redflyingpig
2008-07-19, 03:41
My IE has been hacked. I've tried several ways to get rid of it,
without any success. Here is a hijackthis log. Can anybody help? One
thing I do notice is that everytime I open or close IE or windows
explorer, spybot tells me that the IE home page value in my registry
is being modified by the malware.
Logfile of HijackThis v1.99.1
Scan saved at 7:50:58 AM, on 7/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
E:\My Documents\PortApps\taskswitchxp\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\My Documents\PortApps\HoeKey\HoeKey.exe
C:\Program Files\Launchy\Launchy.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin
\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind
\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
E:\My Documents\Downloads\anti-malware\HijackThis.exe
O2 - BHO: (no name) - {21334231-6DED-436B-9E63-E45AAA9DA107} - (no
file)
O2 - BHO: (no name) - {296E2539-1A71-44AE-9864-9C083517BD36} - C:
\WINDOWS\system32\uyoaninvve.dll
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} - C:
\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:
\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no
file)
O2 - BHO: (no name) - {867A1E46-2F7C-4A8F-A1B0-F65BF8915117} - C:
\WINDOWS\system32\wsllvqlxwpqne.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files
\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9B753C26-9E77-4C96-B7A8-4ACB70025974} - C:
\WINDOWS\system32\nbrqpsuzyy.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /
Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP
\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings
\cpqset.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP
\SynTPStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core
\smax4pnp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick
Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google
\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus
\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT
\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro
\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk
\googletalk.exe /autostart
O4 - HKCU\..\Run: [TaskSwitchXP] E:\My Documents\PortApps\taskswitchxp
\TaskSwitchXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search
& Destroy\TeaTimer.exe
O4 - Global Startup: HoeKey.lnk = E:\My Documents\PortApps\HoeKey
\HoeKey.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy
\Launchy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program
Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-
AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
- C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:
\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
- %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-
d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic
\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
- http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo
Upload Control) - http://redfliyngpig.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A0BDF82-
D151-47A2-8D99-9AE280A564A5}: NameServer = 202.96.64.68,202.96.75.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A0BDF82-
D151-47A2-8D99-9AE280A564A5}: NameServer = 202.96.64.68,202.96.75.68
O17 - HKLM\System\CS3\Services\Tcpip\..\{1A0BDF82-
D151-47A2-8D99-9AE280A564A5}: NameServer = 202.96.64.68,202.96.75.68
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:
\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:
\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:
\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -
C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945}
- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll
(file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
- C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:
\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) -
Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files
\Common Files\Apple\Mobile Device Support\bin
\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files
\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files
\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET
NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. -
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin
\iPodService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC
Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket
Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind
\StarWindServiceAE.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:
\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:
\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml (file
missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware,
Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:
\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) -
VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual
Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS
\system32\vmnat.exe
without any success. Here is a hijackthis log. Can anybody help? One
thing I do notice is that everytime I open or close IE or windows
explorer, spybot tells me that the IE home page value in my registry
is being modified by the malware.
Logfile of HijackThis v1.99.1
Scan saved at 7:50:58 AM, on 7/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
E:\My Documents\PortApps\taskswitchxp\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\My Documents\PortApps\HoeKey\HoeKey.exe
C:\Program Files\Launchy\Launchy.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin
\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind
\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
E:\My Documents\Downloads\anti-malware\HijackThis.exe
O2 - BHO: (no name) - {21334231-6DED-436B-9E63-E45AAA9DA107} - (no
file)
O2 - BHO: (no name) - {296E2539-1A71-44AE-9864-9C083517BD36} - C:
\WINDOWS\system32\uyoaninvve.dll
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} - C:
\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:
\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no
file)
O2 - BHO: (no name) - {867A1E46-2F7C-4A8F-A1B0-F65BF8915117} - C:
\WINDOWS\system32\wsllvqlxwpqne.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files
\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9B753C26-9E77-4C96-B7A8-4ACB70025974} - C:
\WINDOWS\system32\nbrqpsuzyy.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /
Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP
\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings
\cpqset.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP
\SynTPStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core
\smax4pnp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick
Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google
\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus
\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT
\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro
\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk
\googletalk.exe /autostart
O4 - HKCU\..\Run: [TaskSwitchXP] E:\My Documents\PortApps\taskswitchxp
\TaskSwitchXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search
& Destroy\TeaTimer.exe
O4 - Global Startup: HoeKey.lnk = E:\My Documents\PortApps\HoeKey
\HoeKey.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy
\Launchy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program
Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-
AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
- C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:
\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
- %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-
d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic
\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
- http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo
Upload Control) - http://redfliyngpig.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A0BDF82-
D151-47A2-8D99-9AE280A564A5}: NameServer = 202.96.64.68,202.96.75.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A0BDF82-
D151-47A2-8D99-9AE280A564A5}: NameServer = 202.96.64.68,202.96.75.68
O17 - HKLM\System\CS3\Services\Tcpip\..\{1A0BDF82-
D151-47A2-8D99-9AE280A564A5}: NameServer = 202.96.64.68,202.96.75.68
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:
\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:
\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:
\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -
C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945}
- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll
(file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
- C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:
\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) -
Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files
\Common Files\Apple\Mobile Device Support\bin
\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files
\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files
\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET
NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. -
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin
\iPodService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC
Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket
Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind
\StarWindServiceAE.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:
\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:
\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml (file
missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware,
Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:
\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) -
VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual
Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS
\system32\vmnat.exe