Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Tool virus cant run malwarebytes


  • This topic is locked This topic is locked
10 replies to this topic

#1 chanman

chanman

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 05 October 2009 - 07:23 PM

Been trying to get rid of this security tool virus looked everywhere and read the tutorial on how to run the several programs to get rid of it and cant seem to get anywhere. I have tried at least six different antivirus programs with no luck. I have windows xp professional and can only load up and do anything in safe mode. In normal mode the security tool takes over and wont let me open, load, stop process, or anything at all. I downloaded malwarebytes from the page here it downloads and loads but when I go to the icon on the desktop it says no files found. What else can I do and where do I start?

UPDATE: Tried uninstalling and installing it four times and get the same error-
Unable to locate file
Create process failed: Code 2
The system cannot find specified file

Edited by chanman, 05 October 2009 - 07:49 PM.


BC AdBot (Login to Remove)

 


#2 OldPhil

OldPhil

    Doppleganger


  • Members
  • 2,106 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:06:24 PM

Posted 05 October 2009 - 07:55 PM

What is the name of this security tool, that will help with ideas.

COUGAR SolutionRSB400 tower 400 watt supply Win 7 Pro

Gigabyte Z77X-UP5 TH-CF  board Intel Core i5-3570K @ 3.40GHz

16 Gigs Mushkin DDR3 SDRAM PC3-12800, 64 Gig ADATA SX900 SSD

120 Gig INTEL SS DSC2CT120A3 SSD, Three others up and running


#3 chanman

chanman
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 05 October 2009 - 07:58 PM

Security tool is the malware/virus I have on my computer that I am trying to get rid of. I have went through the whole tutorial in the spyware removal section of the site but cant do anything even in safe mode cause this virus wont let me install or load anything. The program I am trying to install and run with no success is the malwarebytes scanner which in the tutorial says is the program that will remove my problem.

Edited by chanman, 05 October 2009 - 07:59 PM.


#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:06:24 PM

Posted 05 October 2009 - 09:18 PM

Please try these scans



We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

----------------------------------

Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High

Also try: right-click on rootrepeal.exe and rename it to tatertot.scr

----------------------------------------------------------------------------



Please download peek.bat and save it to your Desktop. Double-click on peek.bat to run it. A black Command Prompt window will appear indicating the program is running. Once it is finished, copy and paste the entire contents of the Log.txt file it creates in your next reply.

If you encounter a problem downloading or getting peek.bat to run, go to Posted Image > Run..., and in the open box, type: Notepad
  • Click OK.
  • Copy and paste everything in the code box below into the Untitled - Notepad.
@ECHO OFF
DIR /a/s C:\WINDOWS\scecli.dll C:\WINDOWS\netlogon.dll C:\WINDOWS\eventlog.dll C:\Windows\cngaudit.dll >Log.txt
START Log.txt
DEL %0
  • Go to File > Save As, click the drop-down box to change the Save As Type to *All Files and save it as "peek.bat" on your desktop.
  • Double-click peek.bat to run the script.
  • A window will open and close quickly, this is normal.
  • A file called log.txt should be created on your Desktop.
  • Open that file and copy/paste the contents in your next reply.
-- Vista users, users can refer to these instructions to Run a Batch File as an Administrator.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 chanman

chanman
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 05 October 2009 - 09:36 PM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/05 22:33
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF812C000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8CA0000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal[1].sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal[1].sys
Address: 0xF7B1E000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xf87c687e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xf87c6bfe

==EOF==

Volume in drive C has no label.
Volume Serial Number is 549B-BAA4

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 06:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 06:00 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 06:00 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 08:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 08:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 08:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

04/13/2008 08:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\system32

04/13/2008 08:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

04/13/2008 08:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Total Files Listed:
9 File(s) 1,932,288 bytes
0 Dir(s) 16,617,066,496 bytes free

#6 chanman

chanman
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 06 October 2009 - 05:32 AM

This morning I tried downloading and installing superantispyware since some other people said they had some luck with that program but I get an error that says it cannot install because the administrator would not allow this process. This thing is so bad it even changed or added a password so I cant login as the administrator either.


Update: I followed somebody elses instructions to use msconfig and stop some startup processes and when I stopped a program called zugubura I can now load up into normal mode but I still cannot load or run any virus scan or any other program at all.

Edited by chanman, 06 October 2009 - 06:29 AM.


#7 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:06:24 PM

Posted 06 October 2009 - 05:25 PM

I still cannot load or run any virus scan or any other program at all.


You won't be able to
You have a rootkit infection



Please download SREng2 (System Repair Engineer) and save to your desktop.
  • Create a new folder on your hard drive called Sreng2 (C:\Sreng2) and extract (unzip) the file there. (click here if you're not sure how to do this. Vista users refer to this link.)
  • Open the folder and double-click on SREngLdr.EXE to launch it. (If you are using Vista, please right-click and select run as administrator)
  • Select Smart Scan from the left pane.
  • Leave all options checked to include Verify the digital signature of process modules (default).
  • Click the Scan button at the bottom right corner.
  • Please be patient as the scan will take a few minutes.
  • When the scan is complete, click on the Save Reports button to save the SREngLOG.log to the SREeng folder (C:\SREng) or your Desktop.
  • Click Close and exit SREng.
  • Copy and paste the contents of SREngLOG.log in your next reply.
Note: The log can be long and you may need several posts to post all of it. If you're using a custom HOSTS file, edit out the HOSTS File section, as it will make the log too long for posting.[/color]
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#8 chanman

chanman
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 06 October 2009 - 07:24 PM

[code=auto:0]

2009-10-06,20:22:37

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Running Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan
Scheduled Tasks
Windows Security Update Check
API HOOK
Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows Component Publisher]
<BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"> [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<Logitech Utility><Logi_MwX.Exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<HP Software Update><C:\Program Files\HP\HP Software Update\HPWuSchd2.exe> [Hewlett-Packard Co.]
<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.]
<ImgTask><C:\WINDOWS\Imgtask.exe> []
<NBKeyScan><"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"> [File is missing]
<SunJavaUpdateSched><"C:\Program Files\Java\jre6\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<BCMSMMSG><BCMSMMSG.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto> [(Verified)Microsoft Windows Component Publisher]
<2246595708><C:\Documents and Settings\Bob\Application Data\2246595708\2246595708.exe> []
<batanejer><Rundll32.exe "c:\windows\system32\rojibafe.dll",a> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<Malwarebytes' Anti-Malware><C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent> [(Verified)Malwarebytes Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><kunuteva.dll c:\windows\system32\zijojere.dll c:\windows\system32\rojibafe.dll,vajapaso.dll> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><C:\WINDOWS\system32\webcheck.dll> [(Verified)Microsoft Windows]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Component Publisher]
<zunifamod><c:\windows\system32\zijojere.dll> [File is missing]
<kujasobaw><c:\windows\system32\rojibafe.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{450a94c8-9d6d-4f38-bc52-1c1b9351919f}><c:\windows\system32\zijojere.dll> [File is missing]
<{47419d1b-5b0d-485f-a9a7-dbe04a1bc838}><c:\windows\system32\rojibafe.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<Internet Explorer Version Update><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{b5f15cbd-370a-4244-8f42-14cba2eb4e2c}]
<N/A><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\system32\ss3dfo.scr> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<3737730035><; C:\Documents and Settings\Bob\Application Data\3737730035\3737730035.exe> []
<8907978260><; C:\Documents and Settings\Bob\Application Data\8907978260\8907978260.exe> []
<batanejer><; Rundll32.exe "c:\windows\system32\zagubura.dll",a> []
<SoundMAXPnP><; C:\Program Files\Analog Devices\Core\smax4pnp.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]

==================================
Startup Folders
[HP Digital Imaging Monitor]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]><N>

==================================
Services
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[hpqcxs08 / hpqcxs08][Running/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k hpdevmgmt-->C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll><Hewlett-Packard Co.>
[HP CUE DeviceDiscovery Service / hpqddsvc][Running/Auto Start]
<C:\WINDOWS\system32\svchost.exe -k hpdevmgmt-->C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll><Hewlett-Packard Co.>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Java Quick Starter / JavaQuickStarterService][Running/Auto Start]
<"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"><Sun Microsystems, Inc.>
[Lavasoft Ad-Aware Service / Lavasoft Ad-Aware Service][Running/Auto Start]
<"C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe"><Lavasoft>
[LexBce Server / LexBceS][Running/Auto Start]
<C:\WINDOWS\system32\LEXBCES.EXE><Lexmark International, Inc.>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
Drivers
[BCM V.92 56K Modem / BCMModem][Running/Manual Start]
<system32\DRIVERS\BCMSM.sys><Broadcom Corporation>
[Intel® PRO Network Connection Driver / E100B][Running/Manual Start]
<system32\DRIVERS\e100b325.sys><Intel Corporation>
[Lbd / Lbd][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\Lbd.sys><Lavasoft AB>
[Logitech HID/USB Mouse Filter Driver / LHidFlt2][Running/Manual Start]
<system32\DRIVERS\LHidFlt2.Sys><Logitech, Inc.>
[Logitech USB Receiver device driver / LHidUsb][Running/Manual Start]
<System32\Drivers\LHidUsb.Sys><Logitech, Inc.>
[Logitech Mouse Class Filter Driver / LMouFlt2][Running/Manual Start]
<system32\DRIVERS\LMouFlt2.Sys><Logitech, Inc.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[OMCI / OMCI][Running/System Start]
<\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS><Dell Computer Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RIM Virtual Serial Port / RimSerPort][Stopped/Manual Start]
<system32\DRIVERS\RimSerial.sys><Research in Motion Ltd>
[BlackBerry Device / RimUsb][Stopped/Manual Start]
<System32\Drivers\RimUsb.sys><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[senfilt / senfilt][Running/Manual Start]
<system32\drivers\senfilt.sys><Creative Technology Ltd.>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[TVICHW32 / TVICHW32][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS><EnTech Taiwan>

==================================
Browser Add-ons
[]
{02478D38-C3F9-4efb-9B51-7695ECA05670} <, >
[HP Print Enhancer]
{0347C33E-8762-4905-BF09-768834316C61} <C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll, (Signed) Hewlett-Packard Co.>
[HP Print Clips]
{053F9267-DC04-4294-A72C-58F732D338C0} <C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll, (Signed) Hewlett-Packard Co.>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
{0ff9a677-542a-481d-a6d6-3fa32d8a806d} <, >
[Java™ Plug-In 2 SSV Helper]
{DBC80044-A445-435b-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, (Signed) Sun Microsystems, Inc.>
[JQSIEStartDetectorImpl Class]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[]
{53F6FCCD-9E22-4d71-86EA-6E43136192AB} <, >
[ClipBookBtn Class]
{58ECB495-38F0-49cb-A538-10282ABF65E7} <C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll, (Signed) Hewlett-Packard Co.>
[EnhSelectionBtn Class]
{700259D7-1666-479a-93B1-3250410481E8} <C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll, (Signed) Hewlett-Packard Co.>
[]
{925DAB62-F9AC-4221-806A-057BFB1014AA} <, >
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[QuickTime Plugin Control]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>
[StagingUI Object]
{05D44720-58E3-49E6-BDF6-D00330E511D3} <C:\WINDOWS\Downloaded Program Files\StagingUI.ocx, (Signed) Microsoft Corporation>
[Facebook Photo Uploader 5 Control]
{0CCA191D-13A6-4E29-B746-314DEE697D83} <C:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx, (Signed) The Facebook>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\Adobe\Director\SwDir.dll, (Signed) Adobe Systems, Inc.>
[]
{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} <, >
[Shockwave ActiveX Control]
{233C1507-6A77-46A4-9443-F871F945D258} <C:\WINDOWS\system32\Adobe\Director\swdir.dll, (Signed) Adobe Systems, Inc.>
[MSN Games – Buddy Invite]
{3BB54395-5982-4788-8AF4-B5388FFDD0D8} <C:\WINDOWS\Downloaded Program Files\ZBuddy.ocx, (Signed) Microsoft Corporation>
[MySpace Uploader Control]
{48DD0448-9209-4F81-9F6D-D83562940134} <C:\WINDOWS\Downloaded Program Files\MySpaceUploader.ocx, MySpace, Inc.>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, (Signed) Microsoft® Corporation>
[ZonePAChat Object]
{5736C456-EA94-4AAC-BB08-917ABDD035B3} <C:\WINDOWS\Downloaded Program Files\ZPAChat.ocx, (Signed) Microsoft Corporation>
[UnoCtrl Class]
{80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} <C:\WINDOWS\Downloaded Program Files\game_uno1.dll, (Signed) Microsoft>
[Facebook Photo Uploader 5 Control]
{8100D56A-5661-482C-BEE8-AFECE305D968} <C:\WINDOWS\Downloaded Program Files\PhotoUploader55.ocx, (Signed) The Facebook>
[Java Plug-in 1.6.0_16]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[MSN Games – Texas Holdem Poker]
{9BDF4724-10AA-43D5-BD15-AEA0D2287303} <C:\WINDOWS\Downloaded Program Files\zpa_txhe.ocx, Microsoft Corporation>
[MSN Games - Installer]
{B8BE5E93-A60C-4D26-A2DC-220313175592} <C:\WINDOWS\Downloaded Program Files\ZIntro.ocx, (Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_16]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_16]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_16.dll, (Signed) Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx, (Signed) Adobe Systems, Inc.>
[MSN Games – Game Communicator]
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} <C:\WINDOWS\Downloaded Program Files\StProxy.dll, (Signed) Microsoft Corporation>
[Driver Agent ActiveX Control]
{E8F628B5-259A-4734-97EE-BA914D7BE941} <C:\WINDOWS\Downloaded Program Files\driveragent.ocx, (Signed) Touchstone Software Corp>
[MSN Games – Backgammon]
{FF3C5A9F-5A99-4930-80E8-4709194C2AD3} <C:\WINDOWS\Downloaded Program Files\ZPA_Backgammon.ocx, (Signed) Microsoft Corporation>
[]
{00A6FAF1-072E-44CF-8957-5838F569A31D} <, >
[]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <, >
[QuickTime Plugin Control]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>
[HP Print Enhancer]
{0347C33E-8762-4905-BF09-768834316C61} <C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll, (Signed) Hewlett-Packard Co.>
[HP Print Clips]
{053F9267-DC04-4294-A72C-58F732D338C0} <C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll, (Signed) Hewlett-Packard Co.>
[StagingUI Object]
{05D44720-58E3-49E6-BDF6-D00330E511D3} <C:\WINDOWS\Downloaded Program Files\StagingUI.ocx, (Signed) Microsoft Corporation>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
{07B18EA1-A523-4961-B6BB-170DE4475CCA} <, >
[]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} <, >
[]
{07B18EAB-A523-4961-B6BB-170DE4475CCA} <, >
[]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[Windows Script Host Network Object]
{093FF999-1EA0-4079-9525-9614C3504B74} <C:\WINDOWS\system32\wshom.ocx, (Signed) Microsoft Corporation>
[Facebook Photo Uploader 5 Control]
{0CCA191D-13A6-4E29-B746-314DEE697D83} <C:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx, (Signed) The Facebook>
[]
{0FF9A677-542A-481D-A6D6-3FA32D8A806D} <, >
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\Adobe\Director\SwDir.dll, (Signed) Adobe Systems, Inc.>
[InformationCardSigninHelper Class]
{19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, (Signed) Microsoft Corporation>
[]
{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} <, >
[]
{201F27D4-3704-41D6-89C1-AA35E39143ED} <, >
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[]
{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} <, >
[]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <, >
[Shockwave ActiveX Control]
{233C1507-6A77-46A4-9443-F871F945D258} <C:\WINDOWS\system32\Adobe\Director\swdir.dll, (Signed) Adobe Systems, Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[]
{25560540-9571-4D7B-9389-0F166788785A} <, >
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XSL Template]
{2933BF94-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[]
{3041D03E-FD4B-44E0-B742-2D9B88305F98} <, >
[]
{3AA42713-5C1E-48E2-B432-D8BF420DD31D} <, >
[]
{3AD14F0C-ED16-4E43-B6D8-661B03F6A1EF} <, >
[MSN Games – Buddy Invite]
{3BB54395-5982-4788-8AF4-B5388FFDD0D8} <C:\WINDOWS\Downloaded Program Files\ZBuddy.ocx, (Signed) Microsoft Corporation>
[]
{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} <, >
[]
{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0} <, >
[]
{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} <, >
[QuickTime Plugin Control]
{4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[MySpace Uploader Control]
{48DD0448-9209-4F81-9F6D-D83562940134} <C:\WINDOWS\Downloaded Program Files\MySpaceUploader.ocx, MySpace, Inc.>
[]
{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} <, >
[Microsoft Terminal Services Client Control (redist)]
{4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
{4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, (Signed) Microsoft® Corporation>
[]
{53F6FCCD-9E22-4D71-86EA-6E43136192AB} <, >
[ZonePAChat Object]
{5736C456-EA94-4AAC-BB08-917ABDD035B3} <C:\WINDOWS\Downloaded Program Files\ZPAChat.ocx, (Signed) Microsoft Corporation>
[isInstalled Class]
{5852F5ED-8BF4-11D4-A245-0080C6F74284} <C:\Program Files\Java\jre6\bin\wsdetect.dll, Sun Microsystems, Inc.>
[]
{58ECB495-38F0-49CB-A538-10282ABF65E7} <, >
[]
{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} <, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[]
{700259D7-1666-479A-93B1-3250410481E8} <, >
[]
{7370F91F-6994-4595-9949-601FA2261C8D} <, >
[Microsoft Terminal Services Client Control (redist)]
{7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
{7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, >
[UnoCtrl Class]
{80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} <C:\WINDOWS\Downloaded Program Files\game_uno1.dll, (Signed) Microsoft>
[Facebook Photo Uploader 5 Control]
{8100D56A-5661-482C-BEE8-AFECE305D968} <C:\WINDOWS\Downloaded Program Files\PhotoUploader55.ocx, (Signed) The Facebook>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
{88D96A05-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 6.0]
{88D96A06-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XSL Template 6.0]
{88D96A08-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XML HTTP 6.0]
{88D96A0A-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_16]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[]
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[Microsoft Terminal Services Client Control (redist)]
{9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
{925DAB62-F9AC-4221-806A-057BFB1014AA} <, >
[MSN Games – Texas Holdem Poker]
{9BDF4724-10AA-43D5-BD15-AEA0D2287303} <C:\WINDOWS\Downloaded Program Files\zpa_txhe.ocx, Microsoft Corporation>
[]
{9C23D886-43CB-43DE-B2DB-112A68D7E10A} <, >
[]
{9FF05104-B030-46FC-94B8-81276E4E27DF} <, >
[]
{A4110378-789B-455F-AE86-3A1BFC402853} <, >
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation>
[]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <, >
[MSN Games - Installer]
{B8BE5E93-A60C-4D26-A2DC-220313175592} <C:\WINDOWS\Downloaded Program Files\ZIntro.ocx, (Signed) Microsoft Corporation>
[EPUImageControl Class]
{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} <C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll, (Signed) eBay, Inc.>
[Adobe PDF Reader]
{CA8A9780-280D-11CF-A24D-444553540000} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll, (Signed) Adobe Systems, Inc.>
[Deployment Toolkit]
{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} <C:\WINDOWS\system32\deploytk.dll, (Signed) Sun Microsystems, Inc.>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__MPEGURL Moniker Class]
{CD3AFA78-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[]
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} <, >
[Microsoft Url Search Hook]
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx, (Signed) Adobe Systems, Inc.>
[]
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8} <, >
[MSN Games – Game Communicator]
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} <C:\WINDOWS\Downloaded Program Files\StProxy.dll, (Signed) Microsoft Corporation>
[]
{DB348DE1-A97D-4171-AB0C-FF50EAE57FF4} <, >
[Java™ Plug-In 2 SSV Helper]
{DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, (Signed) Sun Microsystems, Inc.>
[]
{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} <, >
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[]
{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} <, >
[JQSIEStartDetectorImpl Class]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[Driver Agent ActiveX Control]
{E8F628B5-259A-4734-97EE-BA914D7BE941} <C:\WINDOWS\Downloaded Program Files\driveragent.ocx, (Signed) Touchstone Software Corp>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <, >
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 3.0]
{F5078F33-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XSL Template 3.0]
{F5078F36-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document]
{F6D90F12-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[]
{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} <, >
[MSN Games – Backgammon]
{FF3C5A9F-5A99-4930-80E8-4709194C2AD3} <C:\WINDOWS\Downloaded Program Files\ZPA_Backgammon.ocx, (Signed) Microsoft Corporation>

#9 chanman

chanman
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 06 October 2009 - 07:26 PM

Running Processes
[PID: 576 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 648 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 672 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[c:\windows\system32\zagubura.dll] [N/A, ]
[PID: 720 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[c:\windows\system32\zagubura.dll] [N/A, ]
[PID: 732 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[C:\WINDOWS\system32\wuyebohe.dll] [N/A, ]
[PID: 900 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[PID: 984 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[PID: 1080 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\System32\pijelodo.dll] [N/A, ]
[PID: 1136 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[PID: 1196 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[PID: 1560 / Bob][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[c:\windows\system32\zagubura.dll] [N/A, ]
[C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0]
[C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll] [Logitech Inc., 9.77.023]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll] [, 1.0.0.1]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
[C:\WINDOWS\system32\rojibafe.dll] [N/A, ]
[C:\WINDOWS\system32\rurajiye.dll] [N/A, ]
[C:\WINDOWS\system32\vajapaso.dll] [N/A, ]
[C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll] [Malwarebytes Corporation, 1, 2, 0, 0]
[PID: 1620 / SYSTEM][C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe] [Lavasoft, 8, 0, 0, 0]
[C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll] [N/A, ]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[C:\Program Files\Lavasoft\Ad-Aware\Resources.dll] [N/A, ]
[C:\Program Files\Lavasoft\Ad-Aware\lavalicense.dll] [Lavasoft, 7,1,0,12]
[C:\Program Files\Lavasoft\Ad-Aware\ceapi.dll] [Lavasoft, 8, 0, 0, 0]
[C:\Program Files\Lavasoft\Ad-Aware\unrar.dll] [N/A, ]
[C:\Program Files\Lavasoft\Ad-Aware\lavamessage.dll] [Lavasoft, 8.0]
[PID: 1688 / SYSTEM][C:\WINDOWS\system32\LEXBCES.EXE] [Lexmark International, Inc., 7.4]
[C:\WINDOWS\system32\lexp2p32.dll] [Lexmark International, Inc., 7.4]
[C:\WINDOWS\system32\lex2kusb.dll] [Lexmark International, Inc., 7.4]
[PID: 1768 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[C:\WINDOWS\system32\LEXLMPM.DLL] [Lexmark International, Inc., 7.4]
[C:\WINDOWS\system32\LexBce.dll] [Lexmark International, Inc., 7.4]
[C:\WINDOWS\system32\hpzll5ha.dll] [Hewlett-Packard Company, 61.071.246.00]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp5ha.dll] [Hewlett-Packard Corporation, 61.071.246.00]
[PID: 1776 / SYSTEM][C:\WINDOWS\system32\LEXPPS.EXE] [Lexmark International, Inc., 7.4]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[C:\WINDOWS\system32\LEXBCE.DLL] [Lexmark International, Inc., 7.4]
[PID: 2004 / Bob][C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] [Hewlett-Packard Co., 90.0.43.000]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0]
[PID: 2032 / Bob][C:\WINDOWS\Imgtask.exe] [N/A, ]
[c:\windows\system32\zagubura.dll] [N/A, ]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0]
[C:\WINDOWS\system32\rojibafe.dll] [N/A, ]
[C:\WINDOWS\system32\rurajiye.dll] [N/A, ]
[C:\WINDOWS\system32\vajapaso.dll] [N/A, ]
[PID: 2040 / Bob][C:\Program Files\Java\jre6\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.160.1]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[c:\windows\system32\zagubura.dll] [N/A, ]
[PID: 184 / Bob][C:\WINDOWS\BCMSMMSG.exe] [Broadcom Corporation, 3.5.25 08/27/2003 20:04:35]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0]
[PID: 268 / Bob][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[c:\windows\system32\zagubura.dll] [N/A, ]
[C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0]
[C:\WINDOWS\system32\vajapaso.dll] [N/A, ]
[C:\WINDOWS\system32\rurajiye.dll] [N/A, ]
[C:\WINDOWS\system32\rojibafe.dll] [N/A, ]
[PID: 408 / Bob][C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] [Hewlett-Packard Co., 90.0.146.000]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0]
[C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll] [Logitech Inc., 9.77.023]
[C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll] [Hewlett-Packard Co., 90.0.146.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc] [Hewlett-Packard Co., 90.0.146.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll] [Hewlett-Packard Co., 90.0.146.000]
[C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll] [Hewlett-Packard Co., 90.0.235.000]
[C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc] [Hewlett-Packard Co., 90.0.235.000]
[C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll] [Hewlett-Packard Co., 90.0.235.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll] [Hewlett-Packard Co., 90.0.235.000]
[C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll] [Hewlett-Packard Co., 90.0.235.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqddusr.dll] [Hewlett-Packard Co., 90.0.205.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll] [Hewlett-Packard Co., 90.0.205.000]
[PID: 596 / Bob][C:\Program Files\Logitech\MouseWare\system\em_exec.exe] [Logitech Inc., 9.77.023]
[C:\Program Files\Logitech\MouseWare\system\EVENTEX.dll] [Logitech Inc., 9.77.023]
[C:\WINDOWS\system32\COMNCTR.dll] [Logitech Inc., 9.77.023]
[C:\Program Files\Logitech\MouseWare\system\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[c:\windows\system32\zagubura.dll] [N/A, ]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[C:\Program Files\Logitech\MouseWare\system\ccresrce.dll] [Logitech Inc., 9.77.023]
[C:\Program Files\Logitech\MouseWare\system\GlbResLt.dll] [Logitech Inc., 9.77.023]
[C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0]
[C:\Program Files\Logitech\MouseWare\System\devices.dll] [Logitech Inc., 9.77.023]
[C:\Program Files\Logitech\MouseWare\system\ccstmglb.dll] [Logitech Inc., 9.77.023]
[C:\Program Files\Logitech\MouseWare\system\ccustom.dll] [Logitech Inc., 9.77.023]
[C:\Program Files\Logitech\MouseWare\system\ccmsghk.dll] [Logitech Inc., 9.77.023]
[C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll] [Logitech Inc., 9.77.023]
[PID: 1056 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[PID: 1192 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[c:\program files\hp\digital imaging\bin\hpqddsvc.dll] [Hewlett-Packard Co., 90.0.205.000]
[c:\program files\hp\digital imaging\bin\hpqddcmn.dll] [Hewlett-Packard Co., 90.0.205.000]
[c:\program files\hp\digital imaging\bin\hpqcxs08.dll] [Hewlett-Packard Co., 90.0.205.000]
[C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll] [Hewlett-Packard Co., 90.0.235.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll] [Hewlett-Packard Co., 90.0.235.000]
[PID: 1256 / SYSTEM][C:\Program Files\Java\jre6\bin\jqs.exe] [Sun Microsystems, Inc., 6.0.160.1]
[C:\Program Files\Java\jre6\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[c:\windows\system32\zagubura.dll] [N/A, ]
[PID: 1328 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.9744]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.10.9744]
[PID: 1476 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[PID: 2080 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[c:\windows\system32\zagubura.dll] [N/A, ]
[PID: 2388 / SYSTEM][C:\WINDOWS\system32\wbem\unsecapp.exe] [(Verified) Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[c:\windows\system32\zagubura.dll] [N/A, ]
[PID: 2796 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe] [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[c:\windows\system32\zagubura.dll] [N/A, ]
[PID: 2916 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\System32\pijelodo.dll] [N/A, ]
[c:\windows\system32\zagubura.dll] [N/A, ]
[PID: 3292 / Bob][C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe] [Hewlett-Packard Co., 90.0.146.000]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll] [Logitech Inc., 9.77.023]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[C:\Program Files\HP\Digital Imaging\bin\hpqwso08.dll] [Hewlett-Packard Co., 90.0.146.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll] [Hewlett-Packard Co., 90.0.146.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll] [Hewlett-Packard Co., 90.0.235.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqstv08.dll] [Hewlett-Packard Co., 90.0.146.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqstv08.rsc] [Hewlett-Packard Co., 90.0.146.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc] [Hewlett-Packard Co., 90.0.146.000]
[C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0]
[PID: 3516 / Bob][C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe] [Lavasoft, 8, 0, 0, 0]
[C:\Program Files\Lavasoft\Ad-Aware\Resources.dll] [N/A, ]
[C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll] [Logitech Inc., 9.77.023]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0]
[PID: 1088 / Bob][C:\WINDOWS\system32\cmd.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[PID: 1296 / NETWORK SERVICE][C:\WINDOWS\system32\wbem\wmiprvse.exe] [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[PID: 3260 / Bob][C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.dll] [Adobe Systems Incorporated, 8.1.2.2008011100]
[C:\Program Files\Adobe\Reader 8.0\Reader\AGM.dll] [Adobe Systems Incorporated, 4.16.90]
[C:\Program Files\Adobe\Reader 8.0\Reader\CoolType.dll] [Adobe Systems Incorporated, 5.03.74]
[C:\Program Files\Adobe\Reader 8.0\Reader\BIB.dll] [Adobe Systems Incorporated, 1.2.01]
[C:\Program Files\Adobe\Reader 8.0\Reader\ACE.dll] [Adobe Systems Incorporated, 2.10.68]
[C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll] [Logitech Inc., 9.77.023]
[C:\WINDOWS\system32\pijelodo.dll] [N/A, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Accessibility.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\AcroForm.api] [Adobe Systems Incorporated, 8.1.2.2008011100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Annots.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Checkers.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\DigSig.api] [Adobe Systems Incorporated, 8.1.2.2008011100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\DVA.api] [Adobe Systems Incorporated, 8.0.0.2006102300]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\eBook.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EScript.api] [Adobe Systems Incorporated, 8.1.2.2008011100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EWH32.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\HLS.api] [Adobe Systems Incorporated, 8.0.0.2006102300]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\IA32.api] [Adobe Systems Incorporated, 8.1.2.2008011100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\ImageViewer.API] [Adobe Systems Inc., 8.0.0.2006102300]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\MakeAccessible.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\PDDom.api] [Adobe Systems Incorporated, 8.0.0.2006102300]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\PPKLite.api] [Adobe Systems Incorporated, 8.1.0.0]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\reflow.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search5.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SendMail.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Spelling.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Updater.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\weblink.api] [Adobe Systems Incorporated, 8.1.1.2007101000]
[C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0]
[C:\Program Files\Adobe\Reader 8.0\Reader\AdobeLinguistic.dll] [Adobe Systems Incorporated, 3.0RC5]
[C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll] [N/A, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll] [N/A, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\AdobeUpdater.dll] [Adobe Systems Incorporated, 5, 1, 1, 1105]
[PID: 2228 / Bob][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)]
[C:\WINDOWS\system32\vajapaso.dll] [N/A, ]
[C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll] [Logitech Inc., 9.77.023]
[C:\WINDOWS\system32\rojibafe.dll] [N/A, ]
[C:\WINDOWS\system32\rurajiye.dll] [N/A, ]
[C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0]
[PID: 248 / Bob][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)]
[C:\WINDOWS\system32\vajapaso.dll] [N/A, ]
[C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll] [Logitech Inc., 9.77.023]
[C:\WINDOWS\system32\rurajiye.dll] [N/A, ]
[C:\WINDOWS\system32\rojibafe.dll] [N/A, ]
[C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0]
[C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll] [Hewlett-Packard Co., 2.15.7.0]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200]
[C:\Program Files\Java\jre6\bin\jp2ssv.dll] [Sun Microsystems, Inc., 6.0.160.1]
[C:\Program Files\Java\jre6\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll] [Sun Microsystems, Inc., 6.0.160.1]
[C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx] [Adobe Systems, Inc., 10,0,32,18]
[PID: 3616 / Bob][C:\Documents and Settings\Bob\Desktop\SREngLdr.EXE] [Smallfrogs Studio, 2.8.1.1279]
[c:\windows\system32\rojibafe.dll] [N/A, ]
[PID: 2964 / Bob][C:\Documents and Settings\Bob\Desktop\SRE859de203.EXE] [Smallfrogs Studio, 2.8.1.1279]
[C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll] [Logitech Inc., 9.77.023]
[C:\WINDOWS\system32\rojibafe.dll] [N/A, ]
[C:\WINDOWS\system32\rurajiye.dll] [N/A, ]
[C:\WINDOWS\system32\vajapaso.dll] [N/A, ]
[C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0]
[C:\Documents and Settings\Bob\Desktop\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2004, C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2032, C:\WINDOWS\IMGTASK.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 596, C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1328, C:\WINDOWS\SYSTEM32\NVSVC32.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3292, C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE]
Special Privileges Enabled: SeDebugPrivilege [PID = 3616, C:\DOCUMENTS AND SETTINGS\BOB\DESKTOP\SRENGLDR.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3616, C:\DOCUMENTS AND SETTINGS\BOB\DESKTOP\SRENGLDR.EXE]

==================================
Scheduled Tasks
[Enabled] Ad-Aware Update (Weekly).job
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe

==================================
Windows Security Update Check
N/A

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


[/CODE]

#10 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:06:24 PM

Posted 07 October 2009 - 05:05 PM

Now that you were successful in creating those logs you need to post them in our HJT forum:
First, try to run a DDS / HJT log as outlined in our preparation guide:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
Just post the Root Repeal and let them know you have a System Repair Engineer log

If it won't run, don't worry, just give a brief description and tell them that these logs were all you could get to run successfully

Post them here:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

The HJT team is extremely busy, so be patient and good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#11 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 33,395 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:24 PM

Posted 24 October 2009 - 12:30 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/262913/security-tool-trying-to-remove/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond. Therefore, I have removed your bumping post.

Please be patient. It may take a few more days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users