Reboot into safe mode and navigate to and delete the following files/folders:

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\ < folder
C:\WINDOWS\atfxqogp.dll
C:\WINDOWS\system32\reujgwkw.dll

reboot, and post and new log, and let me know how the rig's running.

Thanks,

v


__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
  #7  
Old 05-28-2008
Bronze Member
  
Join Date: Nov 2007
Posts: 16
PC Experience: Beginner
drakem126 - See this Members User comments on their Profile page
Default Re: Someone help me please!
I could not locate the documents and settings/all users/application data file so could not delete that one! I am gettin popups still (fewer though). And in the bottom right hand corner of the screen by the time it says (VIRUS ALERT!). Also i cannot get to my programs, documents or my computer through the start menu as they have been removed. I have to get to my files through icons on the desktop. Thanks alot for your help. Here is the new log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:19: VIRUS ALERT!, on 28/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
C:\Program Files\Eroca\Eroca.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = UltimateCleaner 2007
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKCU\..\Run: [Eroca] C:\Program Files\Eroca\Eroca.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0DA91C8-CCA1-4B7F-B530-1B262CA5ADBD}: NameServer = 192.168.0.1
O21 - SSODL: PrxSrv - {72585592-3997-48fe-a0f4-180ac788d84c} - C:\WINDOWS\Resources\PrxSrv.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SpIDer Guard for Windows (SPIDERNT) - Doctor Web, Ltd. - C:\PROGRA~1\DrWeb\spidernt.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 5898 bytes

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 1 of 4 1 2 3 4 >

Bookmarks